Warning, spyware detected on your computer !
Fermé
cartouches27
Messages postés
30
Date d'inscription
jeudi 21 août 2008
Statut
Membre
Dernière intervention
24 septembre 2011
-
21 août 2008 à 17:06
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 22 août 2008 à 09:32
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 22 août 2008 à 09:32
Bonjour,
Depuis plusieurs semaines j'ai des messages qui s'affichent sur mon pc : " your computer is infected, windows has detected spyware infection ! ... click here to protect your computer from spyware ! et normalement ça installe xp security center.
Mais maintenant j'ai un message en fond d'écran avec " warning, spyware detected on your computer ! ".
Je ne suis pas très calé en informatique, pourriez-vous m'aider à nettoyer tout ça ?
Merci.
Depuis plusieurs semaines j'ai des messages qui s'affichent sur mon pc : " your computer is infected, windows has detected spyware infection ! ... click here to protect your computer from spyware ! et normalement ça installe xp security center.
Mais maintenant j'ai un message en fond d'écran avec " warning, spyware detected on your computer ! ".
Je ne suis pas très calé en informatique, pourriez-vous m'aider à nettoyer tout ça ?
Merci.
A voir également:
- Warning, spyware detected on your computer !
- Over current have been detected on your usb device - Forum Windows
- The requested url was rejected. please consult with your administrator. ✓ - Forum Réseaux sociaux
- Boot failure detected - Forum BIOS
- Warning your dimm1 and dimm2 module organization is not same - Forum PC portable
- Please install an operating system on your hard disk - Forum Matériel & Système
14 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 août 2008 à 18:29
21 août 2008 à 18:29
slt
c'est pas gagné pour quoi ton windows n'est pas a jour???? il faut avoir le sp2
bon il y a du boulot!!!
1/ installe un parefeu:
KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm
2/
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
3/ vire ad aware qui est depassé surtout que tu as la version de l'année derniere.. et
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
4/ installe un antivirus : antivir et colle le rapport
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
5/ mets a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
6: remets un rapport hijackhtis
c'est pas gagné pour quoi ton windows n'est pas a jour???? il faut avoir le sp2
bon il y a du boulot!!!
1/ installe un parefeu:
KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm
2/
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
3/ vire ad aware qui est depassé surtout que tu as la version de l'année derniere.. et
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
4/ installe un antivirus : antivir et colle le rapport
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
5/ mets a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
6: remets un rapport hijackhtis
~Slash~
Messages postés
127
Date d'inscription
samedi 16 août 2008
Statut
Membre
Dernière intervention
14 avril 2011
33
21 août 2008 à 17:18
21 août 2008 à 17:18
Salut,
pour moi ce sont les logiciels que j utilise et tou marche tres bien:
1) telecharge Spybot Search&Destroy https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
2) Installe le et met le a jour.
3) Tu as quoi comme antivirus ??????
4) Utilise aussi CCleaner, ce n est pas en rapport direct avec les spyware mais sa aide a garde ton ordinateur en bonne sante : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
5) Utilise au minimum un deuxieme anti-spyware :
http://www.infos-du-net.com/telecharger/Ad-Aware,0301-9812.html
6) Met tout a jour.
Tu devrait plus trop avoir de probleme maintenant :).
PS: prend aussi un bon firewall.
pour moi ce sont les logiciels que j utilise et tou marche tres bien:
1) telecharge Spybot Search&Destroy https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
2) Installe le et met le a jour.
3) Tu as quoi comme antivirus ??????
4) Utilise aussi CCleaner, ce n est pas en rapport direct avec les spyware mais sa aide a garde ton ordinateur en bonne sante : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
5) Utilise au minimum un deuxieme anti-spyware :
http://www.infos-du-net.com/telecharger/Ad-Aware,0301-9812.html
6) Met tout a jour.
Tu devrait plus trop avoir de probleme maintenant :).
PS: prend aussi un bon firewall.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 août 2008 à 17:22
21 août 2008 à 17:22
slt,
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/(...)
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
__________________
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/(...)
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
__________________
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
cartouches27
Messages postés
30
Date d'inscription
jeudi 21 août 2008
Statut
Membre
Dernière intervention
24 septembre 2011
21 août 2008 à 17:36
21 août 2008 à 17:36
En attendant vos manipulations, voici un rapport d'un scan rapide a squared :
Version - a-squared Free 3.5
Dernière mise à jour : 20/08/2008 10:49:38
Paramètres des balayages :
Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche
Début du balayage : 21/08/2008 17:18:37
[1736] C:\WINDOWS\System32\aspimgr.exe Objets détectés : Backdoor.Win32.Agent.ktm
C:\Documents and Settings\Nourdine\Cookies\nourdine@adserver.bluestar-interactive[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@adtech[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@advertising[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@atdmt[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@commentcamarche[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@metriweb[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@smartadserver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@weborama[1].txt Objets détectés : Trace.TrackingCookie
C:\WINDOWS\karina.dat Objets détectés : Backdoor.Win32.Small.eug
C:\WINDOWS\system32\aspimgr.exe Objets détectés : Backdoor.Win32.Agent.ktm
C:\WINDOWS\system32\karina.dat Objets détectés : Backdoor.Win32.Small.eug
C:\WINDOWS\system32\winivstr.exe Objets détectés : Riskware.FraudTool.Win32.XPSecurityCenter.p
Analysé
Fichiers : 65495
Traces : 430921
Cookies : 340
Processus : 37
Objets trouvés
Fichiers : 4
Traces : 0
Cookies : 8
Processus : 1
Clés de Registre : 0
Fin du balayage : 21/08/2008 17:35:11
Temps du balayage : 0:16:34
Version - a-squared Free 3.5
Dernière mise à jour : 20/08/2008 10:49:38
Paramètres des balayages :
Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche
Début du balayage : 21/08/2008 17:18:37
[1736] C:\WINDOWS\System32\aspimgr.exe Objets détectés : Backdoor.Win32.Agent.ktm
C:\Documents and Settings\Nourdine\Cookies\nourdine@adserver.bluestar-interactive[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@adtech[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@advertising[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@atdmt[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@commentcamarche[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@metriweb[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@smartadserver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Nourdine\Cookies\nourdine@weborama[1].txt Objets détectés : Trace.TrackingCookie
C:\WINDOWS\karina.dat Objets détectés : Backdoor.Win32.Small.eug
C:\WINDOWS\system32\aspimgr.exe Objets détectés : Backdoor.Win32.Agent.ktm
C:\WINDOWS\system32\karina.dat Objets détectés : Backdoor.Win32.Small.eug
C:\WINDOWS\system32\winivstr.exe Objets détectés : Riskware.FraudTool.Win32.XPSecurityCenter.p
Analysé
Fichiers : 65495
Traces : 430921
Cookies : 340
Processus : 37
Objets trouvés
Fichiers : 4
Traces : 0
Cookies : 8
Processus : 1
Clés de Registre : 0
Fin du balayage : 21/08/2008 17:35:11
Temps du balayage : 0:16:34
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
cartouches27
Messages postés
30
Date d'inscription
jeudi 21 août 2008
Statut
Membre
Dernière intervention
24 septembre 2011
21 août 2008 à 17:49
21 août 2008 à 17:49
Je n'arrive pas installer hijackthis ainsi que navilog !
cartouches27
Messages postés
30
Date d'inscription
jeudi 21 août 2008
Statut
Membre
Dernière intervention
24 septembre 2011
21 août 2008 à 18:05
21 août 2008 à 18:05
Logfile of HijackThis v1.99.1
Scan saved at 18:05:55, on 21/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\aspimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\APPS\OD2\OD2State.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\braviax.exe
C:\WINDOWS\System32\lphcp9aj0ep6n.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nourdine\Bureau\hijack this\eden.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
O4 - HKLM\..\Run: [lphcp9aj0ep6n] C:\WINDOWS\System32\lphcp9aj0ep6n.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\karina.dat
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de transfert intelligent en arrière-plan BITSMSIServer (BITSMSIServer) - Unknown owner - C:\WINDOWS\System32\1042d.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Connexions réseau NetmanERSvc (NetmanERSvc) - Unknown owner - C:\WINDOWS\System32\actxprxyk.exe (file missing)
O23 - Service: Connexion secondaire seclogonUPS (seclogonUPS) - Unknown owner - C:\WINDOWS\System32\adsnty.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNaawservice (WmdmPmSNaawservice) - Unknown owner - C:\WINDOWS\System32\1042h.exe (file missing)
Scan saved at 18:05:55, on 21/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\aspimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\APPS\OD2\OD2State.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\braviax.exe
C:\WINDOWS\System32\lphcp9aj0ep6n.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nourdine\Bureau\hijack this\eden.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
O4 - HKLM\..\Run: [lphcp9aj0ep6n] C:\WINDOWS\System32\lphcp9aj0ep6n.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\karina.dat
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de transfert intelligent en arrière-plan BITSMSIServer (BITSMSIServer) - Unknown owner - C:\WINDOWS\System32\1042d.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Connexions réseau NetmanERSvc (NetmanERSvc) - Unknown owner - C:\WINDOWS\System32\actxprxyk.exe (file missing)
O23 - Service: Connexion secondaire seclogonUPS (seclogonUPS) - Unknown owner - C:\WINDOWS\System32\adsnty.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNaawservice (WmdmPmSNaawservice) - Unknown owner - C:\WINDOWS\System32\1042h.exe (file missing)
cartouches27
Messages postés
30
Date d'inscription
jeudi 21 août 2008
Statut
Membre
Dernière intervention
24 septembre 2011
21 août 2008 à 18:13
21 août 2008 à 18:13
Pour l'installation de navilog, j'ai un ecran bleu avec le message suivant :
paths incorrect fix interrompus !!!
paths incorrect fix interrompus !!!
cartouches27
Messages postés
30
Date d'inscription
jeudi 21 août 2008
Statut
Membre
Dernière intervention
24 septembre 2011
21 août 2008 à 19:31
21 août 2008 à 19:31
[b]SDFix: Version 1.218 [/b]
Run by Nourdine on 21/08/2008 at 19:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Nourdine\Bureau\SDFix
[b]Checking Services [/b]:
[b]Name [/b]:
aspimgr
[b]Path [/b]:
C:\WINDOWS\System32\aspimgr.exe
aspimgr - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default ScreenSaver value
Resetting AppInit_DLLs value
Rebooting
[b]Infected beep.sys Found![/b]
beep.sys File Locations:
"C:\WINDOWS\system32\dllcache\beep.sys" 27136 13/08/2008 00:05
"C:\WINDOWS\system32\drivers\beep.sys" 27136 13/08/2008 00:05
Infected File Listed Below:
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
File copied to Backups Folder
Attempting to replace beep.sys with original version
Original beep.sys Restored
"C:\WINDOWS\system32\dllcache\beep.sys" 4224 07/08/2008 16:27
"C:\WINDOWS\system32\drivers\beep.sys" 4224 07/08/2008 16:27
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\lphcp9aj0ep6n.exe - Deleted
C:\WINDOWS\system32\blphcp9aj0ep6n.scr - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt10.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt15.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt17.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt6.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt7.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttD.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttB.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttD.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries1.zip - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries2.zip - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries3.zip - Deleted
C:\WINDOWS\braviax.exe - Deleted
C:\WINDOWS\buritos.exe - Deleted
C:\WINDOWS\karina.dat - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system32\aspimgr.exe - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\buritos.exe - Deleted
C:\WINDOWS\system32\delself.bat - Deleted
C:\WINDOWS\system32\karina.dat - Deleted
C:\WINDOWS\system32\winivstr.exe - Deleted
C:\WINDOWS\ws386.ini - Deleted
Folder C:\Documents and Settings\Nourdine\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed
Removing Temp Files
[b]ADS Check [/b]:
C:\WINDOWS
:sarg0s.sys 116224
Total size: 116224 bytes.
WINDOWS: deleted 116224 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS
No streams found.
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 19:28:09
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Nourdine\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 24 Jul 2007 193 A.SHR --- "C:\BOOT.BAK"
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 27 Jun 2008 20,480 A.SH. --- "C:\WINDOWS\system32\1036t.dll"
Fri 27 Jun 2008 41,984 ..SHR --- "C:\WINDOWS\system32\1042d.exe"
Wed 2 Feb 2000 36,864 ..SHR --- "C:\WINDOWS\system32\soni32drv.dll"
Sun 20 Jan 2008 48,128 ...H. --- "C:\Documents and Settings\Nourdine\Bureau\Taxi1\~WRL0403.tmp"
Sun 20 Jan 2008 48,128 ...H. --- "C:\Documents and Settings\Nourdine\Bureau\Taxi1\~WRL0777.tmp"
Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
[b]Finished![/b]
Run by Nourdine on 21/08/2008 at 19:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Nourdine\Bureau\SDFix
[b]Checking Services [/b]:
[b]Name [/b]:
aspimgr
[b]Path [/b]:
C:\WINDOWS\System32\aspimgr.exe
aspimgr - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default ScreenSaver value
Resetting AppInit_DLLs value
Rebooting
[b]Infected beep.sys Found![/b]
beep.sys File Locations:
"C:\WINDOWS\system32\dllcache\beep.sys" 27136 13/08/2008 00:05
"C:\WINDOWS\system32\drivers\beep.sys" 27136 13/08/2008 00:05
Infected File Listed Below:
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
File copied to Backups Folder
Attempting to replace beep.sys with original version
Original beep.sys Restored
"C:\WINDOWS\system32\dllcache\beep.sys" 4224 07/08/2008 16:27
"C:\WINDOWS\system32\drivers\beep.sys" 4224 07/08/2008 16:27
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\lphcp9aj0ep6n.exe - Deleted
C:\WINDOWS\system32\blphcp9aj0ep6n.scr - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt10.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt15.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt17.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt6.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt7.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttD.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttB.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttD.tmp.vbs - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries1.zip - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries2.zip - Deleted
C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries3.zip - Deleted
C:\WINDOWS\braviax.exe - Deleted
C:\WINDOWS\buritos.exe - Deleted
C:\WINDOWS\karina.dat - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system32\aspimgr.exe - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\buritos.exe - Deleted
C:\WINDOWS\system32\delself.bat - Deleted
C:\WINDOWS\system32\karina.dat - Deleted
C:\WINDOWS\system32\winivstr.exe - Deleted
C:\WINDOWS\ws386.ini - Deleted
Folder C:\Documents and Settings\Nourdine\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed
Removing Temp Files
[b]ADS Check [/b]:
C:\WINDOWS
:sarg0s.sys 116224
Total size: 116224 bytes.
WINDOWS: deleted 116224 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS
No streams found.
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 19:28:09
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Nourdine\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 24 Jul 2007 193 A.SHR --- "C:\BOOT.BAK"
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 27 Jun 2008 20,480 A.SH. --- "C:\WINDOWS\system32\1036t.dll"
Fri 27 Jun 2008 41,984 ..SHR --- "C:\WINDOWS\system32\1042d.exe"
Wed 2 Feb 2000 36,864 ..SHR --- "C:\WINDOWS\system32\soni32drv.dll"
Sun 20 Jan 2008 48,128 ...H. --- "C:\Documents and Settings\Nourdine\Bureau\Taxi1\~WRL0403.tmp"
Sun 20 Jan 2008 48,128 ...H. --- "C:\Documents and Settings\Nourdine\Bureau\Taxi1\~WRL0777.tmp"
Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
[b]Finished![/b]
cartouches27
Messages postés
30
Date d'inscription
jeudi 21 août 2008
Statut
Membre
Dernière intervention
24 septembre 2011
21 août 2008 à 20:04
21 août 2008 à 20:04
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1076
Windows 5.1.2600 Service Pack 1
19:58:28 21/08/2008
mbam-log-08-21-2008 (19-58-19).txt
Type de recherche: Examen rapide
Eléments examinés: 46690
Temps écoulé: 4 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\1036t.dll (Trojan.FakeAlert) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\1036t.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\1042d.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Nourdine\Local Settings\Temporary Internet Files\Content.IE5\GX2FWT6R\Install[1].exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\phcp9aj0ep6n.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Nourdine\Local Settings\Temporary Internet Files\oxapa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\sbl.sys (Trojan.Agent) -> No action taken.
Version de la base de données: 1076
Windows 5.1.2600 Service Pack 1
19:58:28 21/08/2008
mbam-log-08-21-2008 (19-58-19).txt
Type de recherche: Examen rapide
Eléments examinés: 46690
Temps écoulé: 4 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\1036t.dll (Trojan.FakeAlert) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\1036t.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\1042d.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Nourdine\Local Settings\Temporary Internet Files\Content.IE5\GX2FWT6R\Install[1].exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\phcp9aj0ep6n.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Nourdine\Local Settings\Temporary Internet Files\oxapa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\sbl.sys (Trojan.Agent) -> No action taken.
Avira AntiVir Personal
Report file date: jeudi 21 août 2008 20:28
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Boot mode: Normally booted
Username: Nourdine
Computer name: SN202685270000
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, A:, F:, G:, H:, I:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 21 août 2008 20:28
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'OD2State.exe' - '1' Module(s) have been scanned
Scan process 'OD2DLEngine.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Nourdine\Bureau\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/.tt1.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.tt2.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.tt4.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.tt7.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.ttB.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.ttD.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/aspimgr.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
--> backups/beep.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
--> backups/braviax.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
--> backups/buritos.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> backups/karina.dat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> backups/movedfile.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> backups/winivstr.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '4910b781.qua'!
C:\Documents and Settings\Nourdine\Bureau\SDFix\backups\catchme.zip
[0] Archive type: ZIP
--> beep.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
--> beep.sys.1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4921b785.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000004.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48ddb9cb.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000007.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
[NOTE] The file was moved to '48ddb9cf.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000008.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ddb9d2.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000009.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
[NOTE] The file was moved to '48ddb9d4.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000010.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
[NOTE] The file was moved to '48ddb9d5.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000011.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ddb9d7.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000013.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48ddb9d9.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000021.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9de.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000022.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000023.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e1.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000024.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e3.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000025.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e5.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000026.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e7.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000027.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
[NOTE] The file was moved to '48ddb9e9.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000028.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48ddb9ec.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000030.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
[NOTE] The file was moved to '48ddb9ee.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000031.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ddb9f0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000036.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48ddb9f1.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1\A0000121.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ddb9f6.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1\A0000122.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48ddb9f8.qua'!
C:\WINDOWS\brasd32.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '490eba40.qua'!
C:\WINDOWS\vroksdd.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '491cba45.qua'!
C:\WINDOWS\~tmp2064.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE] The file was moved to '491aba4d.qua'!
C:\WINDOWS\system32\soni32drv.dll
[DETECTION] Is the TR/PSW.OnlineGames.arqb Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b430200.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: jeudi 21 août 2008 20:59
Used time: 30:56 Minute(s)
The scan has been done completely.
4545 Scanning directories
254244 Files were scanned
39 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
26 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
254203 Files not concerned
8253 Archives were scanned
7 Warnings
26 Notes
Report file date: jeudi 21 août 2008 20:28
Scanning for 1369550 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Boot mode: Normally booted
Username: Nourdine
Computer name: SN202685270000
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, A:, F:, G:, H:, I:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 21 août 2008 20:28
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'OD2State.exe' - '1' Module(s) have been scanned
Scan process 'OD2DLEngine.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Nourdine\Bureau\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/.tt1.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.tt2.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.tt4.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.tt7.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.ttB.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/.ttD.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
--> backups/aspimgr.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
--> backups/beep.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
--> backups/braviax.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
--> backups/buritos.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> backups/karina.dat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> backups/movedfile.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> backups/winivstr.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '4910b781.qua'!
C:\Documents and Settings\Nourdine\Bureau\SDFix\backups\catchme.zip
[0] Archive type: ZIP
--> beep.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
--> beep.sys.1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4921b785.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000004.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48ddb9cb.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000007.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
[NOTE] The file was moved to '48ddb9cf.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000008.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ddb9d2.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000009.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
[NOTE] The file was moved to '48ddb9d4.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000010.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
[NOTE] The file was moved to '48ddb9d5.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000011.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ddb9d7.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000013.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48ddb9d9.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000021.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9de.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000022.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000023.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e1.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000024.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e3.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000025.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e5.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000026.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was moved to '48ddb9e7.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000027.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
[NOTE] The file was moved to '48ddb9e9.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000028.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48ddb9ec.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000030.exe
[DETECTION] Is the TR/Dldr.JKDM.6 Trojan
[NOTE] The file was moved to '48ddb9ee.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000031.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48ddb9f0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000036.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48ddb9f1.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1\A0000121.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48ddb9f6.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1\A0000122.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '48ddb9f8.qua'!
C:\WINDOWS\brasd32.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '490eba40.qua'!
C:\WINDOWS\vroksdd.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '491cba45.qua'!
C:\WINDOWS\~tmp2064.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
[NOTE] The file was moved to '491aba4d.qua'!
C:\WINDOWS\system32\soni32drv.dll
[DETECTION] Is the TR/PSW.OnlineGames.arqb Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b430200.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: jeudi 21 août 2008 20:59
Used time: 30:56 Minute(s)
The scan has been done completely.
4545 Scanning directories
254244 Files were scanned
39 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
26 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
254203 Files not concerned
8253 Archives were scanned
7 Warnings
26 Notes
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 août 2008 à 21:12
21 août 2008 à 21:12
tu as viré ce qui a été trouvé par malwarebyte????
__________
Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
__________
recolle un hijackhtis
a plyus
__________
Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
__________
recolle un hijackhtis
a plyus
Merci beaucoup jlpjlp pour ton aide; grâce à tes conseils, je n'ai plus les messages d'erreurs, ni le fond d'ecran.
Encore merci et continue comme ça.
Voici un scan hijack :
Logfile of HijackThis v1.99.1
Scan saved at 22:30:16, on 21/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\APPS\OD2\OD2State.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de transfert intelligent en arrière-plan BITSMSIServer (BITSMSIServer) - Unknown owner - C:\WINDOWS\System32\1042d.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Connexions réseau NetmanERSvc (NetmanERSvc) - Unknown owner - C:\WINDOWS\System32\actxprxyk.exe (file missing)
O23 - Service: Connexion secondaire seclogonUPS (seclogonUPS) - Unknown owner - C:\WINDOWS\System32\adsnty.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNaawservice (WmdmPmSNaawservice) - Unknown owner - C:\WINDOWS\System32\1042h.exe (file missing)
Encore merci et continue comme ça.
Voici un scan hijack :
Logfile of HijackThis v1.99.1
Scan saved at 22:30:16, on 21/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\APPS\OD2\OD2State.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de transfert intelligent en arrière-plan BITSMSIServer (BITSMSIServer) - Unknown owner - C:\WINDOWS\System32\1042d.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Connexions réseau NetmanERSvc (NetmanERSvc) - Unknown owner - C:\WINDOWS\System32\actxprxyk.exe (file missing)
O23 - Service: Connexion secondaire seclogonUPS (seclogonUPS) - Unknown owner - C:\WINDOWS\System32\adsnty.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNaawservice (WmdmPmSNaawservice) - Unknown owner - C:\WINDOWS\System32\1042h.exe (file missing)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
22 août 2008 à 09:32
22 août 2008 à 09:32
vie ce qui est dans le dossier backup en allant dans poste de travail puis
C:\Documents and Settings\Nourdine\Bureau\SDFix\backups
_______________________
ton windows est legal: ? si oui mets a jour windows: DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE et installe le SP2
sinon mets absolument un des parefeufeu proposés
_______________________
vire ce qui est en quarantaine dans antivir, et malwarebyte antimalware
______________________
mets a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
______________________
recolles un nouveau hijackhtis
C:\Documents and Settings\Nourdine\Bureau\SDFix\backups
_______________________
ton windows est legal: ? si oui mets a jour windows: DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE et installe le SP2
sinon mets absolument un des parefeufeu proposés
_______________________
vire ce qui est en quarantaine dans antivir, et malwarebyte antimalware
______________________
mets a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
______________________
recolles un nouveau hijackhtis
