Sujet Précédent Sujet Suivant

Nmdfgds0.dll besoin d'aide

Résolu
nicoprosk8 Messages postés 119 Statut Membre -  
 gen-hackman -
Bonjour, je me suis infecter par le virus nmdfgds0.dll qui était un rookit au départ.
Je m'explique, au début j'avais avast il le détecter tout le temps. j'ai changer et j'ai pris kaspersky 2009 la il la trouver supprimé mais mon ordi a redémarrer et depuis je ne pe pas accéder normalement a mon disque local, je peux que en faisant explorer. De plus aujourd'hui j'ai un mal fou a me connecter au wi fi livebox. Pouvez-vous m'aidez svp ? et je voulais savoir si je peux me connecter en ethernet a une livebox sans infecter quoi que se soit.
J'ai un ordinateur portable sur windows xp.

Je vous remercie d'avance

82 réponses

Précédent
Réponse 21 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
j'ai fait la premiere chose du lien donnée, je ne peux tjr pas accéder au disque dur . voici le rapport et encore merci :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027c61fe-52b3-11dd-b3b4-0090f5648e53}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14be062e-d5b8-11dc-b2dd-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3860f856-b274-11dd-b457-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43aa2836-d339-11dc-b2d9-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3a71d1b-0f84-11dd-b351-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f56f32-7e8e-11dd-b401-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d54a6e14-e4b8-11dc-b2fa-0013e81e0cc1}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_HRqx684VRBSlqU7SUQra scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF155A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3614.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF362F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3E90.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF6BE0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~2c3ee9bf.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2c3efd35.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2d3fbbf1.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2d4003ea.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~b9b6340.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~b9b672d.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02232009_202901

Files moved on Reboot...
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_HRqx684VRBSlqU7SUQra not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF155A.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3614.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF362F.tmp not found!
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3E90.tmp moved successfully.
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF6BE0.tmp not found!
File C:\WINDOWS\temp\cch~2c3ee9bf.htp not found!
File C:\WINDOWS\temp\cch~2c3efd35.htp not found!
File C:\WINDOWS\temp\cch~2d3fbbf1.htp not found!
File C:\WINDOWS\temp\cch~2d4003ea.htp not found!
File C:\WINDOWS\temp\cch~b9b6340.htp not found!
File C:\WINDOWS\temp\cch~b9b672d.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl moved successfully.
0
Réponse 22 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
Voila j'ai fais la manip, voici le rapport aprés avoir utiliser le deuximee program, je peux acceder au disque dur merci beaucoup! Faut- il encore fais d'autre chose pour etre sur d'etre sortis d'afaire ??

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027c61fe-52b3-11dd-b3b4-0090f5648e53}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14be062e-d5b8-11dc-b2dd-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3860f856-b274-11dd-b457-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43aa2836-d339-11dc-b2d9-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3a71d1b-0f84-11dd-b351-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f56f32-7e8e-11dd-b401-0013e81e0cc1}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d54a6e14-e4b8-11dc-b2fa-0013e81e0cc1}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_HRqx684VRBSlqU7SUQra scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF155A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3614.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF362F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3E90.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF6BE0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~2c3ee9bf.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2c3efd35.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2d3fbbf1.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~2d4003ea.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~b9b6340.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~b9b672d.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02232009_202901

Files moved on Reboot...
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_HRqx684VRBSlqU7SUQra not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF155A.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3614.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF362F.tmp not found!
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3E90.tmp moved successfully.
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF6BE0.tmp not found!
File C:\WINDOWS\temp\cch~2c3ee9bf.htp not found!
File C:\WINDOWS\temp\cch~2c3efd35.htp not found!
File C:\WINDOWS\temp\cch~2d3fbbf1.htp not found!
File C:\WINDOWS\temp\cch~2d4003ea.htp not found!
File C:\WINDOWS\temp\cch~b9b6340.htp not found!
File C:\WINDOWS\temp\cch~b9b672d.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl moved successfully.
0
Réponse 23 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
Donc pour suivre

desactive ton antivirus et toutes defence durant toute la manip qui suit

et telecharge combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
sur ton BUREAU puis deconnecte toi d'internet et ferme TOUT

lance le et ne touche + a rien meme pas à la souris et poste le rapport à la fin

+ 1 nouveau log RSIT juste le log.txt
0
Réponse 24 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
c'est quoi la deuxieme chose que tu as fait qui ta fait retrouvé l'accés au disque flash desinfector ou tu as deja passer combofix ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
c'etait flash. j'ai fait combo fix apperement plus aucun probleme. voici le rapport de combofix: dois-je faire encore quelque chose ?

ComboFix 09-02-21.01 - Propriétaire 2009-02-23 21:57:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3070.2489 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\pthreadGC2.dll
H:\Autorun.inf
I:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://msxb-d1.vo.llnw.net:3074
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-23 au 2009-02-23 ))))))))))))))))))))))))))))))))))))
.

2009-02-23 20:29 . 2009-02-23 20:29 <REP> d-------- C:\_OTMoveIt
2009-02-23 10:42 . 2009-02-23 10:43 <REP> d-------- C:\rsit
2009-02-22 19:59 . 2009-02-22 19:59 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Malwarebytes
2009-02-22 19:58 . 2009-02-22 19:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 19:58 . 2009-02-22 19:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 19:58 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 19:58 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 19:37 . 2009-02-22 19:37 <REP> d-------- c:\program files\Trend Micro
2009-02-22 19:24 . 2009-02-22 19:24 <REP> d-------- c:\program files\Fichiers communs\Intel
2009-02-22 19:24 . 2008-11-17 07:23 3,636,864 --a------ c:\windows\system32\drivers\NETw5x32.sys
2009-02-22 19:24 . 2008-06-20 09:33 2,756,608 --a------ c:\windows\system32\NETw5r32.dll
2009-02-22 19:24 . 2008-06-20 09:32 663,552 --a------ c:\windows\system32\NETw5c32.dll
2009-02-21 16:30 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2009-02-21 16:30 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys
2009-02-21 16:23 . 2009-02-21 16:27 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-21 16:23 . 2009-02-21 16:27 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-21 16:22 . 2009-02-21 16:22 <REP> d-------- c:\program files\Kaspersky Lab
2009-02-21 16:22 . 2009-02-23 22:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-21 16:22 . 2009-02-23 22:01 6,580,256 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-21 16:22 . 2009-02-23 22:01 524,320 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-21 16:22 . 2009-02-23 22:01 54,584 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-21 16:22 . 2009-02-23 22:01 4,968 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-21 13:49 . 2009-02-21 13:49 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-21 13:49 . 2009-02-21 13:49 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-21 13:47 . 2009-02-21 13:47 121 --a------ c:\windows\bdagent.INI
2009-02-21 13:26 . 2009-02-21 13:26 280 --a------ c:\windows\system32\BDUpdateV1.xml
2009-02-21 12:57 . 2007-01-18 13:00 3,968 --a------ c:\windows\system32\drivers\AvgArCln.sys
2009-02-21 02:57 . 2009-02-21 16:17 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-21 02:46 . 2009-02-21 02:46 <REP> d-------- c:\program files\BitDefender
2009-02-21 02:30 . 2009-02-21 02:46 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2009-02-20 13:38 . 2009-02-21 16:16 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-20 13:38 . 2009-02-21 16:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-10 09:04 . 2009-02-10 09:04 <REP> d-------- c:\program files\DVDlabPro2
2009-02-09 16:46 . 2009-02-09 16:46 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2009-02-09 16:46 . 2009-02-09 16:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-09 16:45 . 2009-02-09 16:44 109,568 --------- c:\windows\system32\pxinsi64.exe
2009-02-09 16:45 . 2009-02-09 16:44 108,544 --------- c:\windows\system32\pxcpyi64.exe
2009-02-09 09:32 . 2009-02-09 09:32 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\SorensonMedia
2009-02-09 09:31 . 2009-02-09 09:31 <REP> d-------- c:\program files\ffdshow
2009-02-09 09:31 . 2007-12-24 13:49 7,680 --a------ c:\windows\system32\ff_vfw.dll
2009-02-09 09:31 . 2007-12-07 18:28 6,144 --a------ c:\windows\system32\ff_acm.acm
2009-02-09 09:31 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-09 09:29 . 2009-02-09 09:29 <REP> d-------- c:\program files\Sorenson Media
2009-02-09 09:29 . 2009-02-09 09:29 <REP> d-------- c:\program files\BIAS
2009-02-09 09:29 . 2009-02-09 09:29 <REP> d-------- C:\Binaries
2009-02-09 09:15 . 2009-02-09 09:15 <REP> d-------- c:\windows\system32\MEDIA
2009-02-05 18:59 . 2009-02-05 18:59 <REP> d-------- c:\windows\Sun
2009-02-03 15:39 . 2009-02-21 03:58 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-02-03 12:41 . 2009-02-15 21:01 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\skypePM
2009-02-03 12:41 . 2009-02-03 12:41 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-03 12:39 . 2009-02-15 22:08 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Skype
2009-02-03 12:38 . 2009-02-03 12:38 <REP> d-------- c:\program files\Skype
2009-02-03 12:38 . 2009-02-03 12:38 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-03 12:38 . 2009-02-03 12:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-02-02 21:35 . 2008-04-14 04:33 77,312 --a------ c:\windows\system32\usbui.dll
2009-02-02 21:35 . 2008-04-14 04:33 77,312 --a--c--- c:\windows\system32\dllcache\usbui.dll
2009-02-02 20:42 . 2009-02-02 20:48 <REP> d-------- c:\windows\NV17002432.TMP
2009-02-02 16:46 . 2009-02-02 16:46 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Intel
2009-02-02 16:46 . 2009-02-02 16:46 <REP> d-------- c:\documents and settings\LocalService\Application Data\Intel
2009-02-02 16:46 . 2009-02-02 16:46 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intel
2009-02-02 16:43 . 2009-02-02 16:43 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Intel
2009-02-02 16:43 . 2009-02-02 16:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Intel
2009-02-02 16:30 . 2009-02-02 16:30 8 --a------ c:\windows\system32\nvModes.dat
2009-02-02 16:26 . 2009-02-02 16:27 360 --a------ C:\boot.ini.Avid
2009-02-02 16:17 . 2008-12-04 09:31 53,248 --a------ c:\windows\system32\CSVer.dll
2009-02-02 16:10 . 2009-02-02 16:10 <REP> d-------- c:\windows\system32\AGEIA
2009-02-02 16:10 . 2009-02-02 16:15 <REP> d-------- c:\windows\NV24521892.TMP
2009-02-02 16:10 . 2009-02-02 16:10 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-02 16:10 . 2009-02-02 16:11 <REP> d-------- c:\program files\AGEIA Technologies
2009-02-02 15:46 . 2009-02-02 15:46 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-23 14:59 . 2009-01-23 14:59 603,904 --------- c:\windows\system32\TUProgSt.exe
2009-01-23 14:59 . 2009-01-23 14:59 360,192 --------- c:\windows\system32\TuneUpDefragService.exe
2009-01-23 14:58 . 2009-01-23 14:59 <REP> d-------- c:\program files\TuneUp Utilities 2009
2009-01-23 14:58 . 2009-01-23 14:58 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 18:24 --------- d-----w c:\program files\Intel
2009-02-21 15:27 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-21 15:07 --------- d-----w c:\program files\Alwil Software
2009-02-10 11:51 --------- d-----w c:\documents and settings\Propriétaire\Application Data\dvdcss
2009-02-09 15:49 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-09 15:44 20,576 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-02-09 08:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 08:17 --------- d-----w c:\program files\Fichiers communs\Avid
2009-02-09 08:13 --------- d-----w c:\program files\Avid
2009-02-03 13:03 --------- d-----w c:\program files\Rockstar Games
2009-02-02 14:46 --------- d-----w c:\program files\ma-config.com
2009-01-27 12:39 --------- d-----w c:\program files\Microsoft Games
2009-01-19 18:23 --------- d-----w c:\documents and settings\Propriétaire\Application Data\OpenOffice.org
2009-01-19 18:02 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-19 18:02 --------- d-----w c:\program files\JRE
2009-01-19 18:02 --------- d-----w c:\program files\Java
2009-01-19 18:01 --------- d-----w c:\program files\Fichiers communs\Java
2008-11-08 14:06 22,328 ----a-w c:\documents and settings\Propriétaire\Application Data\PnkBstrK.sys
2008-08-26 14:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082620080827\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-13 815104]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-21 206088]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-16 1368064]
"IntelWireless"="c:\program files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936]
"CHotkey"="zHotkey.exe" [2004-12-08 c:\windows\zHotkey.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"= diomidi.dll
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"wave1"= Digi32.dll
"msacm.avis"= ff_acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
"SetDefaultMIDI"=MIDIDef.exe
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"BisonHK"=c:\windows\BisonCam\BisonHK.exe
"BisonTrayIcon"=c:\windows\BisonCam\BisonTrayIcon.exe
"DigidesignMMERefresh"=c:\program files\Digidesign\Drivers\MMERefresh.exe
"NeroFilterCheck"=c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe
"Alcmtr"=ALCMTR.EXE
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SPIRun"=Rundll32 SPIRun.dll,RunDLLEntry
"RTHDCPL"=RTHDCPL.EXE
"\\BERNARD\EPSON Stylus Photo RX520 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P41 "\\BERNARD\EPSON Stylus Photo RX520 Series" /O6 "USB002" /M "Stylus Photo RX520"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Avid\\Avid3D_5.6.4\\Application\\bin\\3D.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Avid\\MetaSync\\jre\\bin\\java.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\AOMX.EXE"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-01-12 11776]
R2 ITECIRService;ITE Remote Controler service;c:\program files\ITECIR\RemoteControlService.exe [2008-01-28 656896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-23 603904]
R3 ITECIR;ITE EC CIR Driver (PMC);c:\windows\system32\drivers\ITECIR.sys [2008-01-11 7808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2009-02-21 18688]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-06 52080]
S3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\T3.SYS [2008-01-13 733184]
S3 t3filt;t3filt;c:\windows\system32\drivers\T3FILT.SYS [2008-01-13 1656576]
.
Contenu du dossier 'Tâches planifiées'

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-02-23 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 22:04:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1767777339-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:19,5c,87,4f,23,c7,54,51,73,dd,84,69,93,a3,df,75,a6,5c,ed,77,17,
3e,30,fa,fa,e2,14,27,9a,d0,54,cf,db,95,7b,13,93,61,20,86,0d,6e,16,33,ab,4c,\
"rkeysecu"=hex:2f,21,ab,da,1c,56,54,45,e4,26,b2,06,56,ee,3b,03

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b5,99,b7,b1,1f,55,da,98,b2,1a,a1,1b,01,21,1c,59,dc,7d,1d,42,a6,
0a,28,f1,d7,e2,a1,1c,1d,50,9a,3d,05,0c,3d,09,c1,e2,6a,c3,c8,ec,9c,82,fc,9d,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b5,99,b7,b1,1f,55,da,98,b2,1a,a1,1b,01,21,1c,59,dc,7d,1d,42,a6,
0a,28,f1,d7,e2,a1,1c,1d,50,9a,3d,05,0c,3d,09,c1,e2,6a,c3,c8,ec,9c,82,fc,9d,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\netprovcredman.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-23 22:07:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-23 21:07:50

Avant-CF: 3 533 651 968 octets libres
Après-CF: 3,462,615,040 octets libres

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
295 --- E O F --- 2009-02-20 18:14:37
0
Réponse 26 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
bonsoir

* Télécharger et enregistrer lopSD sur ton bureau https://www.androidworld.fr/

(c est le numéro 4 en bas de la page) :
* Double-clic Lop S&D
* Faire l'installation
* Fermer toutes les applications
* Le lancer par un double-clic sur le raccourci qui est sur le bureau

* Taper F pour français , puis presser entrée
* Taper 1
* Presser Entrée
* Le PC va redémarrer

* Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
* Attendre l'apparition du rapport
* Copier le rapport et le coller dans la réponse

* le rapport se trouve aussi à C:\lopR
0
Réponse 27 / 82
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
tout à fait d'accord avec totobetourne.
0
Réponse 28 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
voici le rapport :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz )
BIOS : BIOS Revision: 1.00.03
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:3 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:15367 Mo (Free:5 Go)
G:\ (CD or DVD)
H:\ (Local Disk) - NTFS - Total:232 Go (Free:47 Go)
I:\ (Local Disk) - NTFS - Total:465 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/02/2009|23:27 )

--------------------\\ Listing des dossiers dans APPLIC~1

[02/02/2009|16:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
[11/01/2008|19:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[23/01/2009|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{55A29068-F2CE-456C-9148-C869879E2357}
[09/02/2009|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/02/2009|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[12/01/2008|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
[19/02/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12/01/2008|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/10/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avid
[07/03/2008|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[09/09/2008|13:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Codemasters
[13/01/2008|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[02/05/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/04/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[02/02/2009|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[23/02/2009|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[24/10/2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\KONAMI
[02/02/2009|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[22/02/2009|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[13/02/2009|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/04/2008|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Minnetonka Audio Software
[12/01/2008|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[05/06/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[14/01/2008|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
[03/02/2009|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/02/2009|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[12/01/2008|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[12/01/2008|00:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/01/2008|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/02/2009|16:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[11/01/2008|19:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[02/02/2009|16:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
[11/01/2008|19:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[02/02/2009|16:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
[11/01/2008|19:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[02/02/2009|16:47] C:\DOCUME~1\PROPRI~3\APPLIC~1\Intel
[06/04/2008|17:26] C:\DOCUME~1\PROPRI~3\APPLIC~1\Nero

[02/02/2009|16:47] C:\DOCUME~1\PROPRI~2\APPLIC~1\Intel

[20/02/2009|14:13] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[12/01/2008|10:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[23/10/2008|20:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\Avid
[02/05/2008|15:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[06/02/2008|20:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\DAEMON Tools
[10/02/2009|12:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[15/10/2008|20:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\FMZilla
[11/01/2008|19:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[11/01/2008|19:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[02/02/2009|16:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Intel
[28/04/2008|10:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
[26/01/2008|00:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\ma-config.com
[12/01/2008|09:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[22/02/2009|19:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[13/04/2008|13:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\Media Player Classic
[09/02/2009|09:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[22/01/2008|12:03] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders
[18/07/2008|11:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[12/01/2008|08:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nero
[19/01/2009|19:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\OpenOffice.org
[10/02/2009|09:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\Opera
[14/01/2008|22:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\PACE Anti-Piracy
[08/11/2008|15:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[15/02/2009|22:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
[15/02/2009|21:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\skypePM
[09/02/2009|09:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\SorensonMedia
[19/01/2009|19:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[12/01/2008|16:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\TuneUp Software
[14/08/2008|01:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\U3
[14/04/2008|17:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
[14/04/2008|17:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc(2)
[12/01/2008|09:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/02/2009 23:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[14/02/2009 18:05][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/02/2009 22:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/02/2009|16:51] C:\Program Files\Adobe
[02/02/2009|16:11] C:\Program Files\AGEIA Technologies
[21/02/2009|16:07] C:\Program Files\Alwil Software
[16/04/2008|09:53] C:\Program Files\Apple Software Update
[09/02/2009|09:13] C:\Program Files\Avid
[09/02/2009|09:29] C:\Program Files\BIAS
[21/02/2009|02:46] C:\Program Files\BitDefender
[12/01/2008|10:52] C:\Program Files\Bonjour
[27/04/2008|10:48] C:\Program Files\Boris FX, Inc
[09/09/2008|13:06] C:\Program Files\Codemasters
[11/01/2008|19:05] C:\Program Files\ComPlus Applications
[13/01/2008|16:44] C:\Program Files\Creative
[02/05/2008|15:09] C:\Program Files\CyberLink
[12/01/2008|11:42] C:\Program Files\DAEMON Tools Lite
[11/01/2008|19:21] C:\Program Files\DIFX
[14/01/2008|21:54] C:\Program Files\Digidesign
[26/02/2008|23:28] C:\Program Files\DivX
[10/02/2009|09:04] C:\Program Files\DVDlabPro2
[01/03/2008|21:19] C:\Program Files\EA SPORTS
[04/09/2008|14:43] C:\Program Files\ElcomSoft
[15/03/2008|18:42] C:\Program Files\Electronic Arts
[23/05/2008|10:38] C:\Program Files\e-on software
[17/04/2008|20:47] C:\Program Files\EPSON
[09/02/2009|09:31] C:\Program Files\ffdshow
[23/02/2009|21:59] C:\Program Files\Fichiers communs
[15/10/2008|20:18] C:\Program Files\Free Music Zilla
[21/02/2009|12:57] C:\Program Files\GRISOFT
[25/01/2008|13:38] C:\Program Files\GTA San Andreas
[11/01/2008|19:17] C:\Program Files\HotKey_Driver
[09/02/2009|09:29] C:\Program Files\InstallShield Installation Information
[22/02/2009|19:24] C:\Program Files\Intel
[12/01/2008|09:56] C:\Program Files\InterLok
[12/02/2009|03:01] C:\Program Files\Internet Explorer
[15/04/2008|09:17] C:\Program Files\iPod
[28/01/2008|11:26] C:\Program Files\ITECIR
[15/04/2008|09:17] C:\Program Files\iTunes
[28/01/2008|11:24] C:\Program Files\IVT Corporation
[19/01/2009|19:02] C:\Program Files\Java
[19/01/2009|19:02] C:\Program Files\JRE
[21/02/2009|16:22] C:\Program Files\Kaspersky Lab
[24/10/2008|13:29] C:\Program Files\KONAMI
[02/02/2009|15:46] C:\Program Files\ma-config.com
[22/02/2009|19:59] C:\Program Files\Malwarebytes' Anti-Malware
[22/01/2008|12:03] C:\Program Files\microsoft frontpage
[27/01/2009|13:39] C:\Program Files\Microsoft Games
[09/12/2008|07:10] C:\Program Files\Microsoft Games for Windows - LIVE
[22/01/2008|12:03] C:\Program Files\Microsoft Office
[22/01/2008|12:06] C:\Program Files\Microsoft Visual Studio
[11/01/2008|19:19] C:\Program Files\Motorola
[26/08/2008|15:31] C:\Program Files\Movie Maker
[23/02/2009|22:19] C:\Program Files\Mozilla Firefox
[09/12/2008|05:23] C:\Program Files\MSBuild
[11/01/2008|19:04] C:\Program Files\MSN
[11/01/2008|19:05] C:\Program Files\MSN Gaming Zone
[12/01/2008|17:39] C:\Program Files\MSXML 4.0
[12/01/2008|00:20] C:\Program Files\MSXML 6.0
[12/01/2008|08:56] C:\Program Files\Nero
[26/08/2008|15:29] C:\Program Files\NetMeeting
[21/04/2008|14:37] C:\Program Files\NVIDIA Corporation
[21/04/2008|14:36] C:\Program Files\NVIDIA nTune Performance Application
[11/01/2008|19:05] C:\Program Files\Online Services
[09/09/2008|13:29] C:\Program Files\OpenAL
[19/01/2009|19:02] C:\Program Files\OpenOffice.org 3
[26/08/2008|15:29] C:\Program Files\Outlook Express
[23/10/2008|20:31] C:\Program Files\QuickTime
[28/01/2008|11:16] C:\Program Files\Realtek
[09/12/2008|05:16] C:\Program Files\Reference Assemblies
[03/02/2009|14:03] C:\Program Files\Rockstar Games
[12/06/2008|09:46] C:\Program Files\Samsung
[14/04/2008|17:40] C:\Program Files\Satsuki Decoder Pack
[24/04/2008|10:22] C:\Program Files\Sega
[28/04/2008|10:34] C:\Program Files\Sentinel
[11/01/2008|19:07] C:\Program Files\Services en ligne
[13/01/2008|00:58] C:\Program Files\skycorp
[03/02/2009|12:38] C:\Program Files\Skype
[09/02/2009|09:29] C:\Program Files\Sorenson Media
[21/02/2009|16:16] C:\Program Files\Spybot - Search & Destroy
[11/01/2008|19:15] C:\Program Files\Synaptics
[22/02/2009|19:37] C:\Program Files\Trend Micro
[23/01/2009|14:59] C:\Program Files\TuneUp Utilities 2009
[08/11/2008|15:01] C:\Program Files\Ubisoft
[11/01/2008|19:11] C:\Program Files\Uninstall Information
[12/01/2008|00:11] C:\Program Files\VideoLAN
[12/01/2008|00:03] C:\Program Files\Windows Live
[15/04/2008|09:10] C:\Program Files\Windows Media Connect 2
[26/08/2008|15:29] C:\Program Files\Windows Media Player
[26/08/2008|15:29] C:\Program Files\Windows NT
[12/01/2008|09:56] C:\Program Files\WindowsUpdate
[12/01/2008|09:19] C:\Program Files\WinRAR
[14/04/2008|17:40] C:\Program Files\Worms World Party
[11/01/2008|19:08] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[09/02/2009|16:49] C:\Program Files\Fichiers communs\Adobe
[09/02/2009|16:46] C:\Program Files\Fichiers communs\Adobe Systems Shared
[15/04/2008|09:14] C:\Program Files\Fichiers communs\Apple
[09/02/2009|09:17] C:\Program Files\Fichiers communs\Avid
[21/02/2009|02:46] C:\Program Files\Fichiers communs\BitDefender
[22/01/2008|12:06] C:\Program Files\Fichiers communs\Designer
[12/01/2008|09:58] C:\Program Files\Fichiers communs\Digidesign
[21/04/2008|14:37] C:\Program Files\Fichiers communs\InstallShield
[22/02/2009|19:24] C:\Program Files\Fichiers communs\Intel
[19/01/2009|19:01] C:\Program Files\Fichiers communs\Java
[12/01/2008|10:45] C:\Program Files\Fichiers communs\Macrovision Shared
[22/01/2008|12:05] C:\Program Files\Fichiers communs\Microsoft Shared
[11/01/2008|19:06] C:\Program Files\Fichiers communs\MSSoap
[12/01/2008|08:58] C:\Program Files\Fichiers communs\Nero
[11/01/2008|20:00] C:\Program Files\Fichiers communs\ODBC
[12/01/2008|09:56] C:\Program Files\Fichiers communs\PACE Anti-Piracy
[23/10/2008|20:06] C:\Program Files\Fichiers communs\SafeNet Sentinel
[11/01/2008|19:06] C:\Program Files\Fichiers communs\Services
[03/02/2009|12:38] C:\Program Files\Fichiers communs\Skype
[28/04/2008|10:34] C:\Program Files\Fichiers communs\Sonic Shared
[11/01/2008|20:00] C:\Program Files\Fichiers communs\SpeechEngines
[26/12/2008|21:09] C:\Program Files\Fichiers communs\System
[12/01/2008|00:02] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[02/02/2009|16:10] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 23:28:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Filters\Other Filters\Cracks.flt
C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Filters\Other Filters\Narrow crack.flt
C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Filters\Other Filters\Round crack.flt
C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Filters\Other Filters\Simple crack.flt
C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Filters\Other Filters\Wide crack.flt
C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Functions\Basic\Cracks.fnc
C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Functions\Basic\Sparse cracks.fnc
C:\DOCUME~1\PROPRI~1\Mes documents\e-on software\Vue 6 xStream\Functions\Bumps\Complex cracks.fnc
C:\DOCUME~1\PROPRI~1\Recent\AvidMediaComposer30-crack.rar.lnk
C:\DOCUME~1\PROPRI~1\Recent\Crack.lnk
C:\DOCUME~1\ALLUSE~1\Documents\Sorenson.Squeeze.v5.0.2.8.Incl.Patch.And.Keymaker-AGAiN\Keygen.exe

[F:2][D:1]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:4][D:1]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:307][D:12]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 23/02/2009|23:29 - Option : [1]

--------------------\\ Fin du rapport a 23:29:57
0
Réponse 29 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
bonjour,

vire tes crack pour pas relancer l'infection et

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Clique sur Continue
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports SEPAREMENT
0
Réponse 30 / 82
j-f-t Messages postés 2 Statut Membre
 
Bonjour...
je suis nouveau sur ce forum, je viens de m'inscrire car j'ai un probleme au demarrage de mon pc.
Avast détecte un infection à trojan Kavos dans le fichier nmdfgds0.dll , que j'ai probablement choppé via ma clé usb sur le pc du boulot.

J'ai lu le debut du sujet, et suivi la procedure avec Hijackthis...

je poste ci dessous ce que j'ai obtenu...
Si quelqu'un peut m'aider... merci infiniment !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:47, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Mobile Theater\Kernel\TV\CLCapSvc.exe
C:\Program Files\ASUS\Mobile Theater\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ASUS\Mobile Theater\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\Mobile Theater\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\Mobile Theater\PCMService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\ASUS\Mobile Theater\PCMService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1226266736928&h=45ccfa0900373537c0d1310537c4268a/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ASUS\Mobile Theater\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ASUS\Mobile Theater\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ASUS\Mobile Theater\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 31 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
J-F-T bonjour

creer ton propre sujet

merci
0
j-f-t Messages postés 2 Statut Membre
 
Bonjour... !
Le sujet est le meme... infection du meme fichier, par un trojan

Merci
0
Réponse 32 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
salut je n'ai eu que un rapport:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Propriétaire at 2009-02-24 18:58:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (2%) free of 153 GB
Total RAM: 3070 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:18, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ITECIR\RemoteControlService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend micro\HijackThis\Propriétaire.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Controler service (ITECIRService) - ITE Tech. Inc. - C:\Program Files\ITECIR\RemoteControlService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 33 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
re

• Double-clique sur OTMoveIt3.exe afin de le lancer.
• Copie/colle le texte suivant dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit :

:processes
explorer.exe

:files
C:\WINDOWS\fdsv.exe
C:\Qoobox
C:\WINDOWS\system32\results.txt
C:\System32\nmdfgds0.dll

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

• Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
Le nom du rapport correspond au moment de sa création : date_heure.log

puis après avoir redemarré ton PC si il ne le fait pas seul

puis fait un scan en ligne ici et poste le rapport en entier
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

puis après

telecharge GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html >

, et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip >. repond oui à la question à la fin et poste le rapport stp
0
Réponse 34 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
rapport de otmove:========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\fdsv.exe moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings moved successfully.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
C:\WINDOWS\system32\results.txt moved successfully.
File/Folder C:\System32\nmdfgds0.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_dkEa4YMfFhPWTUaZmHhf scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF41A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B57.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B6C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFF78.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~25fc575c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~25fc5ba3.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02242009_192834

Files moved on Reboot...
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_dkEa4YMfFhPWTUaZmHhf not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3AE.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF41A.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B57.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B6C.tmp not found!
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFF78.tmp moved successfully.
File C:\WINDOWS\temp\cch~25fc575c.htp not found!
File C:\WINDOWS\temp\cch~25fc5ba3.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4b8.dat not found!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl moved successfully.
0
Réponse 35 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
ok fait la suite
0
Réponse 36 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
rapport kaspersky:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\fdsv.exe moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings moved successfully.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
C:\WINDOWS\system32\results.txt moved successfully.
File/Folder C:\System32\nmdfgds0.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_dkEa4YMfFhPWTUaZmHhf scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF41A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B57.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B6C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFF78.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~25fc575c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~25fc5ba3.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02242009_192834

Files moved on Reboot...
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_dkEa4YMfFhPWTUaZmHhf not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF3AE.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF41A.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B57.tmp not found!
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DF8B6C.tmp not found!
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~DFF78.tmp moved successfully.
File C:\WINDOWS\temp\cch~25fc575c.htp not found!
File C:\WINDOWS\temp\cch~25fc5ba3.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4b8.dat not found!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7rvb92u.default\XUL.mfl moved successfully.
0
Réponse 37 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
heu non c'est pas kaspersky sa ....et fait une analyse de ton poste de travail avec kaspersky
0
Réponse 38 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
Rapport GenProc 2.385 [1] - 24/02/2009 à 19:42:16,14 - Windows XP

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

__________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
0
Réponse 39 / 82
nicoprosk8 Messages postés 119 Statut Membre
 
excuse moi je me suistromper voici le rapport kaspersky:

Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
21/02/2009 16:32:25 Fin de la tâche
21/02/2009 16:31:02 Non réparés: Packed.Win32.Krap.g C:\WINDOWS\system32\nmdfgds0.dll Reporté
21/02/2009 16:31:02 Détectés: Packed.Win32.Krap.g C:\WINDOWS\system32\nmdfgds0.dll
21/02/2009 16:30:07 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
21/02/2009 16:32:25 Fin de la tâche
21/02/2009 16:31:26 Détectés: Packed.Win32.Krap.g C:\WINDOWS\system32\nmdfgds0.dll
21/02/2009 16:31:19 Détectés: Packed.Win32.Krap.g C:\WINDOWS\system32\nmdfgds0.dll
21/02/2009 16:31:18 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
21/02/2009 16:37:35 Tâche arrêtée
21/02/2009 16:37:19 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
21/02/2009 18:44:22 Fin de la tâche
21/02/2009 18:43:55 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
21/02/2009 19:35:14 Tâche arrêtée
21/02/2009 19:15:27 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081535.dll Reporté
21/02/2009 19:15:27 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081535.dll
21/02/2009 19:15:27 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081534.exe Reporté
21/02/2009 19:15:27 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081534.exe
21/02/2009 19:15:26 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081529.com Reporté
21/02/2009 19:15:26 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081529.com
21/02/2009 19:15:26 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081528.dll Reporté
21/02/2009 19:15:26 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081528.dll
21/02/2009 19:15:19 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081501.com Reporté
21/02/2009 19:15:19 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP449\A0081501.com
21/02/2009 19:14:14 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP448\A0081054.com Reporté
21/02/2009 19:14:14 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP448\A0081054.com
21/02/2009 19:13:46 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080951.com Reporté
21/02/2009 19:13:46 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080951.com
21/02/2009 19:13:45 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080950.dll Reporté
21/02/2009 19:13:45 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080950.dll
21/02/2009 19:13:22 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080830.com Reporté
21/02/2009 19:13:22 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080830.com
21/02/2009 19:13:12 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080748.exe Reporté
21/02/2009 19:13:12 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080748.exe
21/02/2009 19:13:12 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080749.dll Reporté
21/02/2009 19:13:12 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080749.dll
21/02/2009 19:13:12 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080744.com Reporté
21/02/2009 19:13:12 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080744.com
21/02/2009 19:13:11 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080743.dll Reporté
21/02/2009 19:13:11 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080743.dll
21/02/2009 19:13:01 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080660.com Reporté
21/02/2009 19:13:01 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080660.com
21/02/2009 19:13:00 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080658.dll Reporté
21/02/2009 19:13:00 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080658.dll
21/02/2009 19:12:23 Non réparés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0077517.cmd Reporté
21/02/2009 19:12:23 Détectés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0077517.cmd
21/02/2009 19:12:22 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0077512.com Reporté
21/02/2009 19:12:22 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0077512.com
21/02/2009 19:12:19 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP446\A0077507.com Reporté
21/02/2009 19:12:19 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP446\A0077507.com
21/02/2009 19:12:15 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP445\A0077503.com Reporté
21/02/2009 19:12:15 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP445\A0077503.com
21/02/2009 19:12:12 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP444\A0077420.com Reporté
21/02/2009 19:12:12 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP444\A0077420.com
21/02/2009 19:12:06 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP444\A0077341.com Reporté
21/02/2009 19:12:06 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP444\A0077341.com
21/02/2009 19:10:50 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP443\A0076893.com Reporté
21/02/2009 19:10:50 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP443\A0076893.com
21/02/2009 19:10:47 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP442\A0076827.com Reporté
21/02/2009 19:10:47 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP442\A0076827.com
21/02/2009 19:10:14 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP442\A0076060.com Reporté
21/02/2009 19:10:14 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP442\A0076060.com
21/02/2009 19:10:09 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0076052.com Reporté
21/02/2009 19:10:09 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0076052.com
21/02/2009 19:10:09 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0076051.dll Reporté
21/02/2009 19:10:09 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0076051.dll
21/02/2009 19:10:07 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0076038.com Reporté
21/02/2009 19:10:07 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0076038.com
21/02/2009 19:09:59 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0075964.com Reporté
21/02/2009 19:09:59 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0075964.com
21/02/2009 19:09:02 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0074707.dll Reporté
21/02/2009 19:09:02 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0074707.dll
21/02/2009 19:09:02 Non réparés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0074706.exe Reporté
21/02/2009 19:09:02 Détectés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0074706.exe
21/02/2009 19:09:02 Non réparés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0074701.cmd Reporté
21/02/2009 19:09:02 Détectés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP441\A0074701.cmd
21/02/2009 19:08:59 Non réparés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP440\A0074699.dll Reporté
21/02/2009 19:08:59 Détectés: Packed.Win32.Krap.g C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP440\A0074699.dll
21/02/2009 19:08:58 Non réparés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP440\A0074698.exe Reporté
21/02/2009 19:08:58 Détectés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP440\A0074698.exe
21/02/2009 19:05:25 Non réparés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP438\A0074083.cmd Reporté
21/02/2009 19:05:25 Détectés: Trojan-GameThief.Win32.Magania.avkq C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP438\A0074083.cmd
21/02/2009 18:46:31 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
21/02/2009 19:48:05 Fin de la tâche
21/02/2009 19:35:39 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
21/02/2009 20:58:10 Tâche arrêtée
21/02/2009 20:23:20 Non réparés: Trojan.Win32.RaMag.a C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\P1H2NJD8\help[1].rar Reporté
21/02/2009 20:23:19 Détectés: Trojan.Win32.RaMag.a C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\P1H2NJD8\help[1].rar
21/02/2009 20:23:19 Non réparés: Trojan.Win32.RaMag.a C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GY26ETVJ\help[1].rar Reporté
21/02/2009 20:23:19 Détectés: Trojan.Win32.RaMag.a C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GY26ETVJ\help[1].rar
21/02/2009 19:49:15 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
22/02/2009 13:56:23 Lancement de la tâche
22/02/2009 16:09:31 Tâche arrêtée
22/02/2009 19:07:55 Lancement de la tâche
22/02/2009 19:13:52 Fin de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
22/02/2009 22:42:56 Fin de la tâche
22/02/2009 21:01:24 Lancement de la tâche
22/02/2009 21:00:33 Tâche arrêtée
22/02/2009 20:36:32 Lancement de la tâche
22/02/2009 20:06:54 Non réparés: Trojan.Win32.Agent2.ecb C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080819.exe Reporté
22/02/2009 20:06:53 Détectés: Trojan.Win32.Agent2.ecb C:\System Volume Information\_restore{95B0A514-8F59-47E8-B6F4-2C645EA89900}\RP447\A0080819.exe
22/02/2009 19:56:57 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
22/02/2009 21:01:06 Fin de la tâche
22/02/2009 21:00:40 Lancement de la tâche
Analyse rapide: terminée le 21/02/2009 16:32:25 (événements : 105, objets : , durée : 00:00:00)
24/02/2009 19:38:04 Fin de la tâche
24/02/2009 19:37:06 Lancement de la tâche
0
Réponse 40 / 82
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
fait soit le scan kaspersky comme demandé

soit le scan avec que propose GENproc et analyse ton poste de travail et poste le rapport
0

Discussions similaires

XINPUT1_3.dll manquant (missing)
Maxirugue -
dan -

39 réponses
Xinput1_3.dll
OhDatBrute -
OhDatBrute -

9 réponses
Probleme d'installation jeu pc (il manquerait " XINPUT1_3.dll)
Rogerleraton -
Rogerleraton -

6 réponses
Problème avec XINPUT1_3.dll
Albansineux02 -
Panth33ra -

1 réponse
Probleme DLL manquante
Pattrice62460 -
Pattrice62460 -

30 réponses