Cheval de troie C/WINDOWS/SYSTEME32/TEMP2EXE

amine -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
slt j'ai un virus de type cheval de troie C:/ WINDOWS/SYSTEME32/TEMP2EXE WIN 32:SMALL-ABY tlj
Configuration: Windows XP
Internet Explorer 6.0

15 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci sur ton bureau :

    Lien : hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
    1. amine
       
      j'ai ke la demonstration.par ailleurs je vous informe ke je sui en algerie
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    oups ! désolée, erreur de manip :

    voici le lien pour le télécharger :hijackthis

    Soit le bienvenu ;-)

    @+
    0
  3. drd
     
    merci, je viens de shooter 3 trojan et maintenant tout tourne nicquel.
    0
  4. rfb Messages postés 23 Statut Membre
     
    slt, moi aussi j arrive pas a virer ses trojan de mon pc ?si tu peut m aidre merci d avance
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    poste un hijack stp

    ++
    0
  7. rfb Messages postés 23 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:58:21, on 03/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [PeerFactor] "C:\Documents and Settings\farid\Bureau\PeerFactor[1].exe" 0
    O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\farid\LOCALS~1\Temp\E_S2D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.cognacqjayimage.com/en/homepage/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113983435781
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    salut

    Télécharge ceci: (by Moe) :

    http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

    Double clic sur Lopxpsetup.exe pour lancer l'installation
    Au menu, choisir l'option 1
    Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
    Une rapport sera alors crée, à copie/colle en entier sur le forum.

    ++
    0
  9. rfb Messages postés 23 Statut Membre
     
    Rapport Lopxp fait le 03/11/2007 à 23:28:30

    Exécuté dans : C:\Program Files\Lopxp

    ___________________________________________________________________________

    [Threads Internet Explorer]

    ___________________________________________________________________________

    [Tâches planifiées]

    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Fichier exécuté : C\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges
    Tâche crée le : 05/10/2007 à 00:07
    Dernière modification le : 03/11/2007 à 20:51

    C:\WINDOWS\tasks\Symantec NetDetect.job

    Fichier exécuté : C\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    Tâche crée le : 14/12/2006 à 22:47
    Dernière modification le : 03/11/2007 à 20:50

    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    Fichier exécuté : C\Program Files\Windows Live Toolbar\MSNTBUP.EXE

    ___________________________________________________________________________

    [Listing des dossiers Application Data]

    Cr = Date Création | Mo = Date Modification

    C:\Documents and Settings\Administrateur\Application Data

    Cr: 14/10/2007 00:05:19 | Mo: 19/04/2005 17:58:49 - - Identities
    Cr: 14/10/2007 00:05:19 | Mo: 14/10/2007 00:08:26 - - Microsoft
    Cr: 14/10/2007 00:05:18 | Mo: 20/04/2005 08:38:58 - - OFFICE One v6

    C:\Documents and Settings\Administrateur\Local Settings\Application Data

    Cr: 14/10/2007 00:05:18 | Mo: 14/10/2007 00:10:46 - - Microsoft

    C:\Documents and Settings\All Users\Application Data

    Cr: 03/12/2006 03:01:17 | Mo: 03/12/2006 03:21:57 - - ACD Systems
    Cr: 19/09/2007 23:43:18 | Mo: 19/09/2007 23:43:18 - - Adobe
    Cr: 20/04/2005 08:43:18 | Mo: 20/04/2005 08:43:18 - - CyberLink
    Cr: 30/09/2006 21:06:34 | Mo: 11/10/2006 21:43:28 - - GamesBar
    Cr: 02/12/2006 23:45:18 | Mo: 03/11/2007 09:43:01 - - Google
    Cr: 03/05/2007 22:21:36 | Mo: 03/11/2007 20:49:30 - - Kaspersky Lab
    Cr: 19/04/2005 19:44:56 | Mo: 05/10/2007 00:03:55 - - Microsoft
    Cr: 03/12/2006 03:04:48 | Mo: 03/12/2006 03:04:48 - - QuickTime
    Cr: 13/12/2006 11:32:26 | Mo: 21/04/2007 12:54:23 - - Symantec
    Cr: 10/05/2007 17:37:02 | Mo: 10/05/2007 17:37:22 - - TEMP
    Cr: 02/01/2007 22:56:10 | Mo: 02/01/2007 22:59:20 - - UDL
    Cr: 08/03/2006 17:15:06 | Mo: 08/03/2006 17:15:06 - - Viewpoint
    Cr: 16/03/2007 12:34:58 | Mo: 24/03/2007 10:36:59 - - WholeSecurity
    Cr: 04/08/2006 11:06:51 | Mo: 04/08/2006 11:06:51 - - Windows Genuine Advantage
    Cr: 15/10/2007 12:15:17 | Mo: 15/10/2007 12:15:17 - - Windows Live Toolbar
    Cr: 19/12/2006 13:42:24 | Mo: 19/12/2006 13:42:24 - - Yahoo!
    Cr: 11/12/2006 21:52:52 | Mo: 11/12/2006 21:54:14 - - Yahoo! Companion

    C:\Documents and Settings\farid\Application Data

    Cr: 07/09/2005 08:59:33 | Mo: 07/09/2005 08:59:33 - - Adobe
    Cr: 20/09/2007 00:02:10 | Mo: 20/09/2007 00:02:10 - - AdobeUM
    Cr: 06/05/2007 22:06:32 | Mo: 06/05/2007 23:13:23 - - Ahead
    Cr: 08/03/2006 17:15:08 | Mo: 08/03/2006 17:15:08 - - Aim
    Cr: 01/03/2007 22:26:37 | Mo: 01/03/2007 22:26:37 - - COWON
    Cr: 07/09/2005 09:02:13 | Mo: 07/09/2005 09:02:13 - - Creative
    Cr: 12/06/2005 22:31:44 | Mo: 12/06/2005 22:31:44 - - CyberLink
    Cr: 01/09/2005 19:04:23 | Mo: 01/09/2005 19:04:23 - - eConf
    Cr: 16/03/2007 12:40:20 | Mo: 16/03/2007 12:49:24 - - EoRezo
    Cr: 03/01/2007 02:48:26 | Mo: 03/01/2007 02:48:26 - - EPSON
    Cr: 21/10/2006 22:50:41 | Mo: 21/10/2006 22:50:41 - - funkitron
    Cr: 02/12/2006 23:46:25 | Mo: 30/12/2006 00:36:22 - - Google
    Cr: 17/08/2005 11:49:18 | Mo: 17/08/2005 11:49:18 - - Help
    Cr: 06/06/2005 22:22:56 | Mo: 19/04/2005 17:58:49 - - Identities
    Cr: 07/09/2005 08:59:32 | Mo: 07/09/2005 08:59:32 - - InterTrust
    Cr: 16/03/2007 12:40:59 | Mo: 16/03/2007 12:40:59 - - ItsLabel
    Cr: 26/08/2005 16:51:21 | Mo: 20/03/2006 22:34:34 - - Macromedia
    Cr: 06/06/2005 22:22:55 | Mo: 23/09/2007 17:22:37 - - Microsoft
    Cr: 05/01/2007 21:42:37 | Mo: 05/01/2007 21:42:41 - - Mozilla
    Cr: 06/06/2005 22:22:55 | Mo: 13/12/2006 13:21:07 - - OFFICE One v6
    Cr: 30/10/2006 12:14:43 | Mo: 30/10/2006 12:14:43 - - PF
    Cr: 23/07/2007 21:33:57 | Mo: 23/07/2007 21:33:57 - - Real
    Cr: 02/11/2007 15:52:05 | Mo: 02/11/2007 15:52:05 - - Simply Super Software
    Cr: 15/04/2006 21:59:55 | Mo: 15/04/2006 21:59:55 - - Steinberg
    Cr: 14/11/2006 17:42:40 | Mo: 14/11/2006 17:42:40 - - Sun
    Cr: 13/12/2006 11:32:35 | Mo: 13/04/2007 22:45:49 - - Symantec
    Cr: 04/10/2007 09:21:25 | Mo: 04/10/2007 10:03:04 - - VirusGarde
    Cr: 08/11/2005 15:44:08 | Mo: 02/12/2006 23:34:47 - - WholeSecurity
    Cr: 23/09/2005 20:16:44 | Mo: 23/09/2005 20:16:44 - - Yahoo!

    C:\Documents and Settings\farid\Local Settings\Application Data

    Cr: 20/09/2007 00:00:39 | Mo: 20/09/2007 00:00:59 - - Adobe
    Cr: 06/05/2007 22:27:35 | Mo: 06/05/2007 23:12:01 - - Ahead
    Cr: 14/04/2007 19:10:08 | Mo: 15/04/2007 10:11:38 - - ApplicationHistory
    Cr: 02/12/2006 23:46:25 | Mo: 30/12/2006 00:36:22 - - Google
    Cr: 17/08/2005 11:49:18 | Mo: 17/08/2005 11:49:18 - - Help
    Cr: 17/08/2005 12:14:39 | Mo: 28/08/2005 00:25:04 - - Identities
    Cr: 06/06/2005 22:22:55 | Mo: 24/10/2007 21:47:36 - - Microsoft
    Cr: 05/01/2007 21:42:41 | Mo: 05/01/2007 21:42:41 - - Mozilla
    Cr: 03/12/2006 03:15:15 | Mo: 03/12/2006 03:15:15 - - Showtime
    Cr: 10/06/2005 12:51:34 | Mo: 26/02/2007 19:36:56 - - WMTools Downloaded Files

    C:\Documents and Settings\issam\Application Data

    Cr: 22/12/2005 13:36:18 | Mo: 22/12/2005 13:36:18 - - Creative
    Cr: 30/08/2005 09:20:16 | Mo: 19/04/2005 17:58:49 - - Identities
    Cr: 30/08/2005 09:23:22 | Mo: 30/08/2005 09:23:22 - - Macromedia
    Cr: 30/08/2005 09:20:16 | Mo: 22/12/2005 13:36:19 - - Microsoft
    Cr: 30/08/2005 09:20:16 | Mo: 20/04/2005 08:38:58 - - OFFICE One v6
    Cr: 22/12/2005 13:36:23 | Mo: 22/12/2005 13:36:23 - - WholeSecurity

    C:\Documents and Settings\issam\Local Settings\Application Data

    Cr: 30/08/2005 09:20:16 | Mo: 21/04/2005 10:01:08 - - Microsoft

    C:\Documents and Settings\laetitia\Application Data

    Cr: 21/03/2006 16:42:46 | Mo: 21/03/2006 16:42:46 - - Creative
    Cr: 20/01/2007 00:47:32 | Mo: 20/01/2007 00:47:32 - - Google
    Cr: 21/03/2006 16:49:27 | Mo: 21/03/2006 16:49:27 - - Help
    Cr: 21/03/2006 16:42:10 | Mo: 19/04/2005 17:58:49 - - Identities
    Cr: 21/03/2006 16:42:10 | Mo: 19/01/2007 22:27:13 - - Microsoft
    Cr: 20/01/2007 00:45:18 | Mo: 20/01/2007 00:45:18 - - Mozilla
    Cr: 21/03/2006 16:42:09 | Mo: 20/04/2005 08:38:58 - - OFFICE One v6
    Cr: 21/03/2006 16:42:47 | Mo: 21/03/2006 16:42:47 - - WholeSecurity

    C:\Documents and Settings\laetitia\Local Settings\Application Data

    Cr: 23/10/2007 16:43:31 | Mo: 23/10/2007 16:43:31 - - Ahead
    Cr: 20/01/2007 00:47:32 | Mo: 20/01/2007 00:50:51 - - Google
    Cr: 21/03/2006 16:49:27 | Mo: 21/03/2006 16:49:27 - - Help
    Cr: 19/01/2007 22:27:13 | Mo: 19/01/2007 22:27:13 - - Identities
    Cr: 21/03/2006 16:42:09 | Mo: 19/01/2007 22:26:01 - - Microsoft
    Cr: 20/01/2007 00:45:18 | Mo: 20/01/2007 00:45:18 - - Mozilla

    ___________________________________________________________________________

    [Listing du dossier Program Files]

    C:\Program Files

    Cr: 02/01/2007 22:55:21 | Mo: 09/05/2007 21:25:41 - - ABBYY FineReader 6.0 Sprint
    Cr: 07/09/2005 08:59:32 | Mo: 19/09/2007 23:33:12 - - Adobe
    Cr: 16/07/2006 15:00:15 | Mo: 16/07/2006 15:00:15 - - Alwil Software
    Cr: 16/03/2007 23:40:24 | Mo: 16/03/2007 23:40:24 - - Anuman Interactive
    Cr: 20/04/2005 08:25:29 | Mo: 20/04/2005 08:25:54 - - ATI Technologies
    Cr: 20/03/2006 21:19:45 | Mo: 16/07/2006 14:45:11 - - AxBx
    Cr: 16/04/2006 18:24:15 | Mo: 03/05/2007 22:25:22 - - BitComet
    Cr: 20/04/2005 09:39:11 | Mo: 25/04/2005 09:09:08 - - BurnInTest
    Cr: 06/05/2007 23:31:01 | Mo: 06/05/2007 23:31:51 - - CCleaner
    Cr: 04/07/2005 20:09:21 | Mo: 04/07/2005 20:09:31 - - Cocktails
    Cr: 11/12/2006 21:52:58 | Mo: 11/12/2006 21:52:58 - - Common Files
    Cr: 19/04/2005 17:52:36 | Mo: 19/04/2005 17:52:36 - - ComPlus Applications
    Cr: 07/09/2005 08:57:15 | Mo: 07/09/2005 09:00:21 - - Creative
    Cr: 20/04/2005 08:43:12 | Mo: 20/04/2005 08:43:16 - - CyberLink
    Cr: 02/09/2006 23:02:15 | Mo: 05/09/2006 07:53:45 - - EasyBurning
    Cr: 08/11/2005 15:44:00 | Mo: 08/11/2005 15:44:00 - - eBay
    Cr: 16/03/2007 12:40:19 | Mo: 16/03/2007 12:49:25 - - eoRezo
    Cr: 02/01/2007 22:47:56 | Mo: 02/01/2007 23:14:33 - - epson
    Cr: 19/05/2007 10:00:43 | Mo: 02/11/2007 00:59:16 - - EuroPoker
    Cr: 19/04/2005 19:47:17 | Mo: 04/10/2007 09:21:13 - - Fichiers communs
    Cr: 18/09/2007 21:21:18 | Mo: 18/09/2007 21:21:18 - - Free
    Cr: 20/04/2005 09:18:06 | Mo: 20/04/2005 09:18:06 - - Generic
    Cr: 02/12/2006 23:44:51 | Mo: 03/11/2007 09:43:04 - - Google
    Cr: 04/07/2005 18:19:06 | Mo: 04/07/2005 18:19:08 - - greenstreet
    Cr: 20/04/2005 09:33:41 | Mo: 20/04/2005 09:33:41 - - HighMAT CD Writing Wizard
    Cr: 27/09/2006 20:40:53 | Mo: 27/09/2006 20:40:53 - - ICom Plugins
    Cr: 20/04/2005 08:08:33 | Mo: 20/09/2007 15:20:03 - - InstallShield Installation Information
    Cr: 20/04/2005 08:09:11 | Mo: 20/04/2005 08:09:11 - - Intel
    Cr: 19/04/2005 17:52:49 | Mo: 10/10/2007 08:42:30 - - Internet Explorer
    Cr: 23/01/2007 15:52:10 | Mo: 23/01/2007 15:52:10 - - Inventel
    Cr: 17/08/2005 11:48:14 | Mo: 03/11/2007 09:42:17 - - Java
    Cr: 01/03/2007 22:25:58 | Mo: 23/07/2007 21:33:44 - - JetAudio
    Cr: 03/05/2007 22:21:36 | Mo: 03/05/2007 22:21:36 - - Kaspersky Lab
    Cr: 06/05/2007 21:03:19 | Mo: 06/05/2007 21:03:19 - - Lavalys
    Cr: 01/09/2005 19:03:24 | Mo: 01/09/2005 19:20:52 - - Livecom
    Cr: 03/11/2007 23:24:21 | Mo: 03/11/2007 23:28:41 - - Lopxp
    Cr: 19/04/2005 17:51:58 | Mo: 20/04/2005 09:27:03 - - Messenger
    Cr: 19/04/2005 17:55:32 | Mo: 19/04/2005 17:55:32 - - microsoft frontpage
    Cr: 26/12/2006 10:58:18 | Mo: 26/12/2006 10:58:29 - - Microsoft Office
    Cr: 06/07/2005 19:37:53 | Mo: 06/07/2005 19:38:16 - - Mindscape
    Cr: 17/09/2005 20:28:19 | Mo: 17/09/2005 20:28:19 - - Montorgueil
    Cr: 19/04/2005 17:53:08 | Mo: 19/04/2005 17:53:11 - - Movie Maker
    Cr: 05/01/2007 21:42:29 | Mo: 14/04/2007 22:00:36 - - Mozilla Firefox
    Cr: 19/04/2005 17:51:25 | Mo: 10/06/2005 11:49:28 - - MSN
    Cr: 19/04/2005 17:51:55 | Mo: 19/04/2005 17:51:55 - - MSN Gaming Zone
    Cr: 26/08/2005 20:10:22 | Mo: 10/10/2007 11:01:25 - - MSN Messenger
    Cr: 06/05/2007 21:51:05 | Mo: 06/05/2007 21:51:05 - - Nero
    Cr: 19/04/2005 17:52:58 | Mo: 19/04/2005 17:53:23 - - NetMeeting
    Cr: 20/04/2005 08:32:19 | Mo: 20/04/2005 08:34:32 - - OFFICE One6.5
    Cr: 19/04/2005 17:52:03 | Mo: 19/04/2005 17:52:03 - - Online Services
    Cr: 19/04/2005 17:52:55 | Mo: 13/06/2007 22:55:52 - - Outlook Express
    Cr: 13/12/2006 22:50:41 | Mo: 12/04/2007 21:18:06 - - PerformanceTest
    Cr: 15/02/2007 13:04:43 | Mo: 26/02/2007 15:00:07 - - SDLL
    Cr: 19/04/2005 17:54:04 | Mo: 03/10/2007 09:46:30 - - Services en ligne
    Cr: 14/12/2006 22:39:52 | Mo: 05/05/2007 22:52:24 - - Symantec
    Cr: 13/10/2007 23:22:52 | Mo: 13/10/2007 23:22:52 - - Trend Micro
    Cr: 19/04/2005 17:58:48 | Mo: 19/04/2005 17:58:48 - - Uninstall Information
    Cr: 08/03/2006 17:15:06 | Mo: 08/03/2006 17:15:06 - - Viewpoint
    Cr: 20/04/2005 09:06:34 | Mo: 20/04/2005 09:06:34 - - WinBBT
    Cr: 05/10/2007 00:03:54 | Mo: 05/10/2007 00:03:57 - - Windows Defender
    Cr: 20/04/2005 09:33:37 | Mo: 20/04/2005 09:33:37 - - Windows Journal Viewer
    Cr: 15/10/2007 12:16:30 | Mo: 15/10/2007 12:16:30 - - Windows Live Favorites
    Cr: 15/10/2007 12:14:54 | Mo: 15/10/2007 12:16:38 - - Windows Live Toolbar
    Cr: 24/12/2006 15:17:56 | Mo: 02/03/2007 13:21:39 - - Windows Media Connect 2
    Cr: 19/04/2005 17:52:03 | Mo: 24/12/2006 15:17:55 - - Windows Media Player
    Cr: 19/04/2005 17:51:23 | Mo: 19/04/2005 17:51:47 - - Windows NT
    Cr: 19/04/2005 17:54:07 | Mo: 19/04/2005 17:54:07 - - WindowsUpdate
    Cr: 16/03/2007 23:34:03 | Mo: 25/06/2007 12:55:01 - - WinRAR
    Cr: 19/04/2005 17:55:32 | Mo: 19/04/2005 17:55:32 - - xerox
    Cr: 07/09/2005 10:38:35 | Mo: 11/12/2006 21:52:57 - - Yahoo!
    Cr: 17/08/2005 11:48:38 | Mo: 17/08/2005 11:48:38 - - ZTE Corporation

    ___________________________________________________________________________

    [Recherche programmes connus, liés à CiD]

    ___________________________________________________________________________

    [Clés registre de démarrage]

    ___________________________________________________________________________

    [Popups autorisés]

    [-] Internet Explorer :

    www.tv-radio.com

    [-] Mozilla Firefox

    [-] Suite Mozilla / SeaMonkey

    ___________________________________________________________________________

    [Suggestion nettoyage registre]

    - Aucune suggestion.

    - Fin du rapport -
    0
  10. rfb Messages postés 23 Statut Membre
     
    merci,pour ton aide a++
    0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    ++
    0
  12. rfb Messages postés 23 Statut Membre
     
    he j ai SDFIX,après guide moi pour allez sur le bureau...ect...merci
    0
  13. rfb Messages postés 23 Statut Membre
     
    ok j y suis arrivé sur le bureau...mais pour redemarer sans echec je me rappel + ...
    0
  14. rfb Messages postés 23 Statut Membre
     
    enfin ...
    SDFix: Version 1.113

    Run by farid on 04/11/2007 at 01:09

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\farid\Bureau\sdfix\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-04 01:25:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Overnet\\overnet.exe"="C:\\Program Files\\Overnet\\overnet.exe:*:Enabled:Overnet Application"
    "C:\\Program Files\\Livecom\\Application\\eConfv4\\ftplayer.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\ftplayer.exe:*:Enabled:eConf player"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
    "C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe"="C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe:*:Enabled:Orange Link"
    "C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe"="C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe:*:Enabled:Orange Link Player"
    "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
    "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
    "C:\\Documents and Settings\\farid\\Local Settings\\Temporary Internet Files\\Content.IE5\\SHY7K123\\PeerFactor[1].exe"="C:\\Documents and Settings\\farid\\Local Settings\\Temporary Internet Files\\Content.IE5\\SHY7K123\\PeerFactor[1].exe:*:Enabled:PeerFactor Provider"
    "C:\\Program Files\\NeoNapster 4.0\\NeoNapster.exe"="C:\\Program Files\\NeoNapster 4.0\\NeoNapster.exe:*:Enabled:TODO: <File description>"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
    "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Sun 19 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 22 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
    Fri 19 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
    Fri 19 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
    Tue 20 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
    Tue 23 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
    Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
    Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
    Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
    Mon 2 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
    Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
    Sun 24 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

    Finished!
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    fais ce qui est indiqué ici stp :

    http://www.commentcamarche.net/faq/sujet 3174 virus m thode pr liminaire de d sinfection version fr

    ++
    0