Sujet Précédent Sujet Suivant

Je ne suis pas arrivé à détruire ce virus

Résolu/Fermé
Profil bloqué - 17 déc. 2007 à 12:00
 Profil bloqué - 5 nov. 2011 à 07:26
Bonjour,
j'ai un virus sur mon ordi ke je n'arrive pas à détruire aidez moi à le supprimer définitivement j'ai l'antivirus avast qui n'arrive pas à le détruire le nom du virus est : neoks.exe il se multiplie sur mon ordi. Aidez moi à le détruire de mon ordi.

Merci
A voir également:

17 réponses

Réponse 1 / 17
Utilisateur anonyme
17 déc. 2007 à 12:23
Bonjour,

Commence par poster un rapport HijackThis stp,
Télécharge HiJackThis
0
Réponse 2 / 17
Profil bloqué
17 déc. 2007 à 14:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:27, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\OeApi.dll.vbs
O4 - HKLM\..\Run: [System12] C:\WINDOWS\system32\ne0kS.exe
O4 - HKLM\..\Run: [System64] C:\WINDOWS\system32\ne0kS.dll.wsf
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56043979-A448-4B46-B71D-42248EA80472}: NameServer = 80.255.35.180,80.255.35.181
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FB396C2-8CCB-4629-BDA1-D92C687F87F1}: NameServer = 81.91.225.1 81.91.225.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
0
Réponse 3 / 17
Profil bloqué
17 déc. 2007 à 14:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:24, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\DOCUME~1\emmanuel\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [System12] C:\WINDOWS\system32\ne0kS.exe
O4 - HKLM\..\Run: [System64] C:\WINDOWS\system32\ne0kS.dll.wsf
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 4 / 17
Utilisateur anonyme
17 déc. 2007 à 14:50
Re,
pourquoi le deuxième est plus court ?
T'as fais des manip. ?

J'allai te donner une procedure mais là, j'attends ta réponse

--
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 déc. 2007 à 14:53
slt

je pense qu'il a fait deux hijackthis car il a deux ordi inféctés
0
Réponse 6 / 17
Utilisateur anonyme
17 déc. 2007 à 15:10
Salut jlp,

Oui c'est clair, toshi et Asus..j'y attendais pas..

Bon el-kebir, carrément ? Deux d'un coup ?
Non commençons par le Toshiba (premier HiJack log).
Si tu as un réseau local entre les deux PC, débranche le.

Jlp, si tu veux en même temps t'occuper du deuxième....
__________
el-kebir,

> Télécharge SDFix sur ton bureau
0
Réponse 7 / 17
Profil bloqué
17 déc. 2007 à 17:26
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 16:33:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\01\13-{FEDC4696-B395-1829-C599-524407BB2177}-v1-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\14\14-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v14-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\15\27-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v15-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8310 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\15\27-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v15-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 944 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\16\28-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v16-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8724 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\16\28-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v16-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\17\39-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v17-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 26796 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\17\39-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v17-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2028 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\17\39-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v17-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2952 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\18\42-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v18-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 21054 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\18\42-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v18-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1560 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\18\42-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v18-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2376 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\19\31-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v19-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1758 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\19\31-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v19-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 200 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\43-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9750 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\43-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\44-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9750 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\44-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\45-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9534 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\45-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1056 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\46-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9534 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\46-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1056 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\22\48-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v22-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\23\49-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v23-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9678 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\23\49-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v23-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\24\50-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v24-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9624 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\24\50-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v24-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1080 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\25\37-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v25-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9624 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\25\37-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v25-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\26\41-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v26-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8274 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\26\41-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v26-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31

Le virus est tjrs est là voici les résultats de l'ordi toshiba maintenant comment détruire le virus ?
0
Réponse 8 / 17
Profil bloqué
17 déc. 2007 à 17:37
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 16:33:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\01\13-{FEDC4696-B395-1829-C599-524407BB2177}-v1-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\14\14-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v14-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\15\27-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v15-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8310 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\15\27-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v15-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 944 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\16\28-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v16-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8724 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\16\28-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v16-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\17\39-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v17-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 26796 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\17\39-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v17-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2028 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\17\39-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v17-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2952 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\18\42-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v18-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 21054 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\18\42-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v18-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1560 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\18\42-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v18-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2376 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\19\31-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v19-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1758 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\19\31-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v19-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 200 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\43-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9750 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\43-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\44-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9750 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\20\44-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v20-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\45-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9534 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\45-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1056 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\46-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9534 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\21\46-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v21-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1056 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\22\48-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v22-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\23\49-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v23-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9678 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\23\49-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v23-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\24\50-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v24-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9624 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\24\50-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v24-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1080 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\25\37-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v25-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9624 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\25\37-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v25-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\26\41-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v26-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8274 bytes hidden from API
C:\Documents and Settings\ANAGO CODJO\Local Settings\Application Data\Microsoft\Messenger\smanu_ac@hotmail.com\SharingMetadata\bebevip2002@hotmail.com\DFSR\Staging\CS{FEDC4696-B395-1829-C599-524407BB2177}\26\41-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v26-{D61D5A61-9FF8-40A9-A2C5-BC781A9761DF}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31

le virus est tjrs sur mon ordi ke faire pr le détruire
0
Réponse 9 / 17
Utilisateur anonyme
17 déc. 2007 à 20:17
Re,
0
Réponse 10 / 17
Profil bloqué
20 déc. 2007 à 17:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:22, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C80B7FF6-CE60-4079-935E-520C045C30A6} - http://www.mailskinner.com/binaries/msaxsetup.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56043979-A448-4B46-B71D-42248EA80472}: NameServer = 80.255.35.180,80.255.35.181
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
0
Réponse 11 / 17
Profil bloqué
20 déc. 2007 à 17:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:22, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 12 / 17
Utilisateur anonyme
20 déc. 2007 à 19:22
Salut,

Le Log du Asus est cout...pourtant tu l'as fait en mode normal....il manque les startup...

Peux refaire un HiJack du deuxième PC ?
et puis c'est quoi ça : O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll ?
0
Réponse 13 / 17
Utilisateur anonyme
20 déc. 2007 à 19:33
Bon attends,
t'as encore des cochonneries sur le PC 1..
0
Réponse 14 / 17
Utilisateur anonyme
20 déc. 2007 à 20:27
Salut,

Pour le PC 1 (Toshiba) : (d'abort le Toshiba, ensuite l'autre. Et pas de transfert entre les deux (usb, réseau, dd ext.. : rien)

> Télécharge Navilog1 de Il Mafioso
- Enregistre-le sur ton Bureau.
- Décompresse-le en faisant « extraire-tout ».
- Double clique sur Navilog1.bat.
- Choisis l'option 1 puis valide.
Attention : n’utilise surtout pas les options 2,3 ou 4 sans notre accord. (tu risquerais d’endommager ton pc)
- Patiente jusqu'au message : « *** Analyse Terminée le ..... ***"
- Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir.
- Fais un copier coller du rapport généré et poste-le ici.

NB : Le rapport se trouve aussi à la racine de ton disque : fixnavi.txt


A+

--
0
Réponse 15 / 17
Profil bloqué
5 nov. 2011 à 06:34
bonjour DIID un virus impossible de le supprimer j'ai fait comme tu me l'avais dit il y a de celà des années voici les rapports. Aide moi surtout à le suprimer. Meilleures salutations.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:41, on 04/11/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\Intel(R).exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dr BOUKARI Alassan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Dr BOUKARI Alassan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr BOUKARI Alassan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dr BOUKARI Alassan\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dr BOUKARI Alassan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Intel(R) Interface] C:\WINDOWS\system32\Intel(R).exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 16 / 17
Profil bloqué
5 nov. 2011 à 06:37
[b]SDFix: Version 1.240 [/b]
Run by Dr BOUKARI Alassan on 05/11/2011 at 06:20

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 06:24:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 28 Sep 2011 75 A..H. --- "C:\WINDOWS\system32\otr.dll"
Wed 1 Dec 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 4 Sep 2011 12,793 ...H. --- "C:\Documents and Settings\Dr BOUKARI Alassan\Mes documents\~WRL1286.tmp"
Sun 4 Sep 2011 12,062 ...H. --- "C:\Documents and Settings\Dr BOUKARI Alassan\Mes documents\~WRL2855.tmp"
Fri 10 Jun 2011 13,248,968 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\10672032c139979afb349f7a72b62f3c\BIT3.tmp"
Sun 8 May 2011 13,007,304 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e429cb42d42c29f6a28a48decf2da42\BIT13.tmp"
Tue 11 Oct 2011 14,921,672 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5210457329c59be877f7a77125217d4\BIT9.tmp"
Mon 11 Jul 2011 13,487,560 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b935dc2aa22878eb6ab1f05ebbc44741\BIT5F.tmp"
Sun 11 Sep 2011 15,338,952 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bf427e5cb3236c5044272c25663c5521\BIT13.tmp"
Tue 27 Sep 2011 14,507,464 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f2dbaec252e8cc66f47577715eced553\BIT6.tmp"
Mon 18 Apr 2011 12,502,472 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f56d61589b3e7d4c503d73447a66e35f\BITE.tmp"
Tue 16 Aug 2011 271,872 ...H. --- "C:\Documents and Settings\Dr BOUKARI Alassan\Mes documents\Documents Collectif et D'l'gu's\Dossier D'l'gu's du Personnel\~WRL0001.tmp"
Sat 5 Nov 2011 59,443,547 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a2a5ecd72c62a4fe04757ab8c19e933\download\BIT17.tmp"

[b]Finished![/b]
0
Réponse 17 / 17
Profil bloqué
5 nov. 2011 à 07:26
Fix Navipromo version 4.1.0 commencé le 05/11/2011 7:14:16,68

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 20.04.2011 à 09h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 1.60GHz )
BIOS : Default System BIOS
USER : Dr BOUKARI Alassan ( Administrator )
BOOT : Fail-safe boot




A:\ (USB)
C:\ (Local Disk) - NTFS - Total:18 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:18 Go (Free:15 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)


Recherche executée en mode sans échec


[b]Aucune Infection Navipromo/Egdaccess trouvée[/b]



*** Scan terminé 05/11/2011 7:14:42,78 ***
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses