Aller au contenu

meufree

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

meufree's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. meufree
    Bonjour, Après avoir fait de nombreuse recherches et aussi plusieurs tentative en vain pour nettoyer mon PC je compte maintenant sur votre expertise pour enfin y parvenir. A chaque démarrage, une fenêtre d'erreur EXPLORER.EXE s'affiche. le rapport: AppName : explorer.exe AppVer : 6.0.2900.5512 ModName: unknown ModVer: 0.0.0.0 Offset: 00000000 (petite precision, la version d'internet explorer installée sur mon system est la 7.0.5730.13 ) Lorsque je ferme cette fenêtre d'erreur, AVAST me signale un virus. Rapport : Nom du fichier : C:\windows\Hide.dll Nom du logiciel malveillant : Win32:Trojan-gen {Other} Type : Virus/ver Version VPS: 081215-1,15/12/2008 Là, Avast est incapable de déplacer, renommer, supprimer, réparer ou mettre en quarantaine. Cette fameuse dll Hide.dll peut être supprimée manuellement mais réapparait à chaque démarrage. En outre, mon PC fonctionne correctement. Mais ce Trojan ne ma dit rien de bon. J'ai testé plusieurs antivirus, en ligne, hors ligne, en mode sans echec ou non... Merci d'avance pour votre aide. Cordialement. Voici le rapport SDFIX : SDFix: Version 1.240 /b Run by Administrateur on 15/12/2008 at 16:42 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services /b: Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files /b: Trojan Files Found: C:\WINDOWS\system32\s.ico - Deleted Removing Temp Files ADS Check /b: C:\WINDOWS\system32 :unknown.exe 1981450 Total size: 1981450 bytes. system32: Accès refusé. Checking for remaining Streams C:\WINDOWS\system32 :unknown.exe 1981450 Total size: 1981450 bytes. Final Check /b: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 17:28:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32:unknown.exe 1981450 bytes executable scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services /b: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\CNAC1RPK.EXE"="C:\\WINDOWS\\system32\\CNAC1RPK.EXE:*:Enabled:Canon LASER SHOT LBP-2410 RPC Server Process" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe:*:Enabled:Menu" "C:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe:*:Enabled:gvupdate" "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP000.TMP\\SOUND_~1.EXE"="C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP000.TMP\\SOUND_~1.EXE:*:Enabled:Windows Application Service" "C:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP001.TMP\\SOUND_~1.EXE"="C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP001.TMP\\SOUND_~1.EXE:*:Enabled:Windows Application Service" "C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP002.TMP\\SOUND_~1.EXE"="C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP002.TMP\\SOUND_~1.EXE:*:Enabled:Windows Application Service" "C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP003.TMP\\SOUND_~1.EXE"="C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\IXP003.TMP\\SOUND_~1.EXE:*:Enabled:Windows Application Service" "C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\QZTEMP\\15102234\\Adobe Photoshop cs4 keygen.exe"="C:\\DOCUME~1\\GERARD\\LOCALS~1\\Temp\\QZTEMP\\15102234\\Adobe Photoshop cs4 keygen.exe:*:Enabled:Microsoft Windows Update Platform" "D:\\TELECHARGEMENTS\\COREL\\Adobe Photoshop cs4 keygen.exe"="D:\\TELECHARGEMENTS\\COREL\\Adobe Photoshop cs4 keygen.exe:*:Enabled:Microsoft Windows Update Platform" "C:\\Documents and Settings\\GERARD\\Application Data\\Adobe\\Adobe Photoshop CS4\\Adobe Photoshop cs4 keygen.exe"="C:\\Documents and Settings\\GERARD\\Application Data\\Adobe\\Adobe Photoshop CS4\\Adobe Photoshop cs4 keygen.exe:*:Enabled:Microsoft Windows Update Platform" "C:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Adobe Photoshop cs4 keygen.exe"="C:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Adobe Photoshop cs4 keygen.exe:*:Enabled:Microsoft Windows Update Platform" "C:\\WINDOWS\\system32:unknown.exe"="C:\\WINDOWS\\system32:unknown.exe:*:Enabled:Microsoft Windows Update Platform" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files /b: File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes /b: Fri 9 Sep 2005 7,680 A.SHR --- "C:\WINDOWS\Hide.dll" Sun 18 Jun 2006 101,888 A.SHR --- "C:\WINDOWS\Thumb.dll" Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll" Fri 14 Nov 2008 88 ..SHR --- "C:\Documents and Settings\All Users\Application Data\2C250CB75F.sys" Thu 11 Dec 2008 3,140 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys" Tue 13 Nov 2007 57,344 ...H. --- "C:\Documents and Settings\GERARD\Application Data\Microsoft\Word\~WRL0004.tmp" Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\GERARD\Application Data\U3\temp\Launchpad Removal.exe" Finished!/b Voici le rapport Hijack This : Logfile of HijackThis v1.99.1 Scan saved at 18:44:44, on 15/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CNAC1RPK.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\WINDOWS\HPLiteSaver.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\LVComsX.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=123008 serial=DR12WRS-8796594-FHE lang=FR O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Configuration: Windows XP familiale SP3 Firefox 3.0.3 IE 7 core duo 6420
×
×
  • Créer...