Virus msn ta tof fai koi sur ce site....
Résolu/Fermé
modinou
Messages postés
12
Date d'inscription
dimanche 2 mars 2008
Statut
Membre
Dernière intervention
2 mars 2008
-
2 mars 2008 à 08:21
Léo_ccp - 25 mars 2008 à 20:50
Léo_ccp - 25 mars 2008 à 20:50
A voir également:
- Virus msn ta tof fai koi sur ce site....
- Site de telechargement - Guide
- Site inaccessible - Guide
- Site de vente entre particulier - Guide
- Msn - Télécharger - Messagerie
- Darkino site - Guide
42 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
5 mars 2008 à 16:22
5 mars 2008 à 16:22
je suis perdu avec toutes ces personnes sur ce post!!!!!!!!
dite jai chopé ce virus et jai effectué un scan virus avec avast et le résultat, c'est qu'il n'a rein détecté alors ca veut dire que je nai pas de virus?? Merci de me répondre
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
5 mars 2008 à 22:18
5 mars 2008 à 22:18
POST FERME CAR C'EST LE BORDEL!
voici le raport de sdfix
[b]SDFix: Version 1.153 /b
Run by Administrateur on 06/03/2008 at 15:40
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
C:\DOCUME~1\EMILIE\OLZWGJ.EXE - Deleted
C:\DOCUME~1\EMILIE\OLZWGJ.EXE - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\DOCUME~1\Emilie\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 15:47:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\xbed8\x392\xbed8\x392\1"
"DeviceDesc"="\xbed8\x392\xbed8\x392\1"
"ProviderName"="\xfed4\21\xee18\x7c91\xff44\21\b"
"MFG"="\x564"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"d:\swsetup\video\sbdrv\smbus\smbusati.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 39
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\DOCUME~1\\Emilie\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Emilie\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files /b:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Sat 24 Nov 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Documents and Settings\Emilie\Bureau\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Documents and Settings\Emilie\Bureau\MioSync\_Setup.dll"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT2.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Emilie\Application Data\U3\temp\Launchpad Removal.exe"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b848f7bbcc1590afa157f879b74964b2\download\BIT7A.tmp"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8378ccca1581319d7b7f3a9d1188607\download\BITC6.tmp"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fde0566446f6dd640c536f419fe1216a\download\BITF0.tmp"
[b]Finished!/b
[b]SDFix: Version 1.153 /b
Run by Administrateur on 06/03/2008 at 15:40
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
C:\DOCUME~1\EMILIE\OLZWGJ.EXE - Deleted
C:\DOCUME~1\EMILIE\OLZWGJ.EXE - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\DOCUME~1\Emilie\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 15:47:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\xbed8\x392\xbed8\x392\1"
"DeviceDesc"="\xbed8\x392\xbed8\x392\1"
"ProviderName"="\xfed4\21\xee18\x7c91\xff44\21\b"
"MFG"="\x564"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"d:\swsetup\video\sbdrv\smbus\smbusati.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 39
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\DOCUME~1\\Emilie\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Emilie\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files /b:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Sat 24 Nov 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Documents and Settings\Emilie\Bureau\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Documents and Settings\Emilie\Bureau\MioSync\_Setup.dll"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT2.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Emilie\Application Data\U3\temp\Launchpad Removal.exe"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b848f7bbcc1590afa157f879b74964b2\download\BIT7A.tmp"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8378ccca1581319d7b7f3a9d1188607\download\BITC6.tmp"
Sat 24 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fde0566446f6dd640c536f419fe1216a\download\BITF0.tmp"
[b]Finished!/b
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour
j'ai moi aussi eu la mauvaise idée d'ouvrir ce lien a la c**.
Tout d'abord merci pour le forum j'ai peu telecharger le lien et suivre vos instructions.
Je vous copie/colle mon report.txt.
Au faite quelles peuvent les conséquences de ce virus?
Merci
JUL
[b]SDFix: Version 1.153 [/b]
Run by Vincent on 06/03/2008 at 17:14
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\SALXLS~1.EXE - Deleted
C:\WINDOWS\mrofinu1423.exe - Deleted
C:\DOCUME~1\Vincent\LOCALS~1\Temp\services.exe - Deleted
C:\autorun.inf - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 17:22:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd1w\2]
"91A14B995DF7C0B42ABAA16065968F3A"="C:\Program Files\Alias\Maya7.0\presets\Ashli\"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Alias\\Maya 6.0 Personal Learning Edition\\bin\\maya.exe"="C:\\Program Files\\Alias\\Maya 6.0 Personal Learning Edition\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App.exe"="C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App.exe:*:Enabled:Design Software"
"C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App2.exe"="C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App2.exe:*:Enabled:Production"
"C:\\Program Files\\Dantz\\Client\\retroclient.exe"="C:\\Program Files\\Dantz\\Client\\retroclient.exe:*:Enabled:Retrospect Client"
"C:\\Program Files\\Timbuktu Pro\\tb2pro.exe"="C:\\Program Files\\Timbuktu Pro\\tb2pro.exe:*:Enabled:Timbuktu Pro"
"C:\\Program Files\\Timbuktu Pro\\MiniTB2.exe"="C:\\Program Files\\Timbuktu Pro\\MiniTB2.exe:*:Enabled:MiniTB2"
"C:\\Program Files\\Timbuktu Pro\\TB2Scan.exe"="C:\\Program Files\\Timbuktu Pro\\TB2Scan.exe:*:Enabled:Timbuktu Pro Scanner"
"C:\\aflaser\\laserdesign\\air\\bin\\airshow.exe"="C:\\aflaser\\laserdesign\\air\\bin\\airshow.exe:*:Enabled:airshow"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\Vincent\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Vincent\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT4.tmp"
[b]Finished![/b]
j'ai moi aussi eu la mauvaise idée d'ouvrir ce lien a la c**.
Tout d'abord merci pour le forum j'ai peu telecharger le lien et suivre vos instructions.
Je vous copie/colle mon report.txt.
Au faite quelles peuvent les conséquences de ce virus?
Merci
JUL
[b]SDFix: Version 1.153 [/b]
Run by Vincent on 06/03/2008 at 17:14
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\SALXLS~1.EXE - Deleted
C:\WINDOWS\mrofinu1423.exe - Deleted
C:\DOCUME~1\Vincent\LOCALS~1\Temp\services.exe - Deleted
C:\autorun.inf - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 17:22:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd1w\2]
"91A14B995DF7C0B42ABAA16065968F3A"="C:\Program Files\Alias\Maya7.0\presets\Ashli\"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Alias\\Maya 6.0 Personal Learning Edition\\bin\\maya.exe"="C:\\Program Files\\Alias\\Maya 6.0 Personal Learning Edition\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App.exe"="C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App.exe:*:Enabled:Design Software"
"C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App2.exe"="C:\\Program Files\\FlexiSIGN 7.6v2\\Program\\App2.exe:*:Enabled:Production"
"C:\\Program Files\\Dantz\\Client\\retroclient.exe"="C:\\Program Files\\Dantz\\Client\\retroclient.exe:*:Enabled:Retrospect Client"
"C:\\Program Files\\Timbuktu Pro\\tb2pro.exe"="C:\\Program Files\\Timbuktu Pro\\tb2pro.exe:*:Enabled:Timbuktu Pro"
"C:\\Program Files\\Timbuktu Pro\\MiniTB2.exe"="C:\\Program Files\\Timbuktu Pro\\MiniTB2.exe:*:Enabled:MiniTB2"
"C:\\Program Files\\Timbuktu Pro\\TB2Scan.exe"="C:\\Program Files\\Timbuktu Pro\\TB2Scan.exe:*:Enabled:Timbuktu Pro Scanner"
"C:\\aflaser\\laserdesign\\air\\bin\\airshow.exe"="C:\\aflaser\\laserdesign\\air\\bin\\airshow.exe:*:Enabled:airshow"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\Vincent\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Vincent\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT4.tmp"
[b]Finished![/b]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
6 mars 2008 à 18:24
6 mars 2008 à 18:24
encore plus le bordel dans ce post
que chacun fasse le sien !!!
que chacun fasse le sien !!!
Salut, j'ai moi aussi attraper ce virus, et j'ai essayé plusieurs metodes sans succes ! J'aimerai vraiment recevoir une aide precieuse, je peux faire des scan et tout ce que vous voulez du moment que mon virus se detruise rapidement. ( Cette ordinateur est celui de ma soeur qui revient de vacances demain soir, je ne voudrais pas qu'elle decouvre un virus dessus en rentrant ). Merci d'avance pour votre aide.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 mars 2008 à 14:15
8 mars 2008 à 14:15
QUE CHACUN FASSE SON PROPRE POST!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
je ne repondrai plus dans celui ci
je ne repondrai plus dans celui ci
oui bonjour mon ordi ne veut plus s'allumer a cose de ce virus pouvez vous me dire comment je peu le rallumé et le formater en mm tem svp?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 mars 2008 à 19:04
8 mars 2008 à 19:04
http://www.depannetonpc.net/...
sinon cré ton propre post et peut etre pourra le virer en mode sans echec sans formater
mais ce post est FERME FERME
sinon cré ton propre post et peut etre pourra le virer en mode sans echec sans formater
mais ce post est FERME FERME
est ce ke quelqu'un peut m'aider???!!!!!!
J'i lu tous les articles, essayé plein de manipulations mais rien n'y fait.
Je suis vraiment désepéréé!!!
Merci d'avance du temps que vous prenez
J'i lu tous les articles, essayé plein de manipulations mais rien n'y fait.
Je suis vraiment désepéréé!!!
Merci d'avance du temps que vous prenez
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 mars 2008 à 22:27
8 mars 2008 à 22:27
cf message 49
Ola tout le monde,
Je me suis fait également avoir... cependant, le virus m'a créé un compte administrateur avec un mot de passe et quand je clic sur mon compte utilisateur, il me le referme automatiquement... Je ne peut donc plus accéder à mon bureau !!!
Peut on scanner le disque dur à partir d'une disquette sous dos.
Ou bien quelqu'un a t il le mot de passe qui me permettrai de débloquer ce p..... de compte.
Merci d'avance !
Je me suis fait également avoir... cependant, le virus m'a créé un compte administrateur avec un mot de passe et quand je clic sur mon compte utilisateur, il me le referme automatiquement... Je ne peut donc plus accéder à mon bureau !!!
Peut on scanner le disque dur à partir d'une disquette sous dos.
Ou bien quelqu'un a t il le mot de passe qui me permettrai de débloquer ce p..... de compte.
Merci d'avance !
Es que quelcun peu me dire que faire contre ce virus __je suis infectee __ plis simplifier la solution __ je connais rien en ordinateurs __ merci
je suis infectee __ vous pouver me aider __ simplifier si vous pouver les reponses _car je suis nulle aux ordinateurs merci
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mars 2008 à 22:26
15 mars 2008 à 22:26
cf message 49
Bonjour voila jai fait ce que vous m'aver espliquer et le je me retrouve avec un compliquer probleme .
jai mis mon en mode sans echec jai aiseyer de passer sdfix mais a chaque fois que je voulet cliquer sur run this bat pour lancer le netoiyage !! pas moiyen je maproje avec ma souris et il disparece ver un endrois ou pas moiyen de cliquer sur lui !! dons a la fin ce que jai fais ce de fermee le programe !! Mais la jai eu la surprise que je ne savait plus entree dans ma seccion de demarage de mon ordinateur !! donc quand je met en route il souvret me dit de choissir ma seccion je clique surcarmen il fait de recherches mais a la minute il se met hors connaission !! je suis retourneea mon programe de f8 !! je met nimporte quel chois pour voir sil redemarre et je clique enter et helas rien !! on diret que programe es rester bloquer !! es que vous sauree me dire que faire !! merci pour votre aide
Carmen
jai mis mon en mode sans echec jai aiseyer de passer sdfix mais a chaque fois que je voulet cliquer sur run this bat pour lancer le netoiyage !! pas moiyen je maproje avec ma souris et il disparece ver un endrois ou pas moiyen de cliquer sur lui !! dons a la fin ce que jai fais ce de fermee le programe !! Mais la jai eu la surprise que je ne savait plus entree dans ma seccion de demarage de mon ordinateur !! donc quand je met en route il souvret me dit de choissir ma seccion je clique surcarmen il fait de recherches mais a la minute il se met hors connaission !! je suis retourneea mon programe de f8 !! je met nimporte quel chois pour voir sil redemarre et je clique enter et helas rien !! on diret que programe es rester bloquer !! es que vous sauree me dire que faire !! merci pour votre aide
Carmen
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 mars 2008 à 11:05
19 mars 2008 à 11:05
essaye de reparer windows
http://www.informatruc.com/reparer-windows-xp/
http://www.informatruc.com/reparer-windows-xp/
Mon ordinateur ne souvret pas __alors jai reinstaler windows xp __ jai reeusi juste un probleme ce celui du son je sais pas quel CDROM metre pour que je puise avoir le son __ savez vous maider __je vous remercie pour tout __car a chaque de mes demandes vous etes tres aimable de me repondre
carmen
sil vous plais simplifier car je suis nule a ça __merci
carmen
sil vous plais simplifier car je suis nule a ça __merci
Bonjour,
Mon ordi est infesté par les virus Win32 Purity Scan, Adware Gen, Small JMH et bien sûr par le virus MSN "ta tof fait koi sur ce site", pourquoi avoir peu de virus quand on peut en avoir beaucoup?
Suite aux instructions du forum, j'ai lancé une analyse adaware, j'ai téléchargé SDfix et je l'ai lancé en mode sans échec, une fois Sdfix terminé, j'ai lancé une analyse AVG. Cependant, je pense que les virus sont toujours présents.
Voici les rapports SDfix et HiJackthis:
Rapport SDfix:
Rapport de SDFIX du 19/03/2008
SDFix: Version 1.116
Run by Laurie D on 19/03/2008 at 20:16
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
Folder C:\Documents and Settings\Laurie D\Application Data\WinTouch - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 20:26:52
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000027
"TracesSuccessful"=dword:00000023
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\SFR\\SFR Connexion\\SFR Connexion.exe"="C:\\Program Files\\SFR\\SFR Connexion\\SFR Connexion.exe:*:Enabled:SFR Connexion"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
@=""
"C:\\WINDOWS\\system32\\wpmuzn.exe"="C:\\WINDOWS\\system32\\wpmuzn.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 28 Jan 2008 230,400 ..SHR --- "C:\Program Files\??crosoft\?ti2evxx.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 15 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 23 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT2.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp"
Mon 5 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT2.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
Sat 3 Jun 2006 26,624 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0002.tmp"
Mon 8 May 2006 1,205,760 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0003.tmp"
Sat 3 Jun 2006 27,136 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0005.tmp"
Mon 12 Jun 2006 2,324,480 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0497.tmp"
Mon 12 Jun 2006 1,980,416 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1171.tmp"
Mon 12 Jun 2006 2,335,232 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1230.tmp"
Mon 12 Jun 2006 2,324,992 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1271.tmp"
Mon 12 Jun 2006 1,980,928 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1354.tmp"
Mon 12 Jun 2006 2,335,232 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL2406.tmp"
Mon 12 Jun 2006 2,336,768 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL2777.tmp"
Mon 12 Jun 2006 1,973,248 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3354.tmp"
Mon 12 Jun 2006 1,980,928 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3460.tmp"
Mon 12 Jun 2006 2,336,768 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3564.tmp"
Sat 3 Jun 2006 26,624 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3575.tmp"
Mon 12 Jun 2006 1,976,320 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3685.tmp"
Finished!
Rapport HiJackthis:
Logfile of HijackThis v1.99.1
Scan saved at 07:34:28, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\Laurie D\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wpmuzn.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4534C5C1-7774-5CAF-0612-5800CBC18CCE} - C:\WINDOWS\system32\wyld.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoftPerfect Personal Firewall] "C:\Program Files\SoftPerfect Personal Firewall\fw.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [oncefirst] C:\DOCUME~1\LAURIE~1\APPLIC~1\SIXTHD~1\surfmapiexit.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [Oeso] "C:\DOCUME~1\LAURIE~1\APPLIC~1\SMANTE~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [Hkkdtz] "C:\Program Files\??crosoft\?ti2evxx.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.pixum.fr/?p_ref=crm_umleitung_photoreflex_1113
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
J'apprécierai vraiment votre aide car là, je ne sais plus quoi faire...
Merci d'avance!!!!!
Laurie
Mon ordi est infesté par les virus Win32 Purity Scan, Adware Gen, Small JMH et bien sûr par le virus MSN "ta tof fait koi sur ce site", pourquoi avoir peu de virus quand on peut en avoir beaucoup?
Suite aux instructions du forum, j'ai lancé une analyse adaware, j'ai téléchargé SDfix et je l'ai lancé en mode sans échec, une fois Sdfix terminé, j'ai lancé une analyse AVG. Cependant, je pense que les virus sont toujours présents.
Voici les rapports SDfix et HiJackthis:
Rapport SDfix:
Rapport de SDFIX du 19/03/2008
SDFix: Version 1.116
Run by Laurie D on 19/03/2008 at 20:16
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
Folder C:\Documents and Settings\Laurie D\Application Data\WinTouch - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 20:26:52
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000027
"TracesSuccessful"=dword:00000023
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\SFR\\SFR Connexion\\SFR Connexion.exe"="C:\\Program Files\\SFR\\SFR Connexion\\SFR Connexion.exe:*:Enabled:SFR Connexion"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
@=""
"C:\\WINDOWS\\system32\\wpmuzn.exe"="C:\\WINDOWS\\system32\\wpmuzn.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 28 Jan 2008 230,400 ..SHR --- "C:\Program Files\??crosoft\?ti2evxx.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 15 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 23 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT2.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp"
Mon 5 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT2.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
Sat 3 Jun 2006 26,624 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0002.tmp"
Mon 8 May 2006 1,205,760 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0003.tmp"
Sat 3 Jun 2006 27,136 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0005.tmp"
Mon 12 Jun 2006 2,324,480 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL0497.tmp"
Mon 12 Jun 2006 1,980,416 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1171.tmp"
Mon 12 Jun 2006 2,335,232 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1230.tmp"
Mon 12 Jun 2006 2,324,992 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1271.tmp"
Mon 12 Jun 2006 1,980,928 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL1354.tmp"
Mon 12 Jun 2006 2,335,232 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL2406.tmp"
Mon 12 Jun 2006 2,336,768 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL2777.tmp"
Mon 12 Jun 2006 1,973,248 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3354.tmp"
Mon 12 Jun 2006 1,980,928 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3460.tmp"
Mon 12 Jun 2006 2,336,768 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3564.tmp"
Sat 3 Jun 2006 26,624 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3575.tmp"
Mon 12 Jun 2006 1,976,320 ...H. --- "C:\Documents and Settings\Laurie D\Mes documents\IUT\Stage\Final\M‚moire+Soutenance\~WRL3685.tmp"
Finished!
Rapport HiJackthis:
Logfile of HijackThis v1.99.1
Scan saved at 07:34:28, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\Laurie D\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wpmuzn.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4534C5C1-7774-5CAF-0612-5800CBC18CCE} - C:\WINDOWS\system32\wyld.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoftPerfect Personal Firewall] "C:\Program Files\SoftPerfect Personal Firewall\fw.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [oncefirst] C:\DOCUME~1\LAURIE~1\APPLIC~1\SIXTHD~1\surfmapiexit.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [Oeso] "C:\DOCUME~1\LAURIE~1\APPLIC~1\SMANTE~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [Hkkdtz] "C:\Program Files\??crosoft\?ti2evxx.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.pixum.fr/?p_ref=crm_umleitung_photoreflex_1113
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
J'apprécierai vraiment votre aide car là, je ne sais plus quoi faire...
Merci d'avance!!!!!
Laurie