[Résolu] Fservice.exe Manquant ? Virus ? - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
 Page :   1  2
Page Suivante 
Page Précédente 
Bas de page 
Auteur
 Sujet : [Résolu] Fservice.exe Manquant ? Virus ?
 
heyro-
Profil : IDNaute
Plus d'informations
n°293737
22-03-2008 à 09:59:30

Bonjour à tous et à toutes,


Voilà j'ai un problème dans C:/Windows/System32/Fservice.exe
Il n'y est pas, je pense que cela est vital de l'avoir ! Et apparemment cela provient d'un virus !

Je voulais savoir comment le récupérer ou me débarrasser de ce virus ?



Merci d'avance,


Message édité par heyro- le 24-03-2008 à 22:55:30
Liens

Egwene
Profil : Helper
Plus d'informations
n°293743
22-03-2008 à 10:36:22

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
heyro-
Profil : IDNaute
Plus d'informations
n°293750
22-03-2008 à 10:41:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at Niixo 10:41:17, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\services.exe
D:\Apache\Apache.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Apache\Apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\srksrv.exe
D:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
D:\nessusd.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system\System\ctf\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system\System\FZS\FlashPlayer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\iTunesHelper.exe
C:\WINDOWS\lsassxp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Alix\Bureau\Hellou Repack V6\Hellus\Hellou Repack V6\Server.exe.exe
C:\Documents and Settings\Alix\Bureau\Hellou Repack V6\Hellus\Hellou Repack V6\Server.exe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\service.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\service.exe
D:\hamachi.exe
D:\WinRAR.exe
C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: {99712aab-46e6-5e98-a714-13c042a14c61} - {16c41a24-0c31-417a-89e5-6e64baa21799} - C:\WINDOWS\system32\cabxsess.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: (no name) - {67fb8436-9794-487a-a8b2-a6f825cb0261} - C:\WINDOWS\system32\tmp9B.tmp.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcbxvv.dll (file missing)
O2 - BHO: (no name) - {707476e3-cc1e-4074-8da8-5c6fc77e19e7} - C:\WINDOWS\system32\cry_32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D66D8AD9-6D61-4681-B47F-419B204BC56F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [htxduvs] c:\windows\system32\htxduvs.exe htxduvs
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [system] C:\WINDOWS\svcr.exe
O4 - HKLM\..\Run: [lsassxp] C:\WINDOWS\lsassxp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [901d8676] rundll32.exe "C:\WINDOWS\system32\rkkneota.dll",b
O4 - HKLM\..\Run: [BM932eb5ea] Rundll32.exe "C:\WINDOWS\system32\ucqrbaan.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [lmdsxiwxig] c:\documents and settings\alix\local settings\application data\lmdsxiwxig.exe lmdsxiwxig
O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
O4 - HKCU\..\Run: [system] C:\WINDOWS\svcr.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKCU\..\Policies\Explorer\Run: [COM Service] C:\WINDOWS\msagent\mslukw.com
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = ?
O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fich [...] _0_4_9.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD85E32-FEA7-43BC-A374-C93C6F14EEEE}: NameServer = 85.255.115.157,85.255.112.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\vtsqppq.dll
O20 - Winlogon Notify: cry_32 - cry_32.dll (file missing)
O20 - Winlogon Notify: efcbxvv - efcbxvv.dll (file missing)
O20 - Winlogon Notify: kbdcab - kbdcab.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alix\Application Data\tmp2E59.tmp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

--
End of file - 15806 bytes

heyro-
Profil : IDNaute
Plus d'informations
n°293763
22-03-2008 à 11:04:46

Je sais que tu n'est pas beaucoup disponible mais cela est très urgent :s

Egwene
Profil : Helper
Plus d'informations
n°293772
22-03-2008 à 11:15:25

Re,

Si c'est urgent, tu vas voir un informaticien qui en prendra pour son argent... :o

Ton PC est vraiment très vérolé. Donc la désinfection se sera pas forcément rapide, mais je te suivrai jusqu'au bout.

1) Télécharge SDFix (créé par AndyManchesta ) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.

Déroule la liste des instructions ci-dessous :

  • Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

N.B.:
- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

2) Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

Télécharge le FixWareout (LonnyRJones) sur le Bureau.
**Si le lien ne fonctionne pas, clique ici**

Lance le fix (FixWareout.exe), clique sur Next puis Install.
Assure-toi que Run fixit soit bien activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

3) Télécharge Navilog1 de IL-MAFIOSO : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Selon l’antivirus que tu utilises navilog1 peut être détecté comme virus !!!
Dans ce cas-là désactive le pendant le téléchargement et le scan!!!!

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc note.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

4) Poste un nouveau rapport hijackthis.

N.B : Si tu prévois de formater, ou d'aller chez un informaticien si tu es si pressé(e) que ça, merci de me le dire que je ne perde pas mon temps avec toi.


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
heyro-
Profil : IDNaute
Plus d'informations
n°293779
22-03-2008 à 11:19:54

Non, je ne pensé pas que cela était si long :) Je prendrais le temps qu'il faudra avec toi :) J'espère que tu tiendras jusqu'au bout ;)


Merci beaucoup !

Egwene
Profil : Helper
Plus d'informations
n°293783
22-03-2008 à 11:31:43

Re,

Pas de souci, je n'abandonne jamais les personnes que je prends en charge.

Par contre, il se peut que certains jours je ne passe qu'une fois dans la journée.

;)


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
heyro-
Profil : IDNaute
Plus d'informations
n°293819
22-03-2008 à 12:13:02

Ok, pas de soucis ! J'ai fais la première étape pour le rapport avec SDFIX Voici mon rapport :


SDFix: Version 1.159

Run by Alix on 22/03/2008 at Niixo 11:28

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Alix\Bureau\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Alix\Application Data\tmp1067.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp10E.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp11D8.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp122.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp123.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp1239.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp123C.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp124.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp1241.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp125.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp12FB.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp1327.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp1329.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp13D3.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp13F4.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp14AC.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp16E2.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp17FB.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp186.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp1C64.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp1D24.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp1F6D.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp207C.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2155.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp215A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2184.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp221.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp223.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp23.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2368.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2384.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp23A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp23D6.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp272B.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp279.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp27E.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp282.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2BB.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2D.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2DAF.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2E59.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2E81.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2E85.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp2E8E.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp32.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp322.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp344.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp354.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp3575.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp39A7.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp3E3C.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp42.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp43.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp48.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp4D.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp4D32.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp4F.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp4F93.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp50.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp54.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp571.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp58.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp591.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp5A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp5BB.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp5F.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp60.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp64.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp64B0.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp6621.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp6624.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp6625.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp67E.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp6A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp6D.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp6DC.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp71.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp72.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp76A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp7AD.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp7B.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp7C67.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp7D.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp7F.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp830.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp88.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp8A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp8E2.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp9B.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmp9FA.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpA03.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpA0D.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpA39.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpA96.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpAA1A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpAF1B.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpB3.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpB70.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpBB2.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpC1.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpCD09.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpD0.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpD48A.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpE4E.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpE971.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpE9B3.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpE9BA.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpE9BD.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpEA5.tmp.exe - Deleted
C:\Documents and Settings\Alix\Application Data\tmpEB.tmp.exe - Deleted
C:\Documents and Settings\Alix\Local Settings\Temp\tem1D96.tmp.exe - Deleted
C:\Documents and Settings\Alix\Local Settings\Temp\tem1DA6.tmp.exe - Deleted
C:\Documents and Settings\Alix\Local Settings\Temp\tem1DB0.tmp.exe - Deleted
C:\Documents and Settings\Alix\Local Settings\Temp\upd54.tmp.exe - Deleted
C:\WINDOWS\system32\tmp1067.tmp.dll - Deleted
C:\WINDOWS\system32\tmp1241.tmp.dll - Deleted
C:\WINDOWS\system32\tmp2E8E.tmp.dll - Deleted
C:\WINDOWS\system32\tmp4D.tmp.dll - Deleted
C:\WINDOWS\system32\tmp4F.tmp.dll - Deleted
C:\WINDOWS\system32\tmp9B.tmp.dll - Deleted
C:\WINDOWS\system32\tmpE9BD.tmp.dll - Deleted
C:\DOCUME~1\Alix\LOCALS~1\Temp\GLFA08.tmp.dll - Deleted
C:\WINDOWS\retadpu2000373.exe - Deleted
C:\WINDOWS\ktd32.atm - Deleted
C:\WINDOWS\SecureWin31.dll - Deleted
C:\WINDOWS\SecureWin32.exe - Deleted
C:\WINDOWS\service.exe - Deleted
C:\WINDOWS\services.exe - Deleted
C:\WINDOWS\svcr.exe - Deleted
C:\WINDOWS\system\sservice.exe - Deleted
C:\WINDOWS\system32\fservice.exe - Deleted
C:\WINDOWS\system32\reginv.dll - Deleted
C:\WINDOWS\system32\service.exe - Deleted
C:\WINDOWS\system32\winkey.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 11:45:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:d7125df9
"s2"=dword:0486fca7
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:42,84,80,3c,49,42,f8,03,d3,7b,3f,73,d6,91,15,86,22,3f,9a,6b,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:42,84,80,3c,49,42,f8,03,d3,7b,3f,73,d6,91,15,86,22,3f,9a,6b,eb,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{421F5D79-C101-9436-A395-83B082B43710}]
"nacjbaphbdplllkkkcfacifdecfc"=hex:6b,61,6f,6f,68,64,64,69,6f,6d,64,68,63,6b,64,61,6c,6e,6a,61,62,..
"maiihjaaegdnodapheiagecdph"=hex:6b,61,6f,6f,69,64,6f,6d,6b,70,6c,6e,6b,70,65,6d,65,6b,6f,6f,69,..

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2927


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"="C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\NetAppel\\NetAppel.exe"="C:\\Program Files\\NetAppel\\NetAppel.exe:*:Enabled:NetAppel"
"C:\\Program Files\\TribalWeb.net\\tribalweb.exe"="C:\\Program Files\\TribalWeb.net\\tribalweb.exe:*:Disabled:TribalWeb.net : R‚seau priv‚ sur Internet"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Disabled:umi"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\TorrentQ\\TorrentQ.exe"="C:\\Program Files\\TorrentQ\\TorrentQ.exe:*:Enabled:Torrent P2P application"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\VoipStunt\\VoipStunt.exe"="D:\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"D:\\Program Files\\GameSpy Arcade\\Aphex.exe"="D:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\\Program Files\\flashget.exe"="D:\\Program Files\\flashget.exe:*:Enabled:Flashget"
"D:\\VNC4\\vncviewer.exe"="D:\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Personal Edition for Win32"
"D:\\VNC4\\winvnc4.exe"="D:\\VNC4\\winvnc4.exe:*:Enabled:VNC Server"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\UltraVNC\\winvnc.exe"="D:\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"D:\\SonicText\\BF2.exe"="D:\\SonicText\\BF2.exe:*:Enabled:Battlefield 2"
"D:\\hair\\CivCity Rome.exe"="D:\\hair\\CivCity Rome.exe:*:Enabled:CivCity Rome"
"C:\\WINDOWS\\system32\\mcoinstall.exe"="C:\\WINDOWS\\system32\\mcoinstall.exe:*:Enabled:mcoinstall"
"D:\\Ares\\Ares.exe"="D:\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\\hl.exe"="D:\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Azureus\\Azureus.exe"="D:\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Dreamweaver 8\\Dreamweaver.exe"="D:\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"D:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="D:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="D:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"D:\\bittorrent.exe"="D:\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\Alix\\Bureau\\DebboProject Remix Suang\\DebboProject Remix Suang\\Server Edit by Suang.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject Remix Suang\\DebboProject Remix Suang\\Server Edit by Suang.exe:*:Enabled:Server Edit by Suang"
"C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PublicServer.exe"="C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PublicServer.exe:*:Enabled:PublicServer"
"C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PrivateServer.exe"="C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PrivateServer.exe:*:Enabled:PrivateServer"
"C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v1.5\\Server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v1.5\\Server.exe:*:Enabled:Server"
"C:\\Documents and Settings\\Alix\\Bureau\\server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\server.exe:*:Enabled:server"
"D:\\counter\\SteamApps\\clementpolizzi\\counter-strike source\\hl2.exe"="D:\\counter\\SteamApps\\clementpolizzi\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Documents and Settings\\Alix\\Bureau\\test_firewall.exe"="C:\\Documents and Settings\\Alix\\Bureau\\test_firewall.exe:*:Enabled:test_firewall"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2 patch1\\Server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2 patch1\\Server.exe:*:Enabled:Server"
"C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2\\Server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2\\Server.exe:*:Enabled:Server"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Documents and Settings\\Alix\\Bureau\\DBPV3_SE.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DBPV3_SE.exe:*:Enabled:DBPV3_SE"
"C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"="C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe:*:Enabled:Adobe Bridge"
"C:\\Documents and Settings\\Alix\\Bureau\\Jeux pc\\flashget.exe"="C:\\Documents and Settings\\Alix\\Bureau\\Jeux pc\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Documents and Settings\\Alix\\Application Data\\tmp2E59.tmp.exe"="C:\\Documents and Settings\\Alix\\Applicat"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\BF2.exe"="D:\\Program Files\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Documents and Settings\\Alix\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\Alix\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"D:\\Adobe CS3\\BF2.exe"="D:\\Adobe CS3\\BF2.exe:*:Enabled:Battlefield 2"
"D:\\VoipDiscount\\VoipDiscount.exe"="D:\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount"
"D:\\iTunes.exe"="D:\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - C:\DOCUME~1\Alix\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 6 Dec 2006 1,248 A.SH. --- "C:\hv0fao30.sys"
Wed 5 Jul 2006 1,248 A.SH. --- "C:\hv0jaw3o.sys"
Wed 31 Oct 2007 20,153 ..SH. --- "C:\WINDOWS\system32\srqss.tmp"
Tue 19 Dec 2006 8,349 ..SH. --- "C:\WINDOWS\system32\srqss.bak1"
Wed 12 Mar 2008 162,965 ..SH. --- "C:\WINDOWS\system32\srqss.bak2"
Wed 24 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 28 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITC.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITF.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT13.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITB.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT10.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BITD.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3D.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT12.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BITE.tmp"
Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT11.tmp"

Finished!



Ensuite je fais la partie N.B. ?

Egwene
Profil : Helper
Plus d'informations
n°293830
22-03-2008 à 12:24:25

Re,

Tu as fait le 1)

Fais le 2), le 3) et le 4)

Une fois tout cela fait je te dirai quoi faire après. Comme je te l'ai dit, vu ton niveau d'infection, ça ne va pas être rapide :p

;)


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
heyro-
Profil : IDNaute
Plus d'informations
n°293844
22-03-2008 à 12:35:14