A voir également:
- J'ai un problème avec une virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
- Undisclosed-recipients virus - Guide
5 réponses
slt
pas évident de vous comprendre, il faudrait parler correctement .....
télécharge combofix(= killfix) (par sUBs) ici :
http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe (= killfix) et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt (= killfix)
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
pas évident de vous comprendre, il faudrait parler correctement .....
télécharge combofix(= killfix) (par sUBs) ici :
http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe (= killfix) et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt (= killfix)
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-12-20.01 - Administrateur 2009-01-12 10:43:48.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.213.1036.18.447.220 [GMT 1:00]
Running from: c:\documents and settings\Administrateur\Mes documents\Downloads\Programs\Killfix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\resycled
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\program files\Yahoo!
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\program files\CCleaner
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Yahoo!
2009-01-11 15:47 . 2009-01-11 15:47 <REP> d-------- c:\program files\Ad Muncher
2009-01-11 14:57 . 2009-01-11 14:57 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-11 14:36 . 2009-01-11 14:36 <REP> dr------- c:\program files\Skype
2009-01-11 14:36 . 2009-01-11 14:36 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-01-11 14:31 . 2009-01-11 14:31 <REP> d--hs---- C:\FOUND.000
2009-01-11 14:02 . 2009-01-11 14:02 <REP> d-------- c:\program files\Avira
2009-01-11 14:02 . 2009-01-11 14:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-11 14:02 . 2008-05-07 13:20 71,592 --a------ c:\windows\system32\drivers\avfwot.sys
2009-01-11 14:02 . 2008-05-07 09:51 71,464 --a------ c:\windows\system32\drivers\avfwim.sys
2009-01-11 14:02 . 2009-01-12 08:51 30 --a------ c:\windows\MMKEYBD.INI
2009-01-11 14:01 . 2009-01-11 14:01 <REP> d-------- c:\documents and settings\Administrateur\Application Data\skypePM
2009-01-11 14:01 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys
2009-01-11 14:01 . 2009-01-11 14:01 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat
2009-01-11 13:48 . 2009-01-11 13:48 <REP> d--hs---- C:\Recycled
2009-01-11 13:25 . 2009-01-11 13:25 <REP> d-------- c:\program files\Google
2009-01-11 13:25 . 2009-01-11 13:25 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Skype
2009-01-11 13:24 . 2009-01-11 13:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-01-11 13:23 . 2009-01-11 13:23 <REP> d-------- c:\program files\Trend Micro
2009-01-11 13:21 . 2009-01-11 13:21 <REP> d-------- c:\program files\Internet Download Manager
2009-01-11 13:21 . 2009-01-11 13:21 <REP> d-------- c:\documents and settings\Administrateur\Application Data\IDM
2009-01-11 13:21 . 2009-01-11 13:21 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DMCache
2009-01-11 13:01 . 2005-06-17 04:41 61,440 -ra------ c:\windows\system32\vuins32.dll
2009-01-11 13:01 . 2006-03-15 03:51 43,008 -ra------ c:\windows\system32\drivers\fetnd5bv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 11:59 --------- d-----w c:\program files\Realtek Sound Manager
2009-01-11 11:59 --------- d-----w c:\program files\Realtek AC97
2009-01-11 11:59 --------- d-----w c:\program files\AvRack
2009-01-11 11:55 --------- d-----w c:\program files\S3
2009-01-11 11:51 --------- d-----w c:\program files\VIA
2009-01-11 11:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 11:46 --------- d-----w c:\program files\Netropa
2009-01-11 11:46 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-11 11:36 --------- d--h--w c:\program files\Zenographics
2009-01-11 11:36 --------- d-----w c:\program files\Hewlett-Packard
2009-01-11 11:28 --------- d-----w c:\program files\microsoft frontpage
2009-01-11 11:26 --------- d-----w c:\program files\Services en ligne
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 11:47 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-07-23 2532784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-11 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2001-11-08 147456]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2006-10-28 705024]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-01-11 71592]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2009-01-11 6656]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2009-01-11 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2009-01-11 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2009-01-11 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2009-01-11 41217]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2009-01-11 28672]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-01-11 71464]
*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Block frame with Ad Muncher - http://www.admuncher.com/...
IE: Block image with Ad Muncher - http://www.admuncher.com/...
IE: Block link with Ad Muncher - http://www.admuncher.com/...
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/...
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/...
LSP: avsda.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 10:44:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\avsda.dll
.
Completion time: 2009-01-12 10:44:38
ComboFix-quarantined-files.txt 2009-01-12 09:44:38
Pre-Run: 28 005 203 968 octets libres
Post-Run: 28,112,257,024 octets libres
136
slt voila le rapport de cambo fix....
Microsoft Windows XP Professionnel 5.1.2600.2.1256.213.1036.18.447.220 [GMT 1:00]
Running from: c:\documents and settings\Administrateur\Mes documents\Downloads\Programs\Killfix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\resycled
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\program files\Yahoo!
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\program files\CCleaner
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-11 16:08 . 2009-01-11 16:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Yahoo!
2009-01-11 15:47 . 2009-01-11 15:47 <REP> d-------- c:\program files\Ad Muncher
2009-01-11 14:57 . 2009-01-11 14:57 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-11 14:36 . 2009-01-11 14:36 <REP> dr------- c:\program files\Skype
2009-01-11 14:36 . 2009-01-11 14:36 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-01-11 14:31 . 2009-01-11 14:31 <REP> d--hs---- C:\FOUND.000
2009-01-11 14:02 . 2009-01-11 14:02 <REP> d-------- c:\program files\Avira
2009-01-11 14:02 . 2009-01-11 14:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-11 14:02 . 2008-05-07 13:20 71,592 --a------ c:\windows\system32\drivers\avfwot.sys
2009-01-11 14:02 . 2008-05-07 09:51 71,464 --a------ c:\windows\system32\drivers\avfwim.sys
2009-01-11 14:02 . 2009-01-12 08:51 30 --a------ c:\windows\MMKEYBD.INI
2009-01-11 14:01 . 2009-01-11 14:01 <REP> d-------- c:\documents and settings\Administrateur\Application Data\skypePM
2009-01-11 14:01 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys
2009-01-11 14:01 . 2009-01-11 14:01 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat
2009-01-11 13:48 . 2009-01-11 13:48 <REP> d--hs---- C:\Recycled
2009-01-11 13:25 . 2009-01-11 13:25 <REP> d-------- c:\program files\Google
2009-01-11 13:25 . 2009-01-11 13:25 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Skype
2009-01-11 13:24 . 2009-01-11 13:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-01-11 13:23 . 2009-01-11 13:23 <REP> d-------- c:\program files\Trend Micro
2009-01-11 13:21 . 2009-01-11 13:21 <REP> d-------- c:\program files\Internet Download Manager
2009-01-11 13:21 . 2009-01-11 13:21 <REP> d-------- c:\documents and settings\Administrateur\Application Data\IDM
2009-01-11 13:21 . 2009-01-11 13:21 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DMCache
2009-01-11 13:01 . 2005-06-17 04:41 61,440 -ra------ c:\windows\system32\vuins32.dll
2009-01-11 13:01 . 2006-03-15 03:51 43,008 -ra------ c:\windows\system32\drivers\fetnd5bv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 11:59 --------- d-----w c:\program files\Realtek Sound Manager
2009-01-11 11:59 --------- d-----w c:\program files\Realtek AC97
2009-01-11 11:59 --------- d-----w c:\program files\AvRack
2009-01-11 11:55 --------- d-----w c:\program files\S3
2009-01-11 11:51 --------- d-----w c:\program files\VIA
2009-01-11 11:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 11:46 --------- d-----w c:\program files\Netropa
2009-01-11 11:46 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-11 11:36 --------- d--h--w c:\program files\Zenographics
2009-01-11 11:36 --------- d-----w c:\program files\Hewlett-Packard
2009-01-11 11:28 --------- d-----w c:\program files\microsoft frontpage
2009-01-11 11:26 --------- d-----w c:\program files\Services en ligne
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 11:47 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-07-23 2532784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-11 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2001-11-08 147456]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2006-10-28 705024]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-01-11 71592]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2009-01-11 6656]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2009-01-11 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2009-01-11 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2009-01-11 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2009-01-11 41217]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2009-01-11 28672]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-01-11 71464]
*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Block frame with Ad Muncher - http://www.admuncher.com/...
IE: Block image with Ad Muncher - http://www.admuncher.com/...
IE: Block link with Ad Muncher - http://www.admuncher.com/...
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/...
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/...
LSP: avsda.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 10:44:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\avsda.dll
.
Completion time: 2009-01-12 10:44:38
ComboFix-quarantined-files.txt 2009-01-12 09:44:38
Pre-Run: 28 005 203 968 octets libres
Post-Run: 28,112,257,024 octets libres
136
slt voila le rapport de cambo fix....
