Win32:Trojan-gen. {UPX!}
Résolu
trekker
Messages postés
11
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
bonlours toulemonde voila j'ai le meme soucis j'ai lancé hijackthis et voici le log pouvez vous l'analyser et me dire que faire svp merci .
Logfile of HijackThis v1.99.1
Scan saved at 13:42:35, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\steam\steam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX00.063\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX38.109\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
Logfile of HijackThis v1.99.1
Scan saved at 13:42:35, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\steam\steam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX00.063\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX38.109\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
A voir également:
- Win32:Trojan-gen. {UPX!}
- Trojan win32 - Forum Virus
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Puadimanager win32/offercore ✓ - Forum Virus
- PUADlManager:Win32/OfferCore ✓ - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
43 réponses
voici le rapport navilog :
Clean Navipromo version 2.0.9 commencé le 26/08/2007 à 23:48:21,07
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** Creation backups fichiers trouvés par Blacklight ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
*** Suppression des fichiers trouvés avec Blacklight ***
c:\WINDOWS\system32\kriybnbg.dat supprimé !
C:\windows\system32\kriybnbg.exe supprimé !
c:\WINDOWS\system32\kriybnbg_nav.dat supprimé !
c:\WINDOWS\system32\kriybnbg_navps.dat supprimé !
** 2ème passage **
C:\WINDOWS\system32\kriybnbg.exe absent !
C:\WINDOWS\system32\kriybnbg.dat absent !
C:\WINDOWS\system32\kriybnbg_nav.dat absent !
C:\WINDOWS\system32\kriybnbg_navps.dat absent !
C:\WINDOWS\system32\kriybnbg_navup.dat absent !
C:\WINDOWS\system32\kriybnbg_navtmp.dat absent !
C:\WINDOWS\system32\kriybnbg_m2s.xml absent !
Clean Navipromo version 2.0.9 commencé le 26/08/2007 à 23:48:21,07
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** Creation backups fichiers trouvés par Blacklight ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
*** Suppression des fichiers trouvés avec Blacklight ***
c:\WINDOWS\system32\kriybnbg.dat supprimé !
C:\windows\system32\kriybnbg.exe supprimé !
c:\WINDOWS\system32\kriybnbg_nav.dat supprimé !
c:\WINDOWS\system32\kriybnbg_navps.dat supprimé !
** 2ème passage **
C:\WINDOWS\system32\kriybnbg.exe absent !
C:\WINDOWS\system32\kriybnbg.dat absent !
C:\WINDOWS\system32\kriybnbg_nav.dat absent !
C:\WINDOWS\system32\kriybnbg_navps.dat absent !
C:\WINDOWS\system32\kriybnbg_navup.dat absent !
C:\WINDOWS\system32\kriybnbg_navtmp.dat absent !
C:\WINDOWS\system32\kriybnbg_m2s.xml absent !
log de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:53:38, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe
C:\WINDOWS\system32\verclsid.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Logfile of HijackThis v1.99.1
Scan saved at 23:53:38, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe
C:\WINDOWS\system32\verclsid.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
a oui dsl ______:
Clean Navipromo version 2.0.9 commencé le 26/08/2007 à 23:48:21,07
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** Creation backups fichiers trouvés par Blacklight ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
*** Suppression des fichiers trouvés avec Blacklight ***
c:\WINDOWS\system32\kriybnbg.dat supprimé !
C:\windows\system32\kriybnbg.exe supprimé !
c:\WINDOWS\system32\kriybnbg_nav.dat supprimé !
c:\WINDOWS\system32\kriybnbg_navps.dat supprimé !
** 2ème passage **
C:\WINDOWS\system32\kriybnbg.exe absent !
C:\WINDOWS\system32\kriybnbg.dat absent !
C:\WINDOWS\system32\kriybnbg_nav.dat absent !
C:\WINDOWS\system32\kriybnbg_navps.dat absent !
C:\WINDOWS\system32\kriybnbg_navup.dat absent !
C:\WINDOWS\system32\kriybnbg_navtmp.dat absent !
C:\WINDOWS\system32\kriybnbg_m2s.xml absent !
C:\WINDOWS\prefetch\kriybnbg*.pf trouvé !
Copie C:\WINDOWS\prefetch\kriybnbg*.pf réalise avec succes !
C:\WINDOWS\prefetch\kriybnbg*.pf supprimé !
*** Recherche avec GenericNaviSearch ***
!!! Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
Fichiers trouvés supprimés avec backups :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Trekker\Application Data ***
...\Application Data\MessengerSkinner ...suppression...
...\Application Data\MessengerSkinner supprimé !
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Trekker\Local Settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Certificats :
Certificat Egroup supprimé !
*** Sauvegarde du registre vers dossier Backupnavi ***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Nettoyage termine le 26/08/2007 à 23:50:18,89 ***
Clean Navipromo version 2.0.9 commencé le 26/08/2007 à 23:48:21,07
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** Creation backups fichiers trouvés par Blacklight ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
*** Suppression des fichiers trouvés avec Blacklight ***
c:\WINDOWS\system32\kriybnbg.dat supprimé !
C:\windows\system32\kriybnbg.exe supprimé !
c:\WINDOWS\system32\kriybnbg_nav.dat supprimé !
c:\WINDOWS\system32\kriybnbg_navps.dat supprimé !
** 2ème passage **
C:\WINDOWS\system32\kriybnbg.exe absent !
C:\WINDOWS\system32\kriybnbg.dat absent !
C:\WINDOWS\system32\kriybnbg_nav.dat absent !
C:\WINDOWS\system32\kriybnbg_navps.dat absent !
C:\WINDOWS\system32\kriybnbg_navup.dat absent !
C:\WINDOWS\system32\kriybnbg_navtmp.dat absent !
C:\WINDOWS\system32\kriybnbg_m2s.xml absent !
C:\WINDOWS\prefetch\kriybnbg*.pf trouvé !
Copie C:\WINDOWS\prefetch\kriybnbg*.pf réalise avec succes !
C:\WINDOWS\prefetch\kriybnbg*.pf supprimé !
*** Recherche avec GenericNaviSearch ***
!!! Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
Fichiers trouvés supprimés avec backups :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Trekker\Application Data ***
...\Application Data\MessengerSkinner ...suppression...
...\Application Data\MessengerSkinner supprimé !
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Trekker\Local Settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Certificats :
Certificat Egroup supprimé !
*** Sauvegarde du registre vers dossier Backupnavi ***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Nettoyage termine le 26/08/2007 à 23:50:18,89 ***
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ben la je vais redémarer lordi verifier si le probleme est resolut je lance un dernier scan voir si ya encore des vilaines choses et jte tien au courant si le probleme est resolut ; )merci
oui lol mais amon avis ya pas que lui de probleme parse que j'ai redemaré internet explorer et une autre page c'est ouverte comme celle de spyware secure mais celle la son nom c'est nuitsexy.fr.. : (
je doit avoir plusieurs infections comme celles la ..
je doit avoir plusieurs infections comme celles la ..
bein oui visiblement
reposte un rapport hijackthis déjà stp
ensuite j'ai pas vérifié, on avait fait un scan antivirus en ligne ?
reposte un rapport hijackthis déjà stp
ensuite j'ai pas vérifié, on avait fait un scan antivirus en ligne ?
ben pour le scan en ligne avec bit defender sa ma rien donné c'est bizar mais bon ,voici le log hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 00:23:09, on 27/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX01.953\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Logfile of HijackThis v1.99.1
Scan saved at 00:23:09, on 27/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\DOCUME~1\Trekker\LOCALS~1\Temp\Rar$EX01.953\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
j'ai lancé un scan avec avast pour l'instent ..parce que sa met du temps .dès que j'ai le rapport je lenvoi si sa peut nous aider ..
oui je l'ai fait le scan avec avg : sans succès.lancien rapport de scan de avast est déja posté sur le forum un peut plus haut !
voila :
11/08/2007 19:03:18 Trekker 1084 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
17/08/2007 04:09:56 SYSTEM 1772 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
17/08/2007 04:11:07 SYSTEM 1772 An error has occured while attempting to update. Please check the logs.
24/08/2007 03:34:18 SYSTEM 1780 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
24/08/2007 03:34:23 SYSTEM 1780 An error has occured while attempting to update. Please check the logs.
25/08/2007 16:00:00 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP87\A0054094.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:17:18 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP93\A0060648.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:17:56 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP95\A0062190.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:18:21 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP95\A0063015.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:19:51 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP96\A0064345.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:20:16 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP96\A0065167.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:21:45 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP97\A0066487.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:22:13 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP97\A0067309.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 17:48:34 Trekker 3488 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\dev-ut4k.rar\Keygen.exe" file.
25/08/2007 17:55:22 Trekker 3488 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 04:24:53 Trekker 1752 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\DOCUME~1\Trekker\LOCALS~1\Temp\nsn7E.tmp\rle.dll" file.
26/08/2007 04:29:07 Trekker 3040 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\Documents and Settings\Trekker\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucjk7fgx.default\Cache\A79B5716d01\$INSTDIR\$PLUGINSDIR\rle.dll" file.
26/08/2007 04:34:36 Trekker 1752 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
26/08/2007 04:34:40 Trekker 1752 An error has occured while attempting to update. Please check the logs.
26/08/2007 05:27:37 Trekker 3040 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP102\A0074966.exe\$INSTDIR\$PLUGINSDIR\rle.dll" file.
26/08/2007 05:27:38 Trekker 3040 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP102\A0074967.exe\$INSTDIR\$PLUGINSDIR\rle.dll" file.
26/08/2007 07:40:26 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 09:10:25 Trekker 1752 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
26/08/2007 09:10:36 Trekker 1752 An error has occured while attempting to update. Please check the logs.
26/08/2007 12:17:02 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 12:40:30 Trekker 1752 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Mes Documents\Effect\KEYGEN.EXE" file.
26/08/2007 12:40:56 Trekker 1752 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\RECYCLER\S-1-5-21-1078081533-688789844-725345543-1003\Dd1.EXE" file.
26/08/2007 14:23:00 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 14:23:22 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 17:24:54 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 17:39:15 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 19:24:05 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
11/08/2007 19:03:18 Trekker 1084 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
17/08/2007 04:09:56 SYSTEM 1772 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
17/08/2007 04:11:07 SYSTEM 1772 An error has occured while attempting to update. Please check the logs.
24/08/2007 03:34:18 SYSTEM 1780 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
24/08/2007 03:34:23 SYSTEM 1780 An error has occured while attempting to update. Please check the logs.
25/08/2007 16:00:00 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP87\A0054094.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:17:18 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP93\A0060648.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:17:56 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP95\A0062190.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:18:21 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP95\A0063015.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:19:51 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP96\A0064345.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:20:16 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP96\A0065167.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:21:45 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP97\A0066487.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 16:22:13 Trekker 3488 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP97\A0067309.exe\$PLUGINSDIR\NSUtils.dll" file.
25/08/2007 17:48:34 Trekker 3488 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\dev-ut4k.rar\Keygen.exe" file.
25/08/2007 17:55:22 Trekker 3488 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 04:24:53 Trekker 1752 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\DOCUME~1\Trekker\LOCALS~1\Temp\nsn7E.tmp\rle.dll" file.
26/08/2007 04:29:07 Trekker 3040 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\Documents and Settings\Trekker\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucjk7fgx.default\Cache\A79B5716d01\$INSTDIR\$PLUGINSDIR\rle.dll" file.
26/08/2007 04:34:36 Trekker 1752 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
26/08/2007 04:34:40 Trekker 1752 An error has occured while attempting to update. Please check the logs.
26/08/2007 05:27:37 Trekker 3040 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP102\A0074966.exe\$INSTDIR\$PLUGINSDIR\rle.dll" file.
26/08/2007 05:27:38 Trekker 3040 Sign of "Win32:Zlob-ZZ [Trj]" has been found in "C:\System Volume Information\_restore{4C12E00C-D143-453B-9ED8-BFEA28898BEE}\RP102\A0074967.exe\$INSTDIR\$PLUGINSDIR\rle.dll" file.
26/08/2007 07:40:26 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 09:10:25 Trekker 1752 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
26/08/2007 09:10:36 Trekker 1752 An error has occured while attempting to update. Please check the logs.
26/08/2007 12:17:02 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 12:40:30 Trekker 1752 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Mes Documents\Effect\KEYGEN.EXE" file.
26/08/2007 12:40:56 Trekker 1752 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\RECYCLER\S-1-5-21-1078081533-688789844-725345543-1003\Dd1.EXE" file.
26/08/2007 14:23:00 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 14:23:22 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 17:24:54 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 17:39:15 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
26/08/2007 19:24:05 Trekker 3040 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "D:\Images des jeux\UNREAL.TOURNAMENT.2004.KEYGEN-DEViANCE\UNREAL.TOURNAMENT.2004.DVD-DEViANCE-ENG.iso\DEVIANCE\KEYGEN\KEYGEN.EXE" file.
oui c'est vrai sorry :)
et tu as tjs ces pubs qui apparaissent ?
c'est nouveau tu ne les avais pas avant ?
et tu as tjs ces pubs qui apparaissent ?
c'est nouveau tu ne les avais pas avant ?
pour l'instent non mais toutaleur quand j'ai redemaré internet explorer la page que j'ai cité : nuitsexy.fr c'est ouverte .je me souvien que c'est pas la premierre fois quelle s'est ouverte .depuis un bon momen déja .
en recherchant sur google, c'est visiblement un site de lingerie sexy. Pas forcément un signe d'infection. Avec IE les pop ups sont légions.
pourquoi n'utilises tu pas un autre navigateur ?
pourquoi n'utilises tu pas un autre navigateur ?
heuuuuu réctification les pages qui s'ouvrent comme nuitsexy.fr s'ouvre lorsque je démare firefox et pas IE .jutilise firefox
FIREFOX c'est parfait.
je pense sincèrement que ton pc est clean maintenant. On a fait tous les scans.
je pense sincèrement que ton pc est clean maintenant. On a fait tous les scans.
