virus win32:tratbho

[badguinness]

bonjour,

 

avast m'a découvert win32:tratbho, et j'ai regardé les posts sur le sujet, mais je m'en sort pas!!

donc fait Hijackthis et voici le rapport, en attendant de vos nouvelles,@+

 

Logfile of HijackThis v1.99.1

Scan saved at 18:13:28, on 04/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\mrofinu.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Drmupgds\Drmupgds.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8FED9688-B8E6-4CD4-B80C-1853D67C6FE4} - C:\Program Files\MSN\nipybafC:\DOCUME~1\client\LOCALS~1\Temp\mst455101.exe.dll (file missing)

O2 - BHO: (no name) - {91262C60-DD10-46FA-A09B-AE14902ECA11} - C:\WINDOWS\system32\byxxvst.dll

O2 - BHO: (no name) - {91AA1B38-AD2B-49B6-BFB7-58EC97362AE0} - C:\WINDOWS\system32\geedb.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1036 -lock

O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Blitzkrieg 2 crack.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\serv-u.ini

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E1C2832211379A26033AAC

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [E0E3E4ECEDEAE7EDE] C6C9CAD2D3D0CDD.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [insider] C:\Program Files\Insider\Insider.exe

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: byxxvst - C:\WINDOWS\SYSTEM32\byxxvst.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[pear]

Bonjour,

 

Votre Hijackthis est obsolète!

 

* Téléchargez Hijackthis de TrendMicro.

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

* Décompressez le dans un dossier à la racine du disque dur

renommer ce dossier par exemple gihjhip

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Copier-coller le rapport dans un nouveau message ici

[badguinness]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:32:47, on 04/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\mrofinu.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Drmupgds\Drmupgds.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\PowerArchiver\POWERARC.EXE

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1036 -lock

O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Blitzkrieg 2 crack.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\serv-u.ini

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E1C2832211379A26033AAC

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [E0E3E4ECEDEAE7EDE] C6C9CAD2D3D0CDD.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [insider] C:\Program Files\Insider\Insider.exe

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 7768 bytes

[pear]

* Télécharger SDFix (créé par AndyManchesta) et le sauvegarde sur le Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double cliquer sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.cmd pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

[styx]

Salut à tous

 

Avec une telle ligne ...

 

O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Blitzkrieg 2 crack.exe

 

... faut pas s' étonner d' être infecté !

[badguinness]

Salut à tous

 

Avec une telle ligne ...

 

O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Blitzkrieg 2 crack.exe

 

... faut pas s' étonner d' être infecté !

oui je suis d'accord, mais ça fait bien 1an que j'ai ce crack, et il m'est jamais rien arrivé!!!

 

 

voilà c'est fait, voici le résultat, doit-je faire autre chose

 

 

SDFix: Version 1.136

 

Run by client on 04/02/2008 at 23:09

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\DOCUME~1\client\Bureau\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted

C:\WINDOWS\b122.exe - Deleted

C:\WINDOWS\b128.exe - Deleted

C:\WINDOWS\b147.exe - Deleted

C:\WINDOWS\b149.exe - Deleted

C:\WINDOWS\mrofinu2000351.exe - Deleted

 

 

 

Folder C:\Program Files\InetGet2 - Removed

Folder C:\Program Files\Insider - Removed

Folder C:\Program Files\Temporary - Removed

 

 

Removing Temp Files...

 

ADS Check:

 

 

 

Final Check:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-04 23:17:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\$winnt32$_test]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf40]

"khjeh"=hex:20,02,00,00,69,8e,92,a7,c9,ed,11,e3,78,e5,76,79,bb,47,ee,f9,32,..

"hj34z0"=hex:63,fd,b6,78,3a,3c,5a,f7,70,e7,d4,5a,99,d0,59,bd,0f,5f,4a,38,ce,..

"hj34z1"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

"hj34z2"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

"hj34z3"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

"hj34z4"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf41]

"khjeh"=hex:20,02,00,00,77,57,ca,39,c3,74,fe,99,ba,d7,a7,9c,85,6e,42,fa,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf42]

"khjeh"=hex:20,02,00,00,e4,74,f4,ce,aa,4d,ef,64,f5,4b,be,e8,b4,bc,52,b5,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf43]

"khjeh"=hex:20,02,00,00,c9,5f,bb,c8,29,cb,1c,f4,d8,85,f7,e3,9b,48,9a,ef,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000000

"hdf12"=hex:b3,a5,75,e0,cb,d6,88,ef,7c,ac,c9,4a,d9,84,3d,bc,ca,2f,0d,2f,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000000

"hdf12"=hex:b3,a5,75,e0,cb,d6,88,ef,7c,ac,c9,4a,d9,84,3d,bc,ca,2f,0d,2f,b1,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120%"

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 27

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramŠtres"

"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 4\\pes4.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 4\\pes4.exe:*:Enabled:pes4"

"C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu\\game.dat"="C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu"

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"

"C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"

"C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe:*:Enabled:Rise Of Legends"

"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\\Program Files\\TrackMania United\\TmUnited.exe"="C:\\Program Files\\TrackMania United\\TmUnited.exe:*:Enabled:TmUnited"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Documents and Settings\\client\\Mes documents\\recup_pc_portable\\iPuissance_4D_5.03.exe"="C:\\Documents and Settings\\client\\Mes documents\\recup_pc_portable\\iPuissance_4D_5.03.exe:*:Enabled:Application MFC iPuissance 4D"

"C:\\Program Files\\Lphant\\eLePhantClient.exe"="C:\\Program Files\\Lphant\\eLePhantClient.exe:*:Enabled:Lphant"

"C:\\Documents and Settings\\client\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\client\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Documents and Settings\\client\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\client\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

Remaining Files:

---------------

 

File Backups: - C:\DOCUME~1\client\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Sat 2 Feb 2008 256 A.SHR --- "C:\BOOT.BAK"

Fri 4 Feb 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 14 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"

Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe"

Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"

Sat 5 Jan 2008 888 ...HR --- "C:\Documents and Settings\client\Application Data\SecuROM\UserData\securom_v7_01.bak"

 

Finished!

 

voila c'est fait, voici le rapport, doit-je faire autre chose?

 

 

SDFix: Version 1.136

 

Run by client on 04/02/2008 at 23:09

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\DOCUME~1\client\Bureau\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted

C:\WINDOWS\b122.exe - Deleted

C:\WINDOWS\b128.exe - Deleted

C:\WINDOWS\b147.exe - Deleted

C:\WINDOWS\b149.exe - Deleted

C:\WINDOWS\mrofinu2000351.exe - Deleted

 

 

 

Folder C:\Program Files\InetGet2 - Removed

Folder C:\Program Files\Insider - Removed

Folder C:\Program Files\Temporary - Removed

 

 

Removing Temp Files...

 

ADS Check:

 

 

 

Final Check:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-04 23:17:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\$winnt32$_test]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf40]

"khjeh"=hex:20,02,00,00,69,8e,92,a7,c9,ed,11,e3,78,e5,76,79,bb,47,ee,f9,32,..

"hj34z0"=hex:63,fd,b6,78,3a,3c,5a,f7,70,e7,d4,5a,99,d0,59,bd,0f,5f,4a,38,ce,..

"hj34z1"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

"hj34z2"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

"hj34z3"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

"hj34z4"=hex:83,fd,b6,78,42,3c,5a,f7,71,e7,d5,5a,98,d0,59,bd,0f,5f,4a,38,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf41]

"khjeh"=hex:20,02,00,00,77,57,ca,39,c3,74,fe,99,ba,d7,a7,9c,85,6e,42,fa,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf42]

"khjeh"=hex:20,02,00,00,e4,74,f4,ce,aa,4d,ef,64,f5,4b,be,e8,b4,bc,52,b5,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf43]

"khjeh"=hex:20,02,00,00,c9,5f,bb,c8,29,cb,1c,f4,d8,85,f7,e3,9b,48,9a,ef,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000000

"hdf12"=hex:b3,a5,75,e0,cb,d6,88,ef,7c,ac,c9,4a,d9,84,3d,bc,ca,2f,0d,2f,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000000

"hdf12"=hex:b3,a5,75,e0,cb,d6,88,ef,7c,ac,c9,4a,d9,84,3d,bc,ca,2f,0d,2f,b1,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120%"

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 27

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramŠtres"

"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 4\\pes4.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 4\\pes4.exe:*:Enabled:pes4"

"C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu\\game.dat"="C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu"

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"

"C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"

"C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe:*:Enabled:Rise Of Legends"

"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\\Program Files\\TrackMania United\\TmUnited.exe"="C:\\Program Files\\TrackMania United\\TmUnited.exe:*:Enabled:TmUnited"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Documents and Settings\\client\\Mes documents\\recup_pc_portable\\iPuissance_4D_5.03.exe"="C:\\Documents and Settings\\client\\Mes documents\\recup_pc_portable\\iPuissance_4D_5.03.exe:*:Enabled:Application MFC iPuissance 4D"

"C:\\Program Files\\Lphant\\eLePhantClient.exe"="C:\\Program Files\\Lphant\\eLePhantClient.exe:*:Enabled:Lphant"

"C:\\Documents and Settings\\client\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\client\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Documents and Settings\\client\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\client\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

 

Remaining Files:

---------------

 

File Backups: - C:\DOCUME~1\client\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Sat 2 Feb 2008 256 A.SHR --- "C:\BOOT.BAK"

Fri 4 Feb 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 14 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"

Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe"

Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"

Sat 5 Jan 2008 888 ...HR --- "C:\Documents and Settings\client\Application Data\SecuROM\UserData\securom_v7_01.bak"

 

Finished!

[styx]

Salut à tous ...

 

badguinness,

 

(si ce n’ est déjà fait) Télécharge et installe CCleaner :

http://www.pcentraide.com/index.php?showtopic=3847

Sur le site, clique sur > Download latest version et laisse-toi guider.

Ne coche pas "Ajouter la barre d' outils Yahoo".

Laisse-le s’ installer tel que …

 

Redémarre le PC en mode sans échec :

http://forum.telecharger.01net.com/telecha...messages-1.html

(méthode F8 de préférence)

 

--------------------------------------------

Tu n' auras pas accès à Internet pendant le "mode sans échec".

Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la sur le

"bureau" pour l' avoir à ta disposition.

--------------------------------------------

 

Affiche les fichiers et dossiers cachés …

Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".

Ensuite, clique sur > Outils > Options des dossiers ...

clique sur l' onglet « Affichage » et ...

coche ---> Afficher les fichiers et dossiers cachés

décoche > Masquer les extensions des fichiers dont le type est connu

décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).

« Appliquer » et « OK ».

 

Ferme toutes les fenêtres et applications.

Relance HijackThis et clique sur > Do a system scan only puis, coche

les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8FED9688-B8E6-4CD4-B80C-1853D67C6FE4} - C:\Program Files\MSN\nipybafC:\DOCUME~1\client\LOCALS~1\Temp\mst455101.exe.dll (file missing)

O2 - BHO: (no name) - {91262C60-DD10-46FA-A09B-AE14902ECA11} - C:\WINDOWS\system32\byxxvst.dll

O2 - BHO: (no name) - {91AA1B38-AD2B-49B6-BFB7-58EC97362AE0} - C:\WINDOWS\system32\geedb.dll

O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Blitzkrieg 2 crack.exe

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\serv-u.ini

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3

D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E1C2832211379A26033AAC

O4 - HKLM\..\Run: [E0E3E4ECEDEAE7EDE] C6C9CAD2D3D0CDD.exe

O4 - HKCU\..\Run: [insider] C:\Program Files\Insider\Insider.exe

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

O20 - Winlogon Notify: byxxvst - C:\WINDOWS\SYSTEM32\byxxvst.dll

 

Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

 

Rends-toi dans > Démarrer > Panneau de config. > Ajout/suppres… de prog.

 

Supprime, si tu le(s) trouves > Insider - Drmupgds

 

Ensuite, va dans > Démarrer > Poste de travail > C:\

 

C:\WINDOWS\system32\byxxvst.dll <-

C:\WINDOWS\system32\geedb.dll <-

C:\WINDOWS\system32\wuauclt10.exe <-

C:\WINDOWS\system32\Blitzkrieg 2 crack.exe <-

C:\WINDOWS\mrofinu2000351.exe <-

C:\Program Files\Insider\ <-

C:\Program Files\Drmupgds <-

C:\WINDOWS\SYSTEM32\byxxvst.dll <-

 

Supprime le(s) fichier(s)/dossier(s)/programme(s) en gras, si tu le(s) trouves.

 

Vide la Corbeille.

 

Remet les fichiers et dossiers cachés dans leur configuration initiale.

 

Lance CCleaner ...

Clique sur > Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.

(re)Lance le nettoyage et (re)confirme par OK.

 

Redémarre en mode normal et poste un nouvel HijackThis ... pour pear .

 

PS : il se peut que dans la procédure tu ne trouves pas les fichiers/dossiers/programmes à supprimer ;

c' est normal puisque SDfix aura déjà fait une partie du boulot !

 

Par ailleurs, tout n' aura peut-être pas été supprimé : il faudra alors utiliser des outils plus puissant ...