C:\win2.PIF

Question

Bonjour,
Mon PC affiche de manière intempestive le message suivant : c:\win2.pif
Nom de fichier programme erroné, vérifiez votre fichier PIF. Choisissez "fermer" pour mettre fin à l'application.
Que faire ?

nihat42 · Answer

Salut,

Il faut que mets Internet Explorer à jour. Télécharge Explorer  :https://www.01net.com/outils/telecharger/windows/Internet/navigateur/fiches/tele43564.html

lewis34 · Answer

un fichier qui a l'extension .pif est à 99.9999999999999% une merdouille (un virus, trojan etc..)
il permette d'avoir accès à des infos tels que tels que le nom d'un fichier, un répertoire de démarrage ,des options multitâches. Bref de quoi te mettre le bazar complet dans ton pc

donc 1 chose a faire met ton av à jour fait une analyse surtout n'ouvre pas des PJ dont tu n'est pas sur.

Utilisateur anonyme · Answer

Salut ,

• Télécharge et install UsbFix 

 (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Choisis l'option 1 ( Recherche )

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

daromuril · Answer

Merci pour avoir si vite répondu à ma préoccupation.Après le rapport de Usbfix, je fais quoi? Je comprends plus la suite.Est ce ce message qui empeche mon PC de s'arreter normalement?Merci

Utilisateur anonyme · Answer

Tu copies colle les rapport usbfix.txt sur le forum , ici meme sur cette discussion .

Utilisateur anonyme · Answer

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau

• choisis l'option 2 ( Suppression )

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

daromuril · Answer

Ok voici le deuxième rapport


############################## [ UsbFix V3.016 # Cleaning ]

# User : DELL (Administrateurs) # DB8W2P2J
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 11:18:19 | 04/05/2002

# Genuine Intel(R) CPU           T2400  @ 1.83GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 111,7 Go (2,68 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 963,7 Mo (920,41 Mo free) [YANNICK REL] # FAT
# G:\ # Disque CD-ROM # 6,67 Mo (0 Mo free) [U3 System] # CDFS
# H:\ # Disque amovible # 974,06 Mo (668,25 Mo free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\speedo~1\SPO.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wuauc1t.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32
mdfgds0.dll    
Deleted ! C:\WINDOWS\system32
mdfgds1.dll    
Deleted ! C:\WINDOWS\system32\olhrwef.exe    
Deleted ! C:\WINDOWS\system32\Win32.vbs    
Deleted ! C:\0bcobed.exe    
Deleted ! C:\0xuc.com    
Deleted ! C:\cqxj.exe    
Deleted ! C:\e2.cmd    
Deleted ! C:\ej10fkdo.bat    
Deleted ! C:\explorer.exe    
Deleted ! C:\gyn.cmd    
Deleted ! C:\husyu8n.exe    
Deleted ! C:\jm3cx96.bat    
Deleted ! C:\luk1ylq.com    
Deleted ! C:\opgde.exe    
Deleted ! C:\q0dhfjf.exe    
Deleted ! C:\vwewav8.com    
Deleted ! C:\yh.cmd    
Deleted ! C:\autorun.inf    
Deleted ! C:\system.pif    
Deleted ! C:\win1.pif    
Deleted ! C:\win10.pif    
Deleted ! C:\win12.pif    
Deleted ! C:\win13.pif    
Deleted ! C:\win14.pif    
Deleted ! C:\win15.pif    
Deleted ! C:\win16.pif    
Deleted ! C:\win17.pif    
Deleted ! C:\win18.pif    
Deleted ! C:\win19.pif    
Deleted ! C:\win2.pif    
Deleted ! C:\win20.pif    
Deleted ! C:\win3.pif    
Deleted ! C:\win4.pif    
Deleted ! C:\win5.pif    
Deleted ! C:\win6.pif    
Deleted ! C:\win7.pif    
Deleted ! C:\win711.pif    
Deleted ! C:\win8.pif    
Deleted ! C:\win9.pif    
Deleted ! E:\e2.cmd    
Deleted ! E:\explorer.exe    
Deleted ! E:\opgde.exe    
Deleted ! E:\The_Cars.vbs    
Deleted ! E:\autorun.inf    
(!) Not Deleted ! G:\autorun.inf   
Deleted ! H:\0xuc.com    
Deleted ! H:\cqxj.exe    
Deleted ! H:\e2.cmd    
Deleted ! H:\ej10fkdo.bat    
Deleted ! H:\explorer.exe    
Deleted ! H:\gi2ky.exe    
Deleted ! H:\luk1ylq.com    
Deleted ! H:\opgde.exe    
Deleted ! H:\The_Cars.vbs    
Deleted ! H:\upw.bat    
Deleted ! H:\vwewav8.com    
Deleted ! H:\yh.cmd    
Deleted ! H:\autorun.inf    
Deleted ! H:\fjiwp.pif    

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FIXEDFON.FON"    
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"    
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "System"    
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "amva"    
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"    
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"    
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsegedit.exe    

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\C\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\E\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1635963c-5185-11dd-b972-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1db499d2-d1b2-11dc-b92d-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2b3673d7-d4b0-11dc-b933-00197d2e38b8}\Shell\Auto\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2ee09e96-c1c1-11dc-b91f-00197d2e38b8}\Shell\Auto\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2f52a896-bae2-11dc-b90d-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{52182f92-ca67-11dc-b92a-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{63d3bd94-2266-11dd-b95d-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{63d3bd9a-2266-11dd-b95d-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{82b5628a-ed18-11dd-b9a7-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{90d2ee62-f0f8-11dd-b9ac-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{a27fe6af-c348-11dc-b922-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b097c972-4f6d-11dd-b970-00197d2e38b8}\Shell\Auto\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ce88fd9a-c035-11dc-b91d-00197d2e38b8}\Shell\Auto\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d1ebf4d2-4f88-11dd-b971-00197d2e38b8}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e2a62e22-e2c4-11dc-b93a-00197d2e38b8}\Shell\Auto\command   

################## [ Listing des fichiers présent ]

[04/05/2002 10:57|--a------|6173] - C:\article.txt
[19/08/2004 15:18|--a------|0] - C:\AUTOEXEC.BAT
[03/05/2002 17:21|--a------|2352] - C:\autorun.PNF
[03/01/2008 19:01|-rahs----|212] - C:\boot.ini
[29/04/2002 19:11|---------|3290] - C:\bootex.log
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[19/08/2004 15:18|--a------|0] - C:\CONFIG.SYS
[28/12/2006 16:49|-rah-----|4978] - C:\dell.sdr
[?|?|?] - C:\hiberfil.sys
[03/01/2008 20:54|--a------|4128] - C:\INFCACHE.1
[19/08/2004 15:18|--ah-----|0] - C:\IO.SYS
[19/08/2004 15:18|--ah-----|0] - C:\MSDOS.SYS
[04/05/2002 07:59|-r-hs----|108617] - C:\mt.bat
[05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[02/02/2009 09:15|-rahs----|252240] - C:
tldr
[?|?|?] - C:\pagefile.sys
[11/03/2009 10:53|--a------|510] - C:\updatedatfix.log
[04/05/2002 11:20|--a------|7237] - C:\UsbFix.txt
[21/04/2002 09:19|--a------|152] - C:\YServer.txt
[04/05/2002 07:59|-r-hs----|108617] - E:\mt.bat
[04/05/2002 11:17|--a------|1248] - E:\BOOTEX.LOG
[06/05/2008 14:26|-r-------|309] - G:\autorun.inf
[23/10/2007 09:45|-r-------|1336632] - G:\LaunchU3.exe
[06/05/2008 14:11|-r-------|5600229] - G:\LaunchPad.zip
[04/05/2002 11:17|--a------|6298] - H:\BOOTEX.LOG
[23/10/2007 09:45|-ra------|1336632] - H:\LaunchU3.exe
[13/02/2009 09:10|--a------|25770526] - H:\clamwin-0.94.1-setup.exe
[24/02/2009 17:12|--a------|1572] - H:\Grand Rabbinat du Qu‚bec.htm
[24/02/2009 09:03|--a------|23516968] - H:\SkypeSetupFull.exe
[24/02/2009 08:16|--a------|7521112] - H:\Firefox Setup 3.0.6.exe
[27/12/2007 12:28|--a------|9840128] - H:\Copie de Evita 2 Dura Presentation Technique.ppt
[18/02/2009 11:51|--a------|7919640] - H:\dap85.exe
[20/08/2008 09:24|--a------|1063424] - H:\le chƒteau.pps
[19/01/2009 17:08|--a------|35328] - H:\discours obama.doc
[20/03/2009 08:39|--a------|65024] - H:\AIREL.doc
[07/04/2009 16:09|--a------|284906] - H:\Photo 130.jpg
[11/03/2009 11:38|--a------|94208] - H:\TECHNICAL SPECIFICATIONS.doc
[26/03/2009 17:35|--a------|20480] - H:\corrections_ems.doc
[19/03/2009 19:07|--a------|213504] - H:\HUMAN  GmbH.doc
[31/05/2008 12:35|--a------|393043] - H:\Cours_Eln.pdf
[19/06/2008 17:29|--a------|1902592] - H:\expos‚.doc
[07/04/2009 16:08|--a------|286373] - H:\Photo 073.jpg
[04/05/2002 07:59|-r-hs----|108617] - H:\mt.bat
[22/04/2002 14:47|-r-hs----|173055] - H:\mlvm.exe
[07/04/2009 16:08|--a------|286518] - H:\Photo 072.jpg
[15/04/2009 16:31|--a------|46080] - H:\SPECIFICATIONS TECHNIQUES  DU GROUPE ELECTROGENE_revu.doc
[16/04/2002 15:15|-r-hs----|222207] - H:\qcjwe.exe
[20/04/2009 09:03|--a------|51712] - H:\SPEC_TECHNIQUES PROPOSEES.doc
[20/04/2009 19:06|--a------|46080] - H:\CV.doc
[20/04/2002 11:39|--a------|93696] - H:\SPECIFICATIONS TECHNIQUES  DU GROUPE ELECTROGENE.doc
[20/04/2002 12:37|--a------|25088] - H:\LISTE DES OUTILS.doc
[20/04/2002 15:05|---h-----|40448] - H:\~WRL1115.tmp
[18/02/2009 20:01|--a------|296] - H:\WMPInfo.xml

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.  
# E:\autorun.inf -> Folder created by UsbFix.  
# H:\autorun.inf -> Folder created by UsbFix.  

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !  

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Utilisateur anonyme · Answer

OK branche tes 2 clés usb (G et H)

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 
http://oldtimer.geekstogo.com/OTMoveIt3.exe 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 



:files 
H:\dap85.exe 
H:\mt.bat 
H:\mlvm.exe 
H:\qcjwe.exe 
E:\mt.bat 
C:\mt.bat 

:commands 
[emptytemp] 



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

Utilisateur anonyme · Answer

Telecharge malwarebytes 
https://www.malwarebytes.com/

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

daromuril · Answer

Le message est toujours là et mon PC ne s'éteind pas normalement.Je suis obligé de l'éteindre manuellemnt chaque fois.

Voici le rapport de Malwarebytes

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2072
Windows 5.1.2600 Service Pack 3

04/05/2002 13:38:41
mbam-log-2002-05-04 (13-38-41).txt

Type de recherche: Examen rapide
Eléments examinés: 84989
Temps écoulé: 4 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
od32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsegedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\iexplorer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

daromuril · Answer

ComboFix 09-05-03.4 - DELL 04/05/2002 16:13.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1014.477 [GMT 2:00]
Lancé depuis: c:\documents and settings\DELL\Mes documents\My Completed Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
C:\system.pif
C:\win1.pif
C:\win10.pif
C:\win12.pif
C:\win13.pif
C:\win14.pif
C:\win15.pif
C:\win16.pif
C:\win17.pif
C:\win18.pif
C:\win19.pif
C:\win2.pif
C:\win20.pif
C:\win3.pif
C:\win4.pif
C:\win5.pif
C:\win6.pif
C:\win7.pif
C:\win8.pif
C:\win9.pif
c:\windows\IE4 Error Log.txt
c:\windows\system32\iexplorer.exe
c:\windows\system32\wuauc1t.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2002-04-04 au 2002-05-04  ))))))))))))))))))))))))))))))))))))
.

2009-04-24 10:26 . 2009-04-24 10:26	--------	d-----w	c:\program files\MSECache
2009-04-19 15:09 . 2009-04-19 15:09	--------	d-----w	c:\program files\PC-Software
2009-04-17 16:30 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 16:30 . 2009-03-06 14:20	286720	------w	c:\windows\system32\dllcache\pdh.dll
2009-04-17 16:30 . 2009-02-09 11:23	111104	------w	c:\windows\system32\dllcache\services.exe
2009-04-17 16:30 . 2009-02-09 10:53	401408	------w	c:\windows\system32\dllcachepcss.dll
2009-04-17 16:30 . 2009-02-09 10:53	473600	------w	c:\windows\system32\dllcache\fastprox.dll
2009-04-17 16:30 . 2009-02-06 10:39	35328	------w	c:\windows\system32\dllcache\sc.exe
2009-04-17 16:30 . 2009-02-09 10:53	685568	------w	c:\windows\system32\dllcache\advapi32.dll
2009-04-17 16:30 . 2009-02-09 10:53	735744	------w	c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 16:30 . 2009-02-09 10:53	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 16:30 . 2009-02-09 10:53	739840	------w	c:\windows\system32\dllcache
tdll.dll
2009-04-17 08:26 . 2008-04-21 21:15	219136	------w	c:\windows\system32\dllcache\wordpad.exe
2009-04-17 07:39 . 2008-12-16 12:31	354304	------w	c:\windows\system32\dllcache\winhttp.dll
2009-03-30 11:32 . 2004-08-05 12:00	185344	----a-w	c:\windows\system32\dllcache	hawbrkr.dll
2009-03-30 11:32 . 2004-08-05 12:00	185344	----a-w	c:\windows\system32\Thawbrkr.dll
2009-03-30 11:32 . 2004-08-05 12:00	10752	----a-w	c:\windows\system32\dllcache\c_iscii.dll
2009-03-30 11:32 . 2004-08-05 12:00	10752	----a-w	c:\windows\system32\c_iscii.dll
2009-03-30 11:32 . 2004-08-05 12:00	5632	----a-w	c:\windows\system32\dllcache\kbdusa.dll
2009-03-30 11:32 . 2004-08-05 12:00	5632	----a-w	c:\windows\system32\kbdusa.dll
2009-03-30 11:32 . 2004-08-05 12:00	6144	----a-w	c:\windows\system32\dllcache\ftlx041e.dll
2009-03-30 11:32 . 2004-08-05 12:00	6144	----a-w	c:\windows\system32\ftlx041e.dll
2009-03-21 14:07 . 2009-03-21 14:07	1054720	------w	c:\windows\system32\dllcache\kernel32.dll
2009-03-11 09:33 . 2009-03-11 09:35	--------	d-----w	c:\program files\Harrap's Multimédia
2009-03-05 07:21 . 2009-03-05 07:21	--------	d-----w	c:\documents and settings\DELL\Application Data\Yahoo!
2009-03-05 07:21 . 2009-03-05 07:21	--------	d-----w	c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-04 09:38 . 2009-03-04 09:38	--------	d-----w	c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-25 18:07 . 2009-02-25 18:07	--------	d-----w	c:\program files\VirginMega
2009-02-25 18:06 . 2009-02-25 18:06	--------	d-----w	c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-02-25 14:10 . 2002-04-21 13:24	--------	dc----w	c:\windows\system32\DRVSTORE
2009-02-25 07:56 . 2009-04-17 06:29	--------	d-----w	c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-25 07:55 . 2009-03-05 07:21	--------	d-----w	c:\program files\Yahoo!
2009-02-24 08:38 . 2009-02-24 08:38	--------	d-----w	c:\program files\Fichiers communs\Skype
2009-02-20 08:10 . 2009-02-20 08:10	81920	------w	c:\windows\system32\dllcache\ieencode.dll
2009-02-13 07:10 . 2005-02-28 07:32	24576	----a-w	c:\windows\system32\IdleTrac.dll
2009-02-13 07:10 . 2009-02-13 07:10	--------	d-----w	c:\program files\Mailinfo
2009-02-13 07:10 . 1998-04-23 23:00	368912	----a-w	c:\windows\system32\vbar332.dll
2009-02-13 07:01 . 2009-02-13 07:01	--------	d-----w	c:\documents and settings\DELL\Application Data\SpeedBit
2009-02-13 07:00 . 2009-04-10 19:17	--------	d-----w	c:\program files\SpeedOptimizer
2009-02-12 12:24 . 2009-02-12 12:26	--------	d-----w	c:\program files\SpeedBit Video Accelerator
2009-02-12 12:24 . 2009-02-12 12:24	--------	d-----w	c:\program files\SpeedBit Video Downloader
2009-02-12 11:42 . 2002-05-04 14:22	--------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-02-12 11:42 . 2009-02-13 07:01	--------	d-----w	c:\documents and settings\All Users\Application Data\SpeedBit
2009-02-12 11:42 . 2009-02-12 11:42	--------	d-----w	c:\program files\AskSBar
2009-02-12 11:42 . 2009-02-12 11:42	50688	----a-w	c:\windows\system32\wbhelp2.dll
2009-02-12 11:42 . 2009-02-12 12:23	--------	d-----w	c:\program files\DAP
2009-02-11 07:14 . 2009-02-11 07:16	--------	d-----w	c:\program files\Microsoft Etudes
2009-02-11 07:12 . 2009-03-03 07:02	--------	d-----w	c:\program files\Learning Essentials
2009-02-11 07:11 . 2005-05-26 14:34	2297552	----a-w	c:\windows\system32\d3dx9_26.dll
2009-02-09 12:31 . 2009-02-10 06:52	--------	d-----w	c:\program files\SuperCopier2
2009-02-04 07:44 . 2009-02-04 07:44	--------	d--h--w	c:\windows\PIF
2009-02-03 19:58 . 2009-02-03 19:58	56832	------w	c:\windows\system32\dllcache\secur32.dll
2009-02-02 07:31 . 2009-02-02 07:31	--------	d-----w	c:\windows\system32\fr-fr
2009-02-02 07:31 . 2009-02-02 07:31	--------	d-----w	c:\windows\l2schemas
2009-02-02 07:31 . 2009-02-02 07:31	--------	d-----w	c:\windows\system32\fr
2009-02-02 07:31 . 2009-02-02 07:31	--------	d-----w	c:\windows\system32\bits
2009-02-02 07:22 . 2009-02-02 07:32	--------	d-----w	c:\windows\ServicePackFiles
2009-01-27 12:51 . 2004-08-03 21:41	1041536	------w	c:\windows\system32\drivers\hsfdpsp2.sys
2009-01-27 12:51 . 2004-08-03 21:41	685056	------w	c:\windows\system32\drivers\hsfcxts2.sys
2009-01-27 12:51 . 2004-08-03 21:41	220032	------w	c:\windows\system32\drivers\hsfbs2s2.sys
2009-01-27 10:28 . 2009-01-27 10:28	--------	d-----w	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-27 10:18 . 2009-01-27 10:27	--------	d-----w	c:\documents and settings\All Users\Application Data\McAfee.com
2009-01-27 09:59 . 2009-01-27 09:59	--------	d-----w	c:\documents and settings\DELL\Local Settings\Application Data\Conduit
2009-01-27 09:59 . 2009-01-27 09:59	--------	d-----w	c:\program files\Conduit
2009-01-27 09:59 . 2009-04-01 06:34	--------	d-----w	c:\documents and settings\DELL\Local Settings\Application Data\PHPNukeFR
2009-01-27 09:59 . 2009-02-17 14:07	--------	d-----w	c:\program files\PHPNukeFR
2009-01-27 09:32 . 2009-01-27 09:32	--------	d-----w	c:\documents and settings\All Users\Application Data\McAfee
2009-01-23 08:30 . 2009-01-23 08:31	--------	d-----w	c:\documents and settings\All Users\Application Data\Avira
2009-01-19 17:27 . 2009-01-19 17:27	--------	d-----w	c:\documents and settings\DELL\Local Settings\Application Data\Dictionnaire Freelang
2009-01-16 12:41 . 2009-01-16 12:41	410984	----a-w	c:\windows\system32\deploytk.dll
2009-01-14 14:21 . 2009-01-14 14:21	--------	d-----w	c:\documents and settings\DELL\Local Settings\Application Data\Ares
2009-01-13 17:20 . 2009-01-13 17:20	--------	d-----w	c:\program files\AbiSuite2
2009-01-09 10:12 . 2002-05-04 14:22	--------	d-----w	c:\documents and settings\DELL\Tracing
2009-01-09 09:57 . 2009-03-03 07:02	--------	d-----w	c:\program files\Microsoft Silverlight
2009-01-09 09:57 . 2009-01-09 09:57	--------	d-----w	c:\program files\Microsoft Office Outlook Connector
2009-01-09 09:51 . 2006-11-29 12:06	3426072	----a-w	c:\windows\system32\d3dx9_32.dll
2009-01-09 09:49 . 2009-01-09 09:57	--------	d-----w	c:\program files\Microsoft
2009-01-09 09:48 . 2009-01-09 09:48	--------	d-----w	c:\program files\Windows Live SkyDrive
2009-01-08 09:09 . 2008-10-16 13:06	208744	----a-w	c:\windows\system32\muweb.dll
2009-01-08 09:09 . 2008-10-16 13:06	268648	----a-w	c:\windows\system32\mucltui.dll
2009-01-07 17:43 . 2009-01-07 17:43	--------	d-----w	c:\program files\Fichiers communs\Windows Live
2009-01-07 14:22 . 2009-01-07 14:22	--------	d-----w	c:\documents and settings\DELL\Local Settings\Application Data\PCHealth
2009-01-07 14:05 . 2009-01-07 14:05	--------	d-----w	c:\program files\Windows Media Connect 2
2009-01-07 14:03 . 2009-01-07 14:04	--------	d-----w	C:\870c9725004115d1f9c7d2d8b2ed5858
2009-01-07 14:02 . 2009-02-13 11:19	--------	d-----w	c:\windows\system32\drivers\UMDF
2009-01-07 14:02 . 2009-01-07 14:02	--------	d-----w	c:\windows\system32\LogFiles
2009-01-07 14:01 . 2009-01-07 14:02	--------	d-----w	C:\95a5fa665920ab1d02b67ae3187a
2009-01-07 13:21 . 2009-01-07 14:22	--------	dcsh--w	c:\program files\Fichiers communs\WindowsLiveInstaller
2009-01-07 13:20 . 2002-04-21 13:26	--------	d-----w	c:\program files\Windows Live
2009-01-07 13:20 . 2009-01-07 13:20	--------	d-----w	c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-06 08:39 . 2009-02-13 08:37	--------	d-----w	c:\program files\Mass Downloader
2009-01-06 08:39 . 2009-01-06 08:39	--------	d-----w	c:\documents and settings\DELL\Application Data\MetaProducts
2008-12-26 09:55 . 2009-03-31 16:42	--------	d-----w	c:\program files\Dictionnaire
2008-12-24 15:41 . 2009-02-05 07:58	--------	d-----w	C:\quarantine
2008-12-19 15:54 . 2009-03-02 23:10	1499648	------w	c:\windows\system32\dllcache\shdocvw.dll
2008-12-19 15:54 . 2009-02-20 08:10	620544	------w	c:\windows\system32\dllcache\urlmon.dll
2008-12-16 09:13 . 2008-12-16 09:13	--------	d-----w	c:\documents and settings\DELL\Application Data\vlc
2008-12-16 09:11 . 2008-12-16 09:11	--------	d-----w	c:\program files\VideoLAN
2008-12-15 10:04 . 2009-02-09 11:23	2147328	------w	c:\windows\system32\dllcache
tkrnlmp.exe
2008-12-15 10:04 . 2009-02-10 17:06	2068096	------w	c:\windows\system32\dllcache
tkrnlpa.exe
2008-12-15 10:04 . 2009-02-09 11:23	2025984	------w	c:\windows\system32\dllcache
tkrpamp.exe
2008-12-15 10:04 . 2009-02-09 11:24	2191104	------w	c:\windows\system32\dllcache
toskrnl.exe
2008-12-12 13:10 . 2009-02-09 14:05	1846912	------w	c:\windows\system32\dllcache\win32k.sys
2008-12-12 07:06 . 2008-10-24 11:21	455296	------w	c:\windows\system32\dllcache\mrxsmb.sys
2008-12-11 10:38 . 2008-12-11 10:57	333952	------w	c:\windows\system32\dllcache\srv.sys
2008-12-11 10:08 . 2008-10-15 16:35	337408	------w	c:\windows\system32\dllcache
etapi32.dll
2008-12-11 09:19 . 2008-04-11 19:05	691712	------w	c:\windows\system32\dllcache\inetcomm.dll
2008-12-11 07:21 . 2008-12-11 07:21	--------	d-----w	c:\windows\Sun
2008-12-11 07:07 . 2008-05-01 14:36	331776	------w	c:\windows\system32\dllcache\msadce.dll
2008-12-10 11:40 . 2008-12-10 11:40	56	---ha-w	c:\windows\system32\ezsidmv.dat
2008-12-10 11:40 . 2009-04-14 14:08	--------	d-----w	c:\documents and settings\DELL\Application Data\skypePM
2008-12-10 11:35 . 2009-04-14 06:58	--------	d-----w	c:\documents and settings\DELL\Application Data\Skype
2008-12-10 11:35 . 2009-02-24 08:38	--------	d-----r	c:\program files\Skype
2008-12-09 13:49 . 2002-05-03 16:00	--------	d-----w	c:\documents and settings\DELL\Application Data\U3
2008-12-05 06:57 . 2008-12-05 06:57	144896	------w	c:\windows\system32\dllcache\schannel.dll
2008-12-02 20:37 . 2008-12-02 20:37	49480	----a-w	c:\windows\system32\sirenacm.dll
2008-10-23 12:36 . 2008-10-23 12:36	286720	------w	c:\windows\system32\dllcache\gdi32.dll
2008-09-30 15:43 . 2008-09-30 15:43	1286152	----a-w	c:\windows\system32\msxml4.dll
2008-09-05 22:30 . 2008-09-05 22:30	267304	------w	c:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 22:30 . 2008-09-05 22:30	952360	------w	c:\windows\system32\dllcache\WgaTray.exe
2008-07-14 16:16 . 2008-07-14 16:16	--------	d-----w	c:\documents and settings\DELL\Local Settings\Application Data\Identities
2008-07-07 20:28 . 2008-07-07 20:28	253952	------w	c:\windows\system32\dllcache\es.dll
2008-06-24 16:44 . 2008-06-24 16:44	74240	------w	c:\windows\system32\dllcache\mscms.dll
2008-06-20 17:47 . 2008-06-20 17:47	147968	------w	c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 17:47 . 2008-06-20 17:47	247808	------w	c:\windows\system32\dllcache\mswsock.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 13:32 . 2002-05-04 11:11	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2002-05-04 11:11	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-03-06 14:20 . 2004-08-19 13:03	286720	----a-w	c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-19 13:03	670208	----a-w	c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-19 13:03	81920	----a-w	c:\windows\system32\ieencode.dll
2009-02-09 14:05 . 2004-08-19 13:03	1846912	----a-w	c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-04 00:48	2025984	----a-w	c:\windows\system32
tkrnlpa.exe
2009-02-09 11:23 . 2004-08-19 13:03	2147328	----a-w	c:\windows\system32
toskrnl.exe
2009-02-09 11:23 . 2004-08-19 13:03	111104	----a-w	c:\windows\system32\services.exe
2009-02-09 10:53 . 2004-08-19 13:03	735744	----a-w	c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2004-08-19 13:03	401408	----a-w	c:\windows\system32pcss.dll
2009-02-09 10:53 . 2004-08-19 13:03	739840	----a-w	c:\windows\system32
tdll.dll
2009-02-09 10:53 . 2004-08-19 13:03	685568	----a-w	c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2004-08-19 13:03	35328	----a-w	c:\windows\system32\sc.exe
2009-02-03 19:58 . 2004-08-19 13:03	56832	----a-w	c:\windows\system32\secur32.dll
2009-02-02 07:38 . 2004-08-19 13:17	87703	----a-w	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-08 18:16 . 2006-12-28 15:15	--------	d-----w	c:\program files\Google
2008-12-20 22:14 . 2004-08-19 13:03	1294336	----a-w	c:\windows\system32\quartz.dll
2008-12-16 12:31 . 2004-08-19 13:03	354304	----a-w	c:\windows\system32\winhttp.dll
2008-12-11 10:57 . 2004-08-19 13:03	333952	----a-w	c:\windows\system32\drivers\srv.sys
2008-12-05 06:57 . 2004-08-19 13:03	144896	----a-w	c:\windows\system32\schannel.dll
2008-10-24 11:21 . 2004-08-19 13:03	455296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2004-08-19 13:03	286720	----a-w	c:\windows\system32\gdi32.dll
2008-10-16 13:13 . 2004-08-19 13:16	202776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13 . 2004-08-19 13:16	1809944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:12 . 2004-08-19 13:16	323608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:12 . 2004-08-19 13:16	561688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:09 . 2004-08-19 13:16	51224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09 . 2004-08-19 13:03	92696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:08 . 2004-08-19 13:16	34328	----a-w	c:\windows\system32\wups.dll
2008-10-03 10:03 . 2004-08-19 13:04	247326	----a-w	c:\windows\system32\strmdll.dll
2008-09-10 01:15 . 2008-04-14 02:33	1307648	------w	c:\windows\system32\msxml6.dll
2008-09-04 17:16 . 2004-08-19 13:03	1106944	----a-w	c:\windows\system32\msxml3.dll
2008-08-14 10:04 . 2004-08-19 13:03	138496	----a-w	c:\windows\system32\drivers\afd.sys
2008-07-07 20:28 . 2004-08-19 13:03	253952	----a-w	c:\windows\system32\es.dll
2008-06-24 17:12 . 2006-10-18 20:47	295936	------w	c:\windows\system32\wmpeffects.dll
2008-06-24 16:44 . 2004-08-19 13:03	74240	----a-w	c:\windows\system32\mscms.dll
2008-06-20 17:47 . 2004-08-19 13:03	247808	----a-w	c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2004-08-19 13:03	361600	----a-w	c:\windows\system32\drivers	cpip.sys
2008-06-20 11:08 . 2004-08-19 13:03	225856	----a-w	c:\windows\system32\drivers	cpip6.sys
2008-06-18 04:03 . 2004-08-19 13:04	938496	----a-w	c:\windows\system32\WMNetmgr.dll
2008-06-18 00:09 . 2004-08-19 13:04	100864	----a-w	c:\windows\system32\logagent.exe
2008-06-12 14:22 . 2004-08-19 13:14	956928	----a-w	c:\windows\system32\msdtctm.dll
2008-06-12 14:22 . 2004-08-19 13:14	91648	----a-w	c:\windows\system32\mtxoci.dll
2008-06-12 14:22 . 2004-08-19 13:14	428032	----a-w	c:\windows\system32\msdtcprx.dll
2008-06-12 14:22 . 2004-08-19 13:14	161792	----a-w	c:\windows\system32\msdtcuiu.dll
2008-06-12 14:22 . 2004-08-19 13:03	66560	----a-w	c:\windows\system32\mtxclu.dll
2008-06-12 14:22 . 2004-08-19 13:14	58880	----a-w	c:\windows\system32\msdtclog.dll
2008-05-09 10:55 . 2004-08-19 13:03	90112	----a-w	c:\windows\system32\wshext.dll
2008-05-09 10:55 . 2004-08-19 13:03	430080	----a-w	c:\windows\system32\vbscript.dll
2008-05-09 10:55 . 2004-08-19 13:03	180224	----a-w	c:\windows\system32\scrobj.dll
2008-05-09 10:55 . 2004-08-19 13:03	172032	----a-w	c:\windows\system32\scrrun.dll
2008-05-08 14:02 . 2004-08-19 13:03	203136	----a-w	c:\windows\system32\driversmcast.sys
2008-05-08 11:24 . 2004-08-19 13:03	155648	----a-w	c:\windows\system32\wscript.exe
2008-05-07 09:07 . 2004-08-19 13:03	135168	----a-w	c:\windows\system32\cscript.exe
2008-04-14 02:50 . 2004-08-19 13:03	1804	----a-w	c:\windows\system32\dcache.bin
2008-04-14 02:37 . 2004-08-19 13:03	332800	----a-w	c:\windows\system32
etsetup.exe
2008-04-14 02:33 . 2004-08-19 13:14	6144	----a-w	c:\windows\system32\dcomcnfg.exe
2008-04-14 02:32 . 2004-08-19 13:03	5632	----a-w	c:\windows\system32\wmi.dll
2008-04-14 02:32 . 2004-08-19 13:03	764416	----a-w	c:\windows\system32\winntbbu.dll
2008-04-14 02:32 . 2004-08-19 13:03	24064	----a-w	c:\windows\system32\pidgen.dll
2008-04-14 02:32 . 2004-08-19 13:03	61471	----a-w	c:\windows\system32\odbcji32.dll
2008-04-14 02:10 . 2004-08-19 13:16	73600	----a-w	c:\windows\system32\drivers\sr.sys
2008-04-14 02:09 . 2004-08-04 00:37	120576	----a-w	c:\windows\system32\drivers\pcmcia.sys
2008-04-14 02:09 . 2004-08-04 00:37	68608	----a-w	c:\windows\system32\drivers\pci.sys
2008-04-14 02:09 . 2004-08-04 00:36	80384	----a-w	c:\windows\system32\drivers\parport.sys
2008-04-14 02:09 . 2004-08-04 00:36	46848	----a-w	c:\windows\system32\drivers\p3.sys
2008-04-14 02:06 . 2004-08-19 13:03	4096	----a-w	c:\windows\system32\dsprpres.dll
2008-04-14 02:05 . 2004-08-04 00:45	25216	----a-w	c:\windows\system32\drivers\kbdclass.sys
2008-04-14 02:05 . 2004-08-19 13:03	154496	----a-w	c:\windows\system32\drivers\dmio.sys
2008-04-14 02:05 . 2004-08-19 13:03	800256	----a-w	c:\windows\system32\drivers\dmboot.sys
2008-04-14 02:04 . 2001-08-23 16:58	37632	----a-w	c:\windows\system32\drivers\isapnp.sys
2008-04-14 02:03 . 2004-08-04 00:43	40576	----a-w	c:\windows\system32\drivers\intelppm.sys
2008-04-14 02:03 . 2004-08-19 13:11	5504	----a-w	c:\windows\system32\drivers\intelide.sys
2008-04-14 02:02 . 2004-08-19 13:16	50688	----a-w	c:\windows\system32\inetres.dll
2008-04-14 02:02 . 2004-08-04 00:44	40960	----a-w	c:\windows\system32\drivers\crusoe.sys
2008-04-14 02:00 . 2004-08-19 13:03	572416	----a-w	c:\windows\system32\shdoclc.dll
2008-04-14 02:00 . 2004-08-04 00:41	54144	----a-w	c:\windows\system32\drivers\i8042prt.sys
2008-04-14 02:00 . 2004-08-04 00:41	66048	----a-w	c:\windows\system32\drivers\serial.sys
2008-04-14 01:59 . 2004-08-19 13:03	10240	----a-w	c:\windows\system32\gpkrsrc.dll
2008-04-14 01:58 . 2004-08-19 13:03	1647616	----a-w	c:\windows\system32\winbrand.dll
2008-04-14 01:57 . 2004-08-19 13:03	70144	----a-w	c:\windows\system32\browselc.dll
2008-04-14 01:57 . 2004-08-19 13:03	44672	----a-w	c:\windows\system32\drivers\fips.sys
2008-04-14 01:57 . 2004-08-19 13:12	58752	----a-w	c:\windows\system32\driversedbook.sys
2008-04-14 01:56 . 2004-08-19 13:03	57344	----a-w	c:\windows\system32\mshtmler.dll
2008-04-14 01:56 . 2004-08-19 13:03	53376	----a-w	c:\windows\system32\drivers\volsnap.sys
2008-04-14 01:55 . 2004-08-04 00:38	40064	----a-w	c:\windows\system32\drivers\processr.sys
2008-04-14 01:54 . 2004-08-04 00:37	41856	----a-w	c:\windows\system32\drivers\amdk7.sys
2008-04-14 01:54 . 2004-08-04 00:37	41472	----a-w	c:\windows\system32\drivers\amdk6.sys
2008-04-14 01:53 . 2004-08-04 00:37	23680	----a-w	c:\windows\system32\drivers\mouclass.sys
2008-04-14 01:53 . 2004-08-04 00:37	30336	----a-w	c:\windows\system32\drivers\modem.sys
2008-04-14 01:52 . 2004-08-04 00:36	188672	----a-w	c:\windows\system32\drivers\acpi.sys
2008-04-13 19:28 . 2004-08-19 13:03	175744	----a-w	c:\windows\system32\driversdbss.sys
2008-04-13 19:21 . 2004-08-19 13:03	162816	----a-w	c:\windows\system32\drivers
etbt.sys
2008-04-13 19:20 . 2004-08-19 13:03	91520	----a-w	c:\windows\system32\drivers
diswan.sys
2008-04-13 19:20 . 2004-08-19 13:03	182656	----a-w	c:\windows\system32\drivers
dis.sys
2008-04-13 19:19 . 2004-08-19 13:03	48384	----a-w	c:\windows\system32\driversaspptp.sys
2008-04-13 19:19 . 2004-08-19 13:03	51328	----a-w	c:\windows\system32\driversasl2tp.sys
2008-04-13 19:19 . 2004-08-19 13:03	75264	----a-w	c:\windows\system32\drivers\ipsec.sys
2008-04-13 19:19 . 2004-03-16 11:58	146048	------w	c:\windows\system32\drivers\portcls.sys
2001-11-30 18:26 . 2001-11-30 18:26	98304	----a-w	c:\program files\internet explorer\plugins\LVActiveXControl.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-02-12 11:42	66912	----a-w	c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]
2009-04-01 06:30	1883672	----a-w	c:\program files\PHPNukeFR	bPHP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}"= "c:\program files\PHPNukeFR	bPHP1.dll" [2009-04-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{258FE8B8-A13C-4B91-9A0C-C2D3CAB8B990}"= "c:\program files\PHPNukeFR	bPHP1.dll" [2009-04-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{258fe8b8-a13c-4b91-9a0c-c2d3cab8b990}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ModemOnHold"="c:\program files\NetWaiting
etWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-04 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-02-12 3061248]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-02-12 2823784]
"L07FXLRD_1685890"="c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" [2006-06-13 351000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-06 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-19 29744]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GW Port Controller"="c:\program files\Samsung\SmarThru\PORTCTRL.EXE" [2002-02-04 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2009-02-23 472872]
"SoftwareHelper"="c:\documents and settings\DELL\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ask  Harrap's Shorter.lnk - c:\program files\Harrap's Multim‚dia\Shorter\bin\HiHarrapsTray.exe [2009-3-11 122880]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-28 24576]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
YH.lnk - c:\windows\Installer\{3E014081-73B2-486E-B3CC-416D4447C3A3}\_7D54A37BF559786EAE0232.exe [2009-4-19 10134]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= mmc.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"c:\Program Files\Yahoo!\Messenger\YServer.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=

R3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-19 29744]
R3 HitGsrGenerator;HitGsrGenerator;c:\mt-ds\sys\bin\snmp_gsr\HitGsrGenerator.exe [2007-11-01 954368]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-28 39048]
R3 WARSVR;WARSVR;c:\mt-ds\sys\bin\war-ftpd\war-ftpd.exe [2005-09-13 507982]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe [2009-02-12 288368]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-05-30 24344]

.
Contenu du dossier 'Tâches planifiées'

2002-05-04 c:\windows\Tasks\SpeedOptimizer Startup.job
- c:\progra~1\speedo~1\SPO.exe [2009-02-13 07:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-SuperCopier2.exe - c:\program files\SuperCopier2\SuperCopier2.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://y.lo.st
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
TCP: {2FDFDEF3-1633-4E0E-9600-E1B85E59CF43} = 41.223.248.1,81.91.225.18
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-05-04 16:22
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1612)
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1668)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll

- - - - - - - > 'explorer.exe'(1980)
c:\program files\PC-Software\Yahoo Hider\YHhook.dll
c:\program files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
c:\program files\Fichiers communs\Microsoft Shared\Encarta Search Bar\F\ESBRes.DLL
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
c:\program files\PC-Software\Yahoo Hider\YH.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\dwwin.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2002-05-04 16:25 - La machine a redémarré
ComboFix-quarantined-files.txt  2002-05-04 14:25

Avant-CF: 4 480 868 352 octets libres
Après-CF: 4 377 116 672 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

449	--- E O F ---	2002-05-04 14:21

houhou · Answer

je reclame un verus c;/win1.pif sur mon PC je voudrais une solution
merci

C:\win2.PIF

13 réponses

Votre réponse

Newsletters