infection trojan-downloader.win32.zlob.lps

[n2kwarrior]

Bonjour à tous,

 

je vous explique mon problème, j'ai reçu un trojan sur mon ordi :

 

trojan-downloader.Win32.Zlob.lps

mon antivirus Kaspersky n'arrive pas à le supprimer. De plus, il empêche mon FAI aol de me connecter à internet: lorsque je démarrer aol, il me dit que des fichiers nécessaires à la connexion doivent être installer, du coup ça me fait redémarrer l'ordi, et le problème reste le même ( ça tourne en rond autrement dit).

 

j'ai fait une analyse avec hijack this, voici le bilan:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10:12, on 24/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Dell AIO 810\dlcgmon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\dlcgcoms.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\bwgo0000f155.exe

C:\Program Files\AOL Compagnon\companion.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.mcafee.com/root/campaign.asp?cid=16970

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\AcsInstall.dll"

O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\NICOLA~1\LOCALS~1\Temp\insmac2k.dll"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: printers - {2E28C538-E4BF-4F38-A895-D8D78443F409} - libcintles3.dll (file missing)

O21 - SSODL: wdpoefan - {717A7FCB-9DCB-4AD2-AF62-AE90DF6372F3} - (no file)

O21 - SSODL: vadokmxt - {2A8A3E9F-DCCF-4FCF-B603-6C5BC3BE6993} - (no file)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

End of file - 13365 bytes

 

 

 

 

 

 

 

 

 

Quelqu'un pourrait-il m'aider svp , je suis vraiment en galère...

 

merci d'avance pour votre aide..

 

 

PS: configuration de mon ordinateur:

 

Dell XPS M1710

avec windows xp familial

 

Configuration: Windows XP

Firefox 2.0.0.14

[pear]

Bonsoir,

 

Bonsoir,

Dans Hijackthis, cochez ces lignes,puis clic sur Fix checked.

 

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) => Yahoo Companion!

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe => Logitech®Desktop Messenger

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE => Logitech®Multimedia webcam devices

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime => Apple®Quick Time

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') => Microsoft®Windows NT

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') => Microsoft®Windows NT

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') => Microsoft®Windows NT

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O21 - SSODL: printers - {2E28C538-E4BF-4F38-A895-D8D78443F409} - libcintles3.dll (file missing)

 

Copier/coller ce qui suit dans le bloc notes.

Enregistrez sur le bureau sous regis.reg.

Cliquez droit sur le fichier ->fusionner

Acceptez la modification du Régistre:

 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]

 

désinstallation et suppression de :

 

c:\program files\mywaysa

 

* Télécharger SDFix (créé par AndyManchesta) et le sauvegarder sur le Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur le Bureau.

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.bat pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

Si Sdfix ne se lance pas:

Démarrer->Exécuter

Copiez/collez ceci:

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

 

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Postez le rapport ici.

[n2kwarrior]

ok merci, je vais faire ça, je vous tiens au courant dès que j'ai fait ça!

[n2kwarrior]

j'ai un problème, quand je veux installer sdfiw, un message d'erreur me dis : some installation files are corrupt. please download a fresh copy an retry the installation.

tu as une autre copie stp?

[n2kwarrior]

je viens de trouver une autre version de sdfix, ça s'est bien installer maintenant je continue ce que vous m'avez dit de faire...

[n2kwarrior]

voici le rapport:

 

 

SDFix: Version 1.167

Run by Nicolas BOYER on 24/04/2008 at 23:05

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\Nicolas BOYER\new.txt - Deleted

C:\WINDOWS\iTunesMusic.exe - Deleted

C:\WINDOWS\system32\msvchost.exe - Deleted

C:\WINDOWS\system32\winsystem.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-24 23:11:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:b8,e5,5f,97,7e,83,bc,40,8b,97,ed,e6,c2,78,6c,b6,f8,74,42,7b,60,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:b8,e5,5f,97,7e,83,bc,40,8b,97,ed,e6,c2,78,6c,b6,f8,74,42,7b,60,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:4e,af,55,4f,fd,ad,81,e8,2a,b7,95,ad,bb,b7,d4,f5,1b,f4,17,15,25,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:94,aa,3d,db,7c,58,11,a5,64,ca,88,39,a6,8c,d2,9c,39,92,2d,b2,43,..

"a0"=hex:20,01,00,00,4b,72,69,7f,60,ab,a4,65,c7,91,dc,ff,8d,4e,d4,e7,5d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:a7,cf,9b,ab,40,9d,fa,20,57,b4,ac,cb,62,51,d4,b9,2f,09,3a,84,55,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:658ea7de

"s2"=dword:0e3e054b

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:b8,e5,5f,97,7e,83,bc,40,8b,97,ed,e6,c2,78,6c,b6,f8,74,42,7b,60,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:4e,af,55,4f,fd,ad,81,e8,2a,b7,95,ad,bb,b7,d4,f5,1b,f4,17,15,25,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:94,aa,3d,db,7c,58,11,a5,64,ca,88,39,a6,8c,d2,9c,39,92,2d,b2,43,..

"a0"=hex:20,01,00,00,4b,72,69,7f,60,ab,a4,65,c7,91,dc,ff,8d,4e,d4,e7,5d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:a7,cf,9b,ab,40,9d,fa,20,57,b4,ac,cb,62,51,d4,b9,2f,09,3a,84,55,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 1

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"

"C:\\Sierra\\Counter-Strike\\cstrike.exe"="C:\\Sierra\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"

"C:\\Program Files\\Counter-Strike Source\\srcds.exe"="C:\\Program Files\\Counter-Strike Source\\srcds.exe:*:Enabled:Counter-Strike Source Server"

"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"

"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"

"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Home Network Manager Application"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\AOL 9.0b\\waol.exe"="C:\\Program Files\\AOL 9.0b\\waol.exe:*:Enabled:AOL"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\AOL 9.0b\\waol.exe"="C:\\Program Files\\AOL 9.0b\\waol.exe:*:Enabled:AOL"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Wed 2 Aug 2006 88 A.SHR --- "C:\i386\8C04966B23.sys"

Wed 2 Aug 2006 6,474 A.SH. --- "C:\i386\KGyGaAvL.sys"

Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"

Fri 9 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"

Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"

Wed 23 Aug 2006 88 ..SHR --- "C:\WINDOWS\system32\8C04966B23.sys"

Tue 31 Oct 2006 8 ..SHR --- "C:\WINDOWS\system32\E1962F2E87.sys"

Tue 31 Oct 2006 9,392 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Sat 5 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Sun 24 Apr 2005 36,352 A..H. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\les cours\~WRL0003.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT90.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT93.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT97.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT8F.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT94.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT91.tmp"

Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32a68038cbc8e2f304034165d1cab2e1\BIT36D.tmp"

Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7333946973f87a4fdf879a85eeae256b\BIT36A.tmp"

Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b3179d71e82d8085d960408b16ae5bf\BIT373.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT96.tmp"

Sun 16 Mar 2008 1,229,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc7043d60e692448b548f03d568309ab\BIT370.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT92.tmp"

Sun 16 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT95.tmp"

Sun 16 Mar 2008 4,856,848 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f3fd033e4d9140ea4bb2ff5810443583\BIT352.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\moi\SIV33.tmp"

Fri 17 Nov 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT208.tmp"

Sun 29 Apr 2007 26,998 A..H. --- "C:\Documents and Settings\Nicolas BOYER\Application Data\Microsoft\Office\Shortcut Bar\OffB.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\10 mai 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\21 avril 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\dimanche 8 avril 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\dimanche 15 avril 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\dimanche 13 mai 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\dimanche 20 mai 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\Lundi 2 avril 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\Lundi 9 avril 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\mercredi 11 avril 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\photos appart - mai 2007\SIV33.tmp"

Fri 5 Jan 2007 204,800 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2007\samedi 31 mars 2007\SIV33.tmp"

Sun 22 May 2005 192,512 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2005\23 juillet 2005\SIVF7.tmp"

Sun 22 May 2005 192,512 A.SH. --- "C:\Documents and Settings\Nicolas BOYER\Mes documents\Mes images\PHOTOS 2005\30 juillet 2005\SIVF7.tmp"

 

Finished!

 

 

 

Que dois-je faire maintenant svp??

[pear]

Bonjour,

 

Java n'est pas à jour,donc moins sécurisé.

 

Rendez vous là:

http://www.download.com/Java-Runtime-Envir...4-10009607.html

 

Java Runtime Environment (JRE) 6 Update 6

Download Now

 

S'ouvre une nouvelle page.

 

Vous descendrez là:

 

Java Runtime Environment (JRE) 6 Update 6

Clic sur Download

 

Nouvelle page.

 

Sélectionnez votre platform->Windows

Cochez "I agree to the java..."

clic sur continue

 

Nouvelle page

 

Cochez:

Windows Online Installation

Cochez la flèche orange

" Cochez ici"jre-6u6-windows-i586-p-iftw.exe

 

Cela fait, supprimez les installations java antérieures par "Ajout/Suppression de Programmes"

 

Postez un nouvel Hijackthis.

 

Avez vous vous encore des disfonctionnements ?