Virus MSN pict-xxx.jpeg.zip

Symun -
Utilisateur anonyme - 24 déc. 2007 à 10:03

Bonjour,

j'ai un grave problème: ma soeur a acceptée et exécuté le foutu virus qui se propage par msn: pict-XXXX(insérer les nombres).jpeg.zip.
En lisant un peu sur le forum, j'ai exécuté MSNFIX (rien trouvé), bitdefender et ad-aware. Malheureusement, je suis toujours au prise avec le virus qui ne cesse d'embéter tout le monde. J'ai fait un scan HijackThis et voici le log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:09, on 2007-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ky.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ky] C:\WINDOWS\system32\ky.exe
O4 - HKLM\..\RunServices: [ky] C:\WINDOWS\system32\ky.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFFCC577-06AE-41C5-BB3E-98AEA028D5FB}: NameServer = 207.164.234.129 207.164.234.193
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Print Spooler Service (i1f1ty6i) - Unknown owner - C:\WINDOWS\system32\ky.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.apocalyptica.com/images/stuff/desktopgrafics/cult_1280.jpg

Afficher la suite

A voir également:

Virus MSN pict-xxx.jpeg.zip
Virus mcafee - Accueil - Piratage
Telecharger msn - Télécharger - Messagerie
Msn explorer - Télécharger - Divers Web & Internet
Virus facebook demande d'amis - Accueil - Facebook
Undisclosed-recipients virus - Guide

24 réponses

1
2

Suivant

Réponse 1 / 24

Utilisateur anonyme

bonjour peu tu poster un nouvel hijackthis stp

Réponse 2 / 24

Utilisateur anonyme

bonjour comptent que se sois resolus
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFFCC577-06AE-41C5-BB3E-98AEA028D5FB}: NameServer = 207.164.234.129 207.164.234.193

relance hijackthis do a scan systeme only puis coche la case devant ces lignes et clic sur fix chequed

mes amities et joyeuses fetes !!

ps : pense a mettre en resolus

Réponse 3 / 24

Utilisateur anonyme

c'est pas grave meilleurs voeux!!

Réponse 4 / 24

Utilisateur anonyme

bonsoir met a jours java :demarer/ panneau de config/ajout supression / cherche java fait un clic dessus puis tu clic sur le lien pour informations tu clic sur la mise a jour ! je reviens t'apporter la suite !

jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175

pour suivre....

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 24

Utilisateur anonyme

une fois java a jours fait ceci ( refait ceci!)

Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau: (merci g!rly)
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
copie et colle le rapport ici

Réponse 6 / 24

Symun

MSNFix 1.605

C:\Documents and Settings\Famille Lambert\Bureau\MSNFix
Fix exécuté le 2007-12-14 - 19:00:02,60 By Famille Lambert
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Fichiers suspects

Aucun Fichier trouvé

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Réponse 7 / 24

Symun

Il semble n'avoir rien trouvé...que faire maintenant?

Encore une fois, merci d'avance

Symun

Réponse 8 / 24

Utilisateur anonyme

bonjour execute sdfix ci joint le lien pour le telecharger et le guide d'utilisation

http://mickael.barroux.free.fr/securite/sdfix.php

copie et colle le rapport dans ta prochaine reponse !

Réponse 9 / 24

Symun

Voici le rapport sdfix. Merci pour tout, j'apprécie énormément

SDFix: Version 1.118

Run by Administrateur on 2007-12-15 at 13:55

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
i1f1ty6i

Path:
C:\WINDOWS\system32\ky.exe /service

i1f1ty6i - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\KFOSR.EXE - Deleted
C:\WINDOWS\SYSTEM32\KY.EXE - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 14:05:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\alongcomessymun@hotmail.com\SharingMetadata\eliane.lambert@hotmail.com\DFSR\Staging\CS{4A92D72B-D1A2-596B-2DE0-08C51FA4EB75}\01\12-{4A92D72B-D1A2-596B-2DE0-08C51FA4EB75}-v1-{14BB5ED1-7E6A-4418-B84E-AA4A41A5140F}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\frankgirard_sk1@hotmail.com\DFSR\Staging\CS{67ECEB5D-0A16-7F23-5731-7210A84B4B15}\01\16-{67ECEB5D-0A16-7F23-5731-7210A84B4B15}-v1-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\marie_jo_1991@hotmail.com\DFSR\Staging\CS{9FC5CB3F-0E41-DF39-5D96-D4AEF571E700}\01\12-{9FC5CB3F-0E41-DF39-5D96-D4AEF571E700}-v1-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\maxime.brodeur@hotmail.com\DFSR\Staging\CS{78BED5A6-FD62-31B9-0145-7BEB7117C7E8}\01\14-{78BED5A6-FD62-31B9-0145-7BEB7117C7E8}-v1-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\mini_suzie17@hotmail.com\DFSR\Staging\CS{D5A1FFF8-4899-8205-66FB-040D993EFEDC}\01\15-{D5A1FFF8-4899-8205-66FB-040D993EFEDC}-v1-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\01\18-{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}-v1-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\15\38-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v15-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11946 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\15\38-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v15-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1320 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\16\39-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v16-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10128 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\16\39-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v16-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1144 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\17\40-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v17-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15456 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\17\40-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v17-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1704 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\18\41-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v18-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 14592 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\18\41-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v18-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1600 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\19\42-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v19-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15042 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\19\42-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v19-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1672 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\20\43-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v20-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 13476 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\20\43-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v20-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1520 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\21\44-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v21-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 12000 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\21\44-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v21-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1352 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\22\45-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v22-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10290 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\22\45-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v22-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1168 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\23\46-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v23-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9858 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\23\46-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v23-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\24\47-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v24-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7860 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\24\47-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v24-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 856 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\25\37-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v25-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6114 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\thalie_forest@hotmail.com\DFSR\Staging\CS{AB87CA07-5654-F7C3-468D-4BDC4F4C491F}\25\37-{7AE38832-78A8-4E9A-B205-4064325EC0C4}-v25-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 664 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\eliane.lambert@hotmail.com\SharingMetadata\winnie_the_pooh4321@hotmail.com\DFSR\Staging\CS{9C94CDCA-26E2-5025-3CB1-394752C3485F}\01\17-{9C94CDCA-26E2-5025-3CB1-394752C3485F}-v1-{40DAA589-CC43-4C44-9615-A7640A5E0943}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\pro_skater_vince@hotmail.com\SharingMetadata\gahiel_26@hotmail.com\DFSR\Staging\CS{1E44D426-53E8-51AB-C97A-1E694AF28840}\01\11-{1E44D426-53E8-51AB-C97A-1E694AF28840}-v1-{41CDAA3D-772B-4C10-9F58-B45EB4B5731E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Lambert\Local Settings\Application Data\Microsoft\Messenger\pro_skater_vince@hotmail.com\SharingMetadata\philippe.g-rivard@hotmail.com\DFSR\Staging\CS{36A94A48-A1A5-4694-EAAD-74127D86F06B}\01\12-{36A94A48-A1A5-4694-EAAD-74127D86F06B}-v1-{41CDAA3D-772B-4C10-9F58-B45EB4B5731E}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Diablo II\\Diablo II.exe"="C:\\Program Files\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 23 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Wed 23 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Wed 23 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Wed 23 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\bt5ffae.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\cqhxd2y.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\diege9i.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\e32ow8n.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\eehiulv.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\gc7rchm.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\h1w7nml.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\h77i04h.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\iftllhe.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\jcvbj1z.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\jd7tw74.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\lnan58a.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\mfdk5vv.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\n93atsh.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\ni3ylc8.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\nzddk5w.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\r2xc67c.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\r78srta.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\vn05v4l.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\wt8r14b.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\xuro4ya.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\xwlr4qd.dll"
Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\yij0vkr.dll"
Wed 31 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 23 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Fri 19 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITB.tmp"
Mon 24 Apr 2006 72,192 ...H. --- "C:\Documents and Settings\Famille Lambert\Application Data\Microsoft\Word\~WRL0005.tmp"
Mon 24 Apr 2006 68,096 ...H. --- "C:\Documents and Settings\Famille Lambert\Application Data\Microsoft\Word\~WRL0904.tmp"
Mon 24 Apr 2006 71,680 ...H. --- "C:\Documents and Settings\Famille Lambert\Application Data\Microsoft\Word\~WRL2868.tmp"
Thu 11 Sep 2003 19,456 A..H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\~WRL0817.tmp"
Mon 15 Sep 2003 26,112 A..H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\~WRL2748.tmp"
Mon 15 Sep 2003 23,552 A..H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\~WRL3414.tmp"
Wed 23 Apr 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\cf\shellext.dll"
Thu 16 Nov 2006 989,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BITE.tmp"
Mon 24 Apr 2006 69,120 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL0020.tmp"
Mon 24 Apr 2006 70,656 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL0212.tmp"
Sun 23 Apr 2006 69,120 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL0919.tmp"
Mon 24 Apr 2006 67,584 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL1718.tmp"
Mon 24 Apr 2006 68,096 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL2173.tmp"
Mon 24 Apr 2006 68,096 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL2654.tmp"
Mon 24 Apr 2006 68,608 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL2661.tmp"
Wed 14 Dec 2005 341,504 A..H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL3095.tmp"
Mon 24 Apr 2006 68,096 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL3470.tmp"
Mon 24 Apr 2006 69,120 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL3544.tmp"
Mon 24 Apr 2006 69,120 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL3748.tmp"
Sun 18 Dec 2005 354,816 A..H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL3799.tmp"
Mon 24 Apr 2006 67,072 ...H. --- "C:\Documents and Settings\Famille Lambert\Bureau\liane\Travaux d'‚cole\Secondaire 3\~WRL3984.tmp"
Sat 18 Nov 2006 51,712 A..H. --- "C:\Documents and Settings\Famille Lambert\Bureau\Simon\cole\Session 3\SSH 5501\~WRL0195.tmp"
Sat 18 Nov 2006 80,896 A..H. --- "C:\Documents and Settings\Famille Lambert\Bureau\Simon\cole\Session 3\SSH 5501\~WRL0851.tmp"

Finished!

Réponse 10 / 24

Utilisateur anonyme

ok ca as bien avance on continu avec ceci ne t'inquiete pas il a plus d'explacations qu'autres choses !

) Télécharger et installer CCleaner.
https://www.pcastuces.com/logitheque/ccleaner.htm
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner sur PC Astuces">CCleaner

Clique sur Options, Avancé et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Ne touche pas aux autres réglages.

(Configuration de CCleaner ici:
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

2) Télécharger et installer AVG Anti-Spyware 7.5

https://www.avg.com/en-ww/free-antivirus-download

Lancer AVG Anti-Spyware.
Cliquer sur le menu Mise à jour.
Dans le paragraphe Mise à jour manuelle, cliquer sur le bouton Commencer la mise à jour.
Attendre la fin de cette mise à jour puis fermer le programme.
Ne pas lancer d'analyse maintenant

Démarre en mode sans échec maintenant avant de poursuivre

3) Lance CCleaner

Puis dans le menu" Nettoyeur"
Cliquer sur "Analyse" (laisser travailler cela peut durer longtemps la 1ere fois)
Cliquer sur le bouton "Lancer le nettoyage".
Fais cela plusieurs fois d affilée puis ferme CCleaner

N'oublie pas de vider ta corbeille. (En principe, CCleaner le fait).

4) Lance AVG Anti-Spyware 7.5

Cliquer sur le menu Analyse (de la barre d'outils).
Cliquer sur l'onglet Paramètres.
Dans Comment réagir? cliquer sur Actions recommandées et choisir Quarantaine.
Dans Comment faire l'analyse ? et dans Programmes potentiellement dangereux, vérifier que toutes les cases soient cochées.
Vérifier que le bouton-radio Générer un rapport après chaque analyse soit aussi coché.
Dans l'onglet Analyse
Cliquer sur Analyse complète du système.
Important : Ne pas ouvrir de fenêtre, ne pas lancer de programme pendant l'exécution de AVG Anti-Spyware, car cela pourrait interférer avec le processus de recherche.
Tres important : A la fin de l'analyse, cocher tout ce qui a été trouvé puis cliquer sur " Appliquer toutes les actions"
Ensuite.
Cliquer sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
(C:\Programfiles\Grisoft\AVG Antispyware 7.5\Reports )
Puis fermer AVG Anti-Spyware

C) Télécharge clean.zip de Malekal (merci Malekal).

http://www.malekal.com/download/clean.zip

* Dézippe-le sur le bureau.
* Ouvre le dossier jaune nommé clean sur ton bureau.
* Double-clique sur clean.cmd
* Choisis l'option 1 et copie sur le bureau le rapport généré. Il doit normalement aussi se trouver là : c:\rapport_clean.txt
* Clique sur Q pour quitter le programme.

* Redémarre en mode sans échec. Pour cela : au démarrage du PC, tapote sur F8 (ou F5). Ton PC démarre, mais sans accès à Internet.( Fais- le en mode normal puisque tu n'as pas accès au MSE )
* Ouvre le dossier jaune nommé clean sur ton bureau.
* Double-clique sur clean.cmd
* Choisis l'option 2 et copie sur le bureau le rapport généré.
* Si une fenêtre s'ouvre, laisse-la.
* Clique sur Q pour quitter le programme.

Réponse 11 / 24

Symun

Bonjour, désolé pour le délais mais j'ai suivi à la lettre tes conseils. Le virus semble définitivement partit, je te poste quand même le rapport clean. Y a-t-il d'autre procédures? Encore et toujours merci.

Rapport clean

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 2007-12-16 a 9:16:45,46

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.2"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Réponse 12 / 24

Utilisateur anonyme

bonjour je ne suis pas sur que se sois termine effectue un scan pour en etre sur !

scan en ligne :

Assure-toi que les contrôles active x soient bien configurés dans les options internet comme décrit sur ce lien=> http://www.inoculer.com/activex.php3

Fais un scan en ligne avec https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

On va te demander de télécharger un ou deux contrôles active x, accepte . Laisse le faire les mises à jour puis quand il aura fini, clique sur Suivant

Dans le menu Choisissez la cible de l'analyse , sélectionne Poste de travail .
Le scan va commencer.Poste le rapport qui sera généré stp.

Aide en cas de problème : http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

NOTE: le scan est à faire avec Internet Explorer

Réponse 13 / 24

Symun

Fait! Il n'a rien trouvé:D Autre chose à effectué? Merci encore.

Symun

Réponse 14 / 24

Utilisateur anonyme

bonjour poste un nouvel hijackthis stp

Réponse 15 / 24

Symun

Voila!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:05, on 2007-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFFCC577-06AE-41C5-BB3E-98AEA028D5FB}: NameServer = 207.164.234.129 207.164.234.193
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.apocalyptica.com/images/stuff/desktopgrafics/cult_1280.jpg

Réponse 16 / 24

Utilisateur anonyme

il y a toujours un truc fait ceci

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

Réponse 17 / 24

jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175

salut vous deux,
carossier:c'est celui ci qui t'embete?:O24 - Desktop Component 0: (no name) - http://www.apocalyptica.com/images/stuff/desktopgrafics/cult_1280.jpg

Réponse 18 / 24

Symun

Pour le O24 - Desktop Component 0: (no name) - http://www.apocalyptica.com/images/stuff/desktopgrafics/cult_1280.jpg j'ai simplement supprimé cette image de la liste des arrieres-plan..voici le smithfraud et le hijackthis

hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:07, on 2007-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFFCC577-06AE-41C5-BB3E-98AEA028D5FB}: NameServer = 207.164.234.129 207.164.234.193
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Réponse 19 / 24

Utilisateur anonyme

bonjour tu as du voire en te promenant sur le forum qu'avast recontre actuellement des difficultés je te conseil de le desinstaler et de le remplacer par avira antivir qui est plus performant !

anti virus : antivir

https://www.malekal.com/avira-free-security-antivirus-gratuit/

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel + complet

une fois ceci fait effectue un scan avec antivir en mode sans echecs copie le rapport ici !

je vois aussi que tu avait norton il reste des traces comment as tu desinstaler celui ci, car il y a un petit conflit

Réponse 20 / 24

Symun

A vrai dire je n'avais pas d'installer norton, maintenant oui. J'ai telecharger antivir et supprimé avast. voici le log.

AntiVir PersonalEdition Classic
Report file date: 18 décembre 2007 09:47

Scanning for 980179 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MARS

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:13:53
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:13:53
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 14:13:53
ANTIVIR3.VDF : 7.0.1.115 101888 Bytes 18/12/2007 14:13:53
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 18/12/2007 14:13:54
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 14:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 18 décembre 2007 09:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '34' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Famille Lambert\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.agh.1
[WARNING] The file was ignored!
C:\Documents and Settings\Famille Lambert\Bureau\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\IEDFix.exe
[DETECTION] Is the Trojan horse TR/BHO.agh
[INFO] The file was moved to '47d0e4d1.qua'!
C:\Documents and Settings\Famille Lambert\Bureau\SmitfraudFix\IEDFix.exe
[DETECTION] Is the Trojan horse TR/BHO.agh
[INFO] The file was moved to '47abe8b6.qua'!
C:\Documents and Settings\Famille Lambert\Local Settings\Temporary Internet Files\Content.IE5\LO3F26ZB\SmitfraudFix[1].exe
[DETECTION] Contains detection pattern of the dropper DR/BHO.agh.1
[INFO] The file was moved to '47d0ee68.qua'!
C:\Program Files\Ultima Online 2D\Binkw32.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\client.exe
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\ClientPicker.exe
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\Granny.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\Igrping.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\Owo.exe
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\patchw32.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\Transerv.exe
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\uo.exe
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\uopatch.exe
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\UOUninst.exe
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\CE\Cedll.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\EF\Efdll.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\EG\Egdll.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\EH\Eh.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\EJ\Ejdll.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\FE\Fedll.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\GE\Gedll.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\HE\He.dll
[WARNING] The file could not be opened!
C:\Program Files\Ultima Online 2D\TranServ\SysTran\JE\Jedll.dll
[WARNING] The file could not be opened!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/kfosr.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
--> backups/ky.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '47caf87a.qua'!

End of the scan: 18 décembre 2007 11:47
Used time: 2:00:43 min

The scan has been done completely.

13825 Scanning directories
543453 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
21 Files cannot be scanned
543447 Files not concerned
6086 Archives were scanned
22 Warnings
0 Notes

Merci!

Discussions similaires

Softonic,est-ce un virus ?

Désinstaller Softonic

symboles et écritures pour nick msn

Message Apple virus !!

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne