Systeme erroe sous vista unknow trojan
biggy68
-
biggy68 -
biggy68 -
Bonjour,
Depuis peut quand j'ouvre un dossier windows vista m'envoy le message suivant :
Systeme error!
Your PC was infected by unknown trojan.
It's dangerous for your system (critical files can be lost) !
Click OK to download the antispyare program to clean your system ! (recommanded)
Je clic Ok mais rien ne change!J'ai fait des scan avec Avast,cclener,spybot C&D et ad-aware qui eux n'ont trouvé aucun trojan
comment faire SVP??
Analyse avec Hijackthis me donne ceci :
Lorsque je lance le scann Hijackthis menvoi le message suivant en plein milieu du scan!
"for some reason your systeme denied write access to the Host file. If any Hijacked domains are in this files, Hijacked may Not able to fix this.
If tha happens, you need to edit the file yourself. To do this, click star, run and type:
notpad C:\Windows\Systeme32\drivers\etc\hosts
and press enter. Fine the line(s) hijackthis reports ant delete them.
Save the file has "hosts."(with quotes), and reboot.
For Vista simply, simply exit Hijackthis, right click on Hijackthis icon, choose' run as administrator'"
Puis je clic sur Ok
Le scan se termine et j'obtien le rapport suivant :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:46:42, on 06/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Rates - {F325C9B7-4876-4665-895B-674D657645C2} - C:\Windows\toprates.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Depuis peut quand j'ouvre un dossier windows vista m'envoy le message suivant :
Systeme error!
Your PC was infected by unknown trojan.
It's dangerous for your system (critical files can be lost) !
Click OK to download the antispyare program to clean your system ! (recommanded)
Je clic Ok mais rien ne change!J'ai fait des scan avec Avast,cclener,spybot C&D et ad-aware qui eux n'ont trouvé aucun trojan
comment faire SVP??
Analyse avec Hijackthis me donne ceci :
Lorsque je lance le scann Hijackthis menvoi le message suivant en plein milieu du scan!
"for some reason your systeme denied write access to the Host file. If any Hijacked domains are in this files, Hijacked may Not able to fix this.
If tha happens, you need to edit the file yourself. To do this, click star, run and type:
notpad C:\Windows\Systeme32\drivers\etc\hosts
and press enter. Fine the line(s) hijackthis reports ant delete them.
Save the file has "hosts."(with quotes), and reboot.
For Vista simply, simply exit Hijackthis, right click on Hijackthis icon, choose' run as administrator'"
Puis je clic sur Ok
Le scan se termine et j'obtien le rapport suivant :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:46:42, on 06/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Rates - {F325C9B7-4876-4665-895B-674D657645C2} - C:\Windows\toprates.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
A voir également:
- Systeme erroe sous vista unknow trojan
- Restauration systeme windows 10 - Guide
- Vérificateur des fichiers système - Guide
- Windows vista - Télécharger - Divers Utilitaires
- Vous avez besoin d'une autorisation de la part de système pour modifier ce dossier - Guide
- Clé windows vista - Guide
24 réponses
Salut
Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).
* Démarrer > Panneau de Configuration
* Double clique sur l'icône Comptes d'utilisateurs
* Clique ensuite sur Désactiver et valide.
* Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Clique-droit sur le lien ci-dessus et choisis Enregistrer la cible (du lien) sous... et range le sur ton Bureau.
* Clique-droit sur navilog1.exe et choisis "Exécuter en tant que... Administrateur" pour l'installer.
* Attends la fin de l'installation.
======================================
Option #1 :
Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.
Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant que... Administrateur".
* Sur le menu principal, choisis 1.
* Suis les instructions et patiente.
* Patiente jusqu'au message *** Analyse terminée le ….*** (il se peut que ça prenne un certain temps).
* Appuie sur une touche ainsi que demandé.
* Un document du Bloc-notes est créé : fixnavi.txt.
* Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
* Referme le Bloc-notes.
Le rapport fixnavi.txt est également sauvegardé dans %systemdrive%. (en général C:\)
A+
Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).
* Démarrer > Panneau de Configuration
* Double clique sur l'icône Comptes d'utilisateurs
* Clique ensuite sur Désactiver et valide.
* Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Clique-droit sur le lien ci-dessus et choisis Enregistrer la cible (du lien) sous... et range le sur ton Bureau.
* Clique-droit sur navilog1.exe et choisis "Exécuter en tant que... Administrateur" pour l'installer.
* Attends la fin de l'installation.
======================================
Option #1 :
Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.
Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant que... Administrateur".
* Sur le menu principal, choisis 1.
* Suis les instructions et patiente.
* Patiente jusqu'au message *** Analyse terminée le ….*** (il se peut que ça prenne un certain temps).
* Appuie sur une touche ainsi que demandé.
* Un document du Bloc-notes est créé : fixnavi.txt.
* Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
* Referme le Bloc-notes.
Le rapport fixnavi.txt est également sauvegardé dans %systemdrive%. (en général C:\)
A+
Merci Regis59 pour ta Réponce! J'ai suivis tes instructions et voila le compte-rendu de l'analyse :
Search Navipromo version 3.3.8 commencé le 06/01/2008 à 17:14:34,77
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16575
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\asso\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Asso\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Asso\AppData\Local\Microsoft *
* Recherche dans C:\Users\Asso\AppData\Local *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Asso\AppData\Local\Microsoft :
* Dans C:\Users\Asso\AppData\Local :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 06/01/2008 à 17:18:14,99 ***
Search Navipromo version 3.3.8 commencé le 06/01/2008 à 17:14:34,77
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16575
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\asso\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Asso\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Asso\AppData\Local\Microsoft *
* Recherche dans C:\Users\Asso\AppData\Local *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Asso\AppData\Local\Microsoft :
* Dans C:\Users\Asso\AppData\Local :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 06/01/2008 à 17:18:14,99 ***
ok
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le Smitfraudfix.exe et choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
A+
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le Smitfraudfix.exe et choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
A+
Merci pour ta reponce Regis59
je croi avoir trouver la solution mais d'abord voici le rapport que me m'avais demander
SmitFraudFix v2.274
Scan done at 22:19:36,62, 06/01/2008
Run from C:\Users\Asso\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Asso
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Asso\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Asso\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Hercules Wireless G USB2 #2
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{60937072-E43C-428B-95FF-683A741C1BDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7978BBC7-6803-4992-ACE7-416549738590}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{60937072-E43C-428B-95FF-683A741C1BDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7978BBC7-6803-4992-ACE7-416549738590}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{60937072-E43C-428B-95FF-683A741C1BDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7978BBC7-6803-4992-ACE7-416549738590}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
En ce qui concerne ma solution j'ai fais ceci :
élécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Merci à Angeldark ( http://www.infos-du-net.com/forum/276022-11-resolu-system-error )
Regis59 que en pence tu? Mon pc est propre maintenan?
Merci d'avance
je croi avoir trouver la solution mais d'abord voici le rapport que me m'avais demander
SmitFraudFix v2.274
Scan done at 22:19:36,62, 06/01/2008
Run from C:\Users\Asso\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Asso
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Asso\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Asso\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Hercules Wireless G USB2 #2
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{60937072-E43C-428B-95FF-683A741C1BDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7978BBC7-6803-4992-ACE7-416549738590}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{60937072-E43C-428B-95FF-683A741C1BDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7978BBC7-6803-4992-ACE7-416549738590}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{60937072-E43C-428B-95FF-683A741C1BDC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7978BBC7-6803-4992-ACE7-416549738590}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
En ce qui concerne ma solution j'ai fais ceci :
élécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Merci à Angeldark ( http://www.infos-du-net.com/forum/276022-11-resolu-system-error )
Regis59 que en pence tu? Mon pc est propre maintenan?
Merci d'avance
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Analyse avec Hijackthis me donne ceci :
Lorsque je lance le scann Hijackthis menvoi le message suivant en plein milieu du scan!
"for some reason your systeme denied write access to the Host file. If any Hijacked domains are in this files, Hijacked may Not able to fix this.
If tha happens, you need to edit the file yourself. To do this, click star, run and type:
notpad C:\Windows\Systeme32\drivers\etc\hosts
and press enter. Fine the line(s) hijackthis reports ant delete them.
Save the file has "hosts."(with quotes), and reboot.
For Vista simply, simply exit Hijackthis, right click on Hijackthis icon, choose' run as administrator'"
Puis je clic sur Ok
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:57, on 08/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Asso\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Lorsque je lance le scann Hijackthis menvoi le message suivant en plein milieu du scan!
"for some reason your systeme denied write access to the Host file. If any Hijacked domains are in this files, Hijacked may Not able to fix this.
If tha happens, you need to edit the file yourself. To do this, click star, run and type:
notpad C:\Windows\Systeme32\drivers\etc\hosts
and press enter. Fine the line(s) hijackthis reports ant delete them.
Save the file has "hosts."(with quotes), and reboot.
For Vista simply, simply exit Hijackthis, right click on Hijackthis icon, choose' run as administrator'"
Puis je clic sur Ok
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:57, on 08/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Asso\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Ok ouvre ceci avec le bloc note:
C:\Windows\Systeme32\drivers\etc\hosts
Copie colle ce qu il y a dedans ici.
A+
C:\Windows\Systeme32\drivers\etc\hosts
Copie colle ce qu il y a dedans ici.
A+
j'ai fait ta manip et voici le résulat :
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
Re,
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Ferme HijackThis.
Ou en sont tes soucis?
A+
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Ferme HijackThis.
Ou en sont tes soucis?
A+
jai fai ta manipulation! les soucis de mesages d'error système ne sont plus d'actualiter enfin!!
Mais après un 2ème scanne je trovue toujour la ligne
02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Ceci après avoir fait ta manip
Mais après un 2ème scanne je trovue toujour la ligne
02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Ceci après avoir fait ta manip
je refais al manipulation mais il refuse de le suprimmer!
Cette ligne correspond a un virus, un trojan?
Comment le supprimer autrement alor?
Merci pr tes réponces Regis59
Cette ligne correspond a un virus, un trojan?
Comment le supprimer autrement alor?
Merci pr tes réponces Regis59
Salut
Non ca correspond a Windows Live Messenger, mais c'est une BHO obsolète.
Voir ici:
http://www.castlecops.com/tk32132-Windows_Live_Call_HoverToCall_class.html
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
Non ca correspond a Windows Live Messenger, mais c'est une BHO obsolète.
Voir ici:
http://www.castlecops.com/tk32132-Windows_Live_Call_HoverToCall_class.html
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
Voici les rapports Combofix et hijackthis après avoir fait ta manipulation!
Merci pour l'information concernant cette ligne.
ComboFix 08-01-15.4 - Asso 2008-01-15 18:47:39.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1423 [GMT 1:00]
Running from: C:\Users\Asso\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.
2008-01-15 18:46 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 20:58 . 2008-01-10 20:58 <REP> d-------- C:\Program Files\SEUCDaS
2008-01-09 01:42 . 2008-01-09 01:42 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 01:42 . 2008-01-09 01:42 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 01:42 . 2008-01-09 01:42 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 01:42 . 2008-01-09 01:42 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 01:42 . 2008-01-09 01:42 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 01:41 . 2008-01-09 01:41 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 01:41 . 2008-01-09 01:41 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 01:41 . 2008-01-09 01:41 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 01:41 . 2008-01-09 01:41 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 01:41 . 2008-01-09 01:41 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 01:41 . 2008-01-09 01:41 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 01:41 . 2008-01-09 01:41 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 01:41 . 2008-01-09 01:41 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 01:41 . 2008-01-09 01:41 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 01:41 . 2008-01-09 01:41 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 21:52 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-06 17:12 . 2008-01-06 17:20 <REP> d-------- C:\Program Files\Navilog1
2008-01-06 05:00 . 2008-01-06 05:00 <REP> d-------- C:\VundoFix Backups
2008-01-05 21:59 . 2008-01-06 22:19 3,634 --a------ C:\Windows\System32\tmp.reg
2008-01-05 21:56 . 2008-01-05 21:57 <REP> d-------- C:\SmitfraudFix
2008-01-05 21:55 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-05 21:55 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-05 21:55 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-05 21:55 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-05 21:55 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-05 18:07 . 2008-01-05 18:38 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-05 18:07 . 2008-01-05 18:38 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-05 17:10 . 2008-01-05 17:10 49 --a------ C:\tmp.bat
2007-12-28 16:47 . 2007-12-28 16:47 <REP> d-------- C:\Users\Asso\AppData\Roaming\InstallShield
2007-12-15 15:27 . 2007-12-15 15:27 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2007-12-15 15:27 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 12:28 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 12:28 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 00:41 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 00:41 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 00:41 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 00:41 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-15 14:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 20:48 --------- d-----w C:\Users\Asso\AppData\Roaming\vlc
2007-12-14 20:46 --------- d-----w C:\Program Files\VideoLAN
2007-12-12 22:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 22:44 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 22:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 22:43 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 22:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 22:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 22:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 22:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 22:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 22:43 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 22:42 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 22:42 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 17:27 --------- d-----w C:\Program Files\Windows Live
2007-12-11 17:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-11 17:12 --------- d-----w C:\ProgramData\WLInstaller
2007-12-09 11:33 --------- d-----w C:\Program Files\CCleaner
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-27 20:13 --------- d-----w C:\Users\Asso\AppData\Roaming\teamspeak2
2007-11-20 23:58 --------- d-----w C:\Program Files\DivX
2007-11-17 22:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-14 14:13 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 14:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 14:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 14:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 14:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 14:13 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 14:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 14:13 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 14:13 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 14:13 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-05 15:58 6,984 ----a-w C:\Windows\flow.tmp
2007-10-20 00:56 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
2007-10-07 16:54 174 --sha-w C:\Program Files\desktop.ini
2007-10-03 18:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 01:41 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-03 15:13 171448]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 13:35 191488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-04 08:56 1006264]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-19 07:52 232184]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2007-02-06 02:24 109304]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 08:00 1116920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 15:51 4435968 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53 88024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 19:05]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8db98426-5ab8-11dc-924c-806e6f6e6963}]
\shell\AutoRun\command - E:\CLIC.EXE
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-14 20:53:13 C:\Windows\Tasks\User_Feed_Synchronization-{0976BDAD-604A-472B-94FE-8E0B137067AB}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 18:49:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Windows\system32\DLAAPI_W.DLL
.
Completion time: 2008-01-15 18:50:24
ComboFix-quarantined-files.txt 2008-01-15 17:50:20
.
2008-01-11 14:42:46 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:37, on 15/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Asso\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Merci pour l'information concernant cette ligne.
ComboFix 08-01-15.4 - Asso 2008-01-15 18:47:39.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1423 [GMT 1:00]
Running from: C:\Users\Asso\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.
2008-01-15 18:46 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 20:58 . 2008-01-10 20:58 <REP> d-------- C:\Program Files\SEUCDaS
2008-01-09 01:42 . 2008-01-09 01:42 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 01:42 . 2008-01-09 01:42 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 01:42 . 2008-01-09 01:42 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 01:42 . 2008-01-09 01:42 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 01:42 . 2008-01-09 01:42 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 01:41 . 2008-01-09 01:41 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 01:41 . 2008-01-09 01:41 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 01:41 . 2008-01-09 01:41 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 01:41 . 2008-01-09 01:41 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 01:41 . 2008-01-09 01:41 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 01:41 . 2008-01-09 01:41 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 01:41 . 2008-01-09 01:41 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 01:41 . 2008-01-09 01:41 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 01:41 . 2008-01-09 01:41 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 01:41 . 2008-01-09 01:41 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 21:52 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-06 17:12 . 2008-01-06 17:20 <REP> d-------- C:\Program Files\Navilog1
2008-01-06 05:00 . 2008-01-06 05:00 <REP> d-------- C:\VundoFix Backups
2008-01-05 21:59 . 2008-01-06 22:19 3,634 --a------ C:\Windows\System32\tmp.reg
2008-01-05 21:56 . 2008-01-05 21:57 <REP> d-------- C:\SmitfraudFix
2008-01-05 21:55 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-05 21:55 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-05 21:55 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-05 21:55 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-05 21:55 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-05 18:07 . 2008-01-05 18:38 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-05 18:07 . 2008-01-05 18:38 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-05 17:10 . 2008-01-05 17:10 49 --a------ C:\tmp.bat
2007-12-28 16:47 . 2007-12-28 16:47 <REP> d-------- C:\Users\Asso\AppData\Roaming\InstallShield
2007-12-15 15:27 . 2007-12-15 15:27 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2007-12-15 15:27 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 12:28 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 12:28 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 00:41 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 00:41 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 00:41 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 00:41 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-15 14:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 20:48 --------- d-----w C:\Users\Asso\AppData\Roaming\vlc
2007-12-14 20:46 --------- d-----w C:\Program Files\VideoLAN
2007-12-12 22:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 22:44 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 22:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 22:43 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 22:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 22:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 22:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 22:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 22:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 22:43 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 22:42 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 22:42 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 17:27 --------- d-----w C:\Program Files\Windows Live
2007-12-11 17:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-11 17:12 --------- d-----w C:\ProgramData\WLInstaller
2007-12-09 11:33 --------- d-----w C:\Program Files\CCleaner
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-27 20:13 --------- d-----w C:\Users\Asso\AppData\Roaming\teamspeak2
2007-11-20 23:58 --------- d-----w C:\Program Files\DivX
2007-11-17 22:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-14 14:13 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 14:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 14:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 14:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 14:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 14:13 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 14:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 14:13 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 14:13 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 14:13 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-05 15:58 6,984 ----a-w C:\Windows\flow.tmp
2007-10-20 00:56 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
2007-10-07 16:54 174 --sha-w C:\Program Files\desktop.ini
2007-10-03 18:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 01:41 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-03 15:13 171448]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 13:35 191488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-04 08:56 1006264]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-19 07:52 232184]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2007-02-06 02:24 109304]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 08:00 1116920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 15:51 4435968 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53 88024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 19:05]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8db98426-5ab8-11dc-924c-806e6f6e6963}]
\shell\AutoRun\command - E:\CLIC.EXE
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-14 20:53:13 C:\Windows\Tasks\User_Feed_Synchronization-{0976BDAD-604A-472B-94FE-8E0B137067AB}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 18:49:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Windows\system32\DLAAPI_W.DLL
.
Completion time: 2008-01-15 18:50:24
ComboFix-quarantined-files.txt 2008-01-15 17:50:20
.
2008-01-11 14:42:46 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:37, on 15/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Asso\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
