(VIRUS) Type Sasser

Toast -
Utilisateur anonyme - 29 mars 2009 à 11:30

Bonjour,

Je me suis fais avoir comme un mauvais :(

J'ai démarré un install (qui en fait a placé le virus dans le fichier temp et l'a executé).

Immédiatement FSecure le detecte mais bon trop tard, le systeme est forcé de redémarrer avec un compte à rebours.

Je redémarre en mode sans echec et je passe un coup d'AVG antispyware qui me detecte un trojan (mais je doute que ce soit le virus que je viens de chopper.

J'éteins mon ordi pour aller me coucher, je redémarre en mode sans echec, je passe l'outil de symantec pour Sasser qui me dit que mon ordinateur n'est pas infecté.

Je redémarre normalement, là j'ai plusieurs fenetres d'erreurs qui apparaissent concernant des processus (le BackWeb de FSecure et des processus PnkBst je crois que c'est punkbuster). Ces messages sont des erreurs de lecture en mémoire.

Mis à part ca, ca a fonctionné. Mais à un moment j'ai eu un Blue screen et quand j'ai redémarré le virus était de retour.

Ci-apres le rapport HijackThis fait en mode sans echec :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:36, on 26/02/2088
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Logiciels\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Logiciels\TortoiseSVN\bin\TSVNCache.exe
C:\Logiciels\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.incompris.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccdeFXo.dll
O2 - BHO: C:\WINDOWS\system32\hhs3ijndfd.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hhs3ijndfd.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /M "Stylus Photo RX520" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [settings] C:\WINDOWS\callsysnt.exe
O4 - HKCU\..\RunOnce: [RegistryDefrag Success Message] "C:\Logiciels\TuneUp Utilities\TUMessages.exe" /RegDefrag_Success
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16
O4 - HKCU\..\Policies\Explorer\Run: [settings] C:\WINDOWS\callsysnt.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: TÈlÈcharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: TÈlÈcharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: TÈlÈcharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer ‡ OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer ‡ OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Michael\Jeux\Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Michael\Jeux\Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.incompris.net/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www2.tellmemorecampus.com/bin/tol9inst.cab
O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: fccdeFXo - C:\WINDOWS\SYSTEM32\fccdeFXo.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hhs3ijndfd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Logiciels\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Logiciels\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure BackWeb (backweb client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service de transfert intelligent en arriËre-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access (f-secure backweb lan access) - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Logiciels\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\WINDOWS\Private Folder\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - C:\Logiciels\wamp\bin\apache\apache2.2.10\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Logiciels\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Afficher la suite

A voir également:

(VIRUS) Type Sasser
Virus mcafee - Accueil - Piratage
Clear type - Guide
Virus facebook demande d'amis - Accueil - Facebook
Undisclosed-recipients virus - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares

166 réponses

Réponse 101 / 166

Toast

Ok je fais tout ca demain.

Bonne nuit.

Réponse 102 / 166

Utilisateur anonyme

ok a demain :)

Réponse 103 / 166

Toast

POur l'instant le log Move IT

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service F-Secure BackWeb .
Service F-Secure BackWeb LAN Access stopped successfully.
Service F-Secure BackWeb LAN Access deleted successfully.
Error: Unable to interpret <:drivers> in the current context!
Error: Unable to interpret <v2imount> in the current context!
Error: Unable to interpret <oreans32> in the current context!
Error: Unable to interpret <GarenaPEngine> in the current context!
========== FILES ==========
C:\Program Files\F-Secure\Common\COMMDIR\policies moved successfully.
C:\Program Files\F-Secure\Common\COMMDIR moved successfully.
C:\Program Files\F-Secure\Common\ALERTS moved successfully.
C:\Program Files\F-Secure\Common moved successfully.
C:\Program Files\F-Secure\BackWeb\7681197\Users moved successfully.
C:\Program Files\F-Secure\BackWeb\7681197\Program moved successfully.
C:\Program Files\F-Secure\BackWeb\7681197\InitData\Data\GenFlash\1 moved successfully.
C:\Program Files\F-Secure\BackWeb\7681197\InitData\Data\GenFlash moved successfully.
C:\Program Files\F-Secure\BackWeb\7681197\InitData\Data moved successfully.
C:\Program Files\F-Secure\BackWeb\7681197\InitData moved successfully.
C:\Program Files\F-Secure\BackWeb\7681197 moved successfully.
C:\Program Files\F-Secure\BackWeb moved successfully.
C:\Program Files\F-Secure\Anti-Virus\dbupdate moved successfully.
C:\Program Files\F-Secure\Anti-Virus\dbbackup moved successfully.
C:\Program Files\F-Secure\Anti-Virus moved successfully.
C:\Program Files\F-Secure moved successfully.
C:\Documents And Settings\All Users\Application Data\Symantec\LiveUpdate moved successfully.
C:\Documents And Settings\All Users\Application Data\Symantec\hpc moved successfully.
C:\Documents And Settings\All Users\Application Data\Symantec moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared moved successfully.
File/Folder C:\WINDOWS\system32\drivers\oreans32.sys not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OAX80B.tmp not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_oopqwGfc6W5X5s8OVRT8 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_36c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03112009_200406

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_oopqwGfc6W5X5s8OVRT8 not found!
File move failed. C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_36c.dat not found!
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_001_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_002_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_003_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\urlclassifier3.sqlite moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\XUL.mfl moved successfully.

Réponse 104 / 166

Toast

Analyse du premier fichier :

Fichier 3com_dmim.exe reçu le 2009.03.11 20:07:28 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.11 Backdoor.Win32.Momibot.B!IK
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 -
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.11 Win32/Heur
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.11 -
Comodo 1049 2009.03.11 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 Suspicious File
eTrust-Vet None 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 Backdoor.Win32.Momibot.B
K7AntiVirus 7.10.667 2009.03.11 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5550 2009.03.11 -
McAfee+Artemis 5550 2009.03.11 -
Microsoft 1.4405 2009.03.11 -
NOD32 3928 2009.03.11 -
Norman 6.00.06 2009.03.11 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.11 -
PCTools 4.4.2.0 2009.03.11 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 -
Sophos 4.39.0 2009.03.11 Mal/EncPk-HE
Sunbelt 3.2.1858.2 2009.03.11 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.279 2009.03.11 -
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 -
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.11 -
Information additionnelle
File size: 55296 bytes
MD5...: 8b881829e2be09d14cf16ec4290de657
SHA1..: b9c0b8e1543ea5b1699afa4776a4a53918d14a8e
SHA256: 4864b214df10d4e7a43909b2157d9490fe15bae4f891df5f0e3ade30f2fe2908
SHA512: 0437defc3e764397cebf05776cd4dc23a7fc89267e7b05b17ef80a2c553ed541 05033f1d2fc484f28a0aa50bf2aa2a4b5aba4affa03732d45c3efa4403675f29
ssdeep: 1536:FfsWPCYe8342d/u4amq3whmaVAU1yKrBa+:5sWPjeK42luNmq3UbwQBX 
PEiD..: -
TrID..: File type identification Win32 Dynamic Link Library (generic) (65.4%) Generic Win/DOS Executable (17.2%) DOS Executable Generic (17.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xa800 timedatestamp.....: 0x49ae79a0 (Wed Mar 04 12:52:48 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xa67e 0xa800 7.98 643365cd91b08cdc63ed51001bbd176e .ddvfvzf 0xc000 0x255a 0x2600 7.35 5480cac77b981f6e0f67145e965b81ec .idata 0xf000 0x180 0x200 3.12 7088fd3c3034497cf7b40371f246812f .rsrc 0x10000 0x390 0x400 3.11 1016c329f4a15a7215a8daf1dc08fc15 ( 4 imports ) > GDI32.dll: DeleteColorSpace, CancelDC, Rectangle, GetNearestPaletteIndex, RoundRect > ADVAPI32.dll: AddAuditAccessObjectAce > CRYPT32.dll: CryptMemRealloc > KERNEL32.dll: GetLastError ( 0 exports ) 

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.11 Backdoor.Win32.Momibot.B!IK
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 -
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.11 Win32/Heur
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.11 -
Comodo 1049 2009.03.11 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 Suspicious File
eTrust-Vet None 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 Backdoor.Win32.Momibot.B
K7AntiVirus 7.10.667 2009.03.11 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5550 2009.03.11 -
McAfee+Artemis 5550 2009.03.11 -
Microsoft 1.4405 2009.03.11 -
NOD32 3928 2009.03.11 -
Norman 6.00.06 2009.03.11 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.11 -
PCTools 4.4.2.0 2009.03.11 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 -
Sophos 4.39.0 2009.03.11 Mal/EncPk-HE
Sunbelt 3.2.1858.2 2009.03.11 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.279 2009.03.11 -
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 -
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.11 -

Information additionnelle
File size: 55296 bytes
MD5...: 8b881829e2be09d14cf16ec4290de657
SHA1..: b9c0b8e1543ea5b1699afa4776a4a53918d14a8e
SHA256: 4864b214df10d4e7a43909b2157d9490fe15bae4f891df5f0e3ade30f2fe2908
SHA512: 0437defc3e764397cebf05776cd4dc23a7fc89267e7b05b17ef80a2c553ed541 05033f1d2fc484f28a0aa50bf2aa2a4b5aba4affa03732d45c3efa4403675f29
ssdeep: 1536:FfsWPCYe8342d/u4amq3whmaVAU1yKrBa+:5sWPjeK42luNmq3UbwQBX 
PEiD..: -
TrID..: File type identification Win32 Dynamic Link Library (generic) (65.4%) Generic Win/DOS Executable (17.2%) DOS Executable Generic (17.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xa800 timedatestamp.....: 0x49ae79a0 (Wed Mar 04 12:52:48 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xa67e 0xa800 7.98 643365cd91b08cdc63ed51001bbd176e .ddvfvzf 0xc000 0x255a 0x2600 7.35 5480cac77b981f6e0f67145e965b81ec .idata 0xf000 0x180 0x200 3.12 7088fd3c3034497cf7b40371f246812f .rsrc 0x10000 0x390 0x400 3.11 1016c329f4a15a7215a8daf1dc08fc15 ( 4 imports ) > GDI32.dll: DeleteColorSpace, CancelDC, Rectangle, GetNearestPaletteIndex, RoundRect > ADVAPI32.dll: AddAuditAccessObjectAce > CRYPT32.dll: CryptMemRealloc > KERNEL32.dll: GetLastError ( 0 exports )

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 105 / 166

Toast

2e fichier:

Fichier ASUSHWIO.SYS reçu le 2009.03.11 20:11:56 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.11 -
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 -
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.11 -
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 -
ClamAV 0.94.1 2009.03.11 -
Comodo 1049 2009.03.11 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 -
K7AntiVirus 7.10.667 2009.03.11 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5550 2009.03.11 -
McAfee+Artemis 5550 2009.03.11 -
Microsoft 1.4405 2009.03.11 -
NOD32 3928 2009.03.11 -
Norman 6.00.06 2009.03.11 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.11 -
PCTools 4.4.2.0 2009.03.11 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 -
Sophos 4.39.0 2009.03.11 -
Sunbelt 3.2.1858.2 2009.03.11 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.279 2009.03.11 -
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 -
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.11 -
Information additionnelle
File size: 5824 bytes
MD5...: de91d0d73c3e61e6826d98fac2fac729
SHA1..: a68480d9d1f3164b975c6c64a02f0604056f99e5
SHA256: 7dbc1505a56359d6fcb3e7711bb0ff86b0bf46b5f808890ef3a24d9175d60000
SHA512: 995ba751554d2f1f757a127d2a129fbe0949fa589177d0e4aff874b59c2470c5 170f560f1ff54a48dc07aad60d13fc61be541232ca7a909b6bb33674d21081e6
ssdeep: 96:rHgwclyqZReus7INecBvijtfFc+7xejaXGjAfcM2NvzwKlNFU+srB3O:EPRTr FBvijt9e2PCNvzwKlY+srB3 
PEiD..: -
TrID..: File type identification Win16/32 Executable Delphi generic (33.9%) Generic Win/DOS Executable (32.7%) DOS Executable Generic (32.7%) VXD Driver (0.5%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x312 timedatestamp.....: 0x38e1a006 (Wed Mar 29 06:17:42 2000) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x200 0x703 0x720 5.89 067d0be2933c7091f924fdfce061438b INIT 0x920 0x2ba 0x2c0 5.04 3f00a819ae6fdd0502da3e21804c0559 .reloc 0xbe0 0x8e 0xa0 3.25 f322d1acc1c14df95dd6c56c4243e655 ( 2 imports ) > ntoskrnl.exe: READ_REGISTER_ULONG, WRITE_REGISTER_ULONG, WRITE_REGISTER_USHORT, WRITE_REGISTER_UCHAR, READ_REGISTER_USHORT, READ_REGISTER_UCHAR, ObReferenceObjectByHandle, ZwOpenSection, IoDeleteSymbolicLink, ZwUnmapViewOfSection, IofCompleteRequest, IoCreateDevice, RtlInitUnicodeString, IoCreateSymbolicLink, IoDeleteDevice, ZwClose, ZwMapViewOfSection > HAL.dll: WRITE_PORT_UCHAR, WRITE_PORT_USHORT, WRITE_PORT_ULONG, HalTranslateBusAddress, READ_PORT_UCHAR, READ_PORT_USHORT, READ_PORT_ULONG ( 0 exports ) 

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.11 -
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 -
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.11 -
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 -
ClamAV 0.94.1 2009.03.11 -
Comodo 1049 2009.03.11 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 -
K7AntiVirus 7.10.667 2009.03.11 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5550 2009.03.11 -
McAfee+Artemis 5550 2009.03.11 -
Microsoft 1.4405 2009.03.11 -
NOD32 3928 2009.03.11 -
Norman 6.00.06 2009.03.11 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.11 -
PCTools 4.4.2.0 2009.03.11 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 -
Sophos 4.39.0 2009.03.11 -
Sunbelt 3.2.1858.2 2009.03.11 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.279 2009.03.11 -
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 -
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.11 -

Information additionnelle
File size: 5824 bytes
MD5...: de91d0d73c3e61e6826d98fac2fac729
SHA1..: a68480d9d1f3164b975c6c64a02f0604056f99e5
SHA256: 7dbc1505a56359d6fcb3e7711bb0ff86b0bf46b5f808890ef3a24d9175d60000
SHA512: 995ba751554d2f1f757a127d2a129fbe0949fa589177d0e4aff874b59c2470c5 170f560f1ff54a48dc07aad60d13fc61be541232ca7a909b6bb33674d21081e6
ssdeep: 96:rHgwclyqZReus7INecBvijtfFc+7xejaXGjAfcM2NvzwKlNFU+srB3O:EPRTr FBvijt9e2PCNvzwKlY+srB3 
PEiD..: -
TrID..: File type identification Win16/32 Executable Delphi generic (33.9%) Generic Win/DOS Executable (32.7%) DOS Executable Generic (32.7%) VXD Driver (0.5%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x312 timedatestamp.....: 0x38e1a006 (Wed Mar 29 06:17:42 2000) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x200 0x703 0x720 5.89 067d0be2933c7091f924fdfce061438b INIT 0x920 0x2ba 0x2c0 5.04 3f00a819ae6fdd0502da3e21804c0559 .reloc 0xbe0 0x8e 0xa0 3.25 f322d1acc1c14df95dd6c56c4243e655 ( 2 imports ) > ntoskrnl.exe: READ_REGISTER_ULONG, WRITE_REGISTER_ULONG, WRITE_REGISTER_USHORT, WRITE_REGISTER_UCHAR, READ_REGISTER_USHORT, READ_REGISTER_UCHAR, ObReferenceObjectByHandle, ZwOpenSection, IoDeleteSymbolicLink, ZwUnmapViewOfSection, IofCompleteRequest, IoCreateDevice, RtlInitUnicodeString, IoCreateSymbolicLink, IoDeleteDevice, ZwClose, ZwMapViewOfSection > HAL.dll: WRITE_PORT_UCHAR, WRITE_PORT_USHORT, WRITE_PORT_ULONG, HalTranslateBusAddress, READ_PORT_UCHAR, READ_PORT_USHORT, READ_PORT_ULONG ( 0 exports )

Réponse 106 / 166

Toast

Report.txt de SDfix

[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 2009-03-11 at 20:25

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 20:54:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:8c683319
"s2"=dword:d5cc269f
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:a5,7f,07,61,c4,36,ea,cb,e7,ae,3f,c1,27,9b,7c,47,22,78,b3,b5,40,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:36,fd,07,49,a0,53,8f,a4,33,83,24,4e,f1,5c,1b,2e,a9,4f,aa,07,65,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:a5,7f,07,61,c4,36,ea,cb,e7,ae,3f,c1,27,9b,7c,47,22,78,b3,b5,40,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:36,fd,07,49,a0,53,8f,a4,33,83,24,4e,f1,5c,1b,2e,a9,4f,aa,07,65,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Michael\\Jeux\\Assassin\\AssassinsCreed_Dx9.exe"="C:\\Michael\\Jeux\\Assassin\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Michael\\Jeux\\Assassin\\AssassinsCreed_Dx10.exe"="C:\\Michael\\Jeux\\Assassin\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\\Michael\\Jeux\\Assassin\\AssassinsCreed_Launcher.exe"="C:\\Michael\\Jeux\\Assassin\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Michael\\Jeux\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Michael\\Jeux\\CoD4\\iw3mp.exe"="C:\\Michael\\Jeux\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Logiciels\\Pando\\pando.exe"="C:\\Logiciels\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Logiciels\\utorrent\\uTorrent.exe"="C:\\Logiciels\\utorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Michael\\Michael\\logiciels\\FileZilla\\FileZilla.exe"="C:\\Michael\\Michael\\logiciels\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Sun 11 Nov 2007 69,912 ...H. --- "C:\Logiciels\EDraw Max3.3\EDraw.exe-Toolbars"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Logiciels\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Logiciels\Spybot - Search & Destroy\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Logiciels\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Logiciels\Spybot - Search & Destroy\Tools.dll"
Fri 6 Mar 2009 55,296 ..SHR --- "C:\WINDOWS\system32\3com_dmim.exe"
Sat 25 Nov 2006 88 ..SHR --- "C:\WINDOWS\system32\484724D9A4.sys"
Thu 16 Nov 2006 56 ..SHR --- "C:\WINDOWS\system32\A4D9244748.sys"
Thu 26 Feb 2088 58,368 ..SHR --- "C:\WINDOWS\system32\adsndst.exe"
Fri 29 Dec 2006 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 22 Jan 2009 344,064 ...H. --- "C:\Michael\efrei\L3\Site web\~WRL0003.tmp"
Thu 22 Jan 2009 356,864 ...H. --- "C:\Michael\efrei\L3\Site web\~WRL2437.tmp"
Mon 2 Aug 2004 74 A..H. --- "C:\Michael\Michael\logiciels\cuteftp\cuteftp.sys"
Sun 17 Aug 2008 1,332 ...HR --- "C:\Documents And Settings\Administrateur\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 13 May 2008 14,870 ...H. --- "C:\Michael\efrei\L2\Audit EFFOR\Entreprise\~WRL0788.tmp"
Sat 14 Feb 2009 32,768 ...H. --- "C:\Michael\efrei\L3\Portfolio\Research\Articles\~WRL2026.tmp"
Sat 14 Feb 2009 39,936 ...H. --- "C:\Michael\efrei\L3\Portfolio\Research\Articles\~WRL2591.tmp"
Sat 14 Feb 2009 32,768 ...H. --- "C:\Michael\efrei\L3\Portfolio\Research\Articles\~WRL3217.tmp"
Tue 27 Jan 2009 22,016 ...H. --- "C:\Michael\efrei\L3\Portfolio\Research\Articles\~WRL3232.tmp"

[b]Finished![/b]

Réponse 107 / 166

Toast

Et enfin log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-03-11 21:00:06
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 22 GB (7%) free of 295 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:13, on 2009-03-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Private Folder\PrfldSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Logiciels\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Logiciels\SUPERAntispyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Logiciels\TortoiseSVN\bin\TSVNCache.exe
C:\Documents And Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /M "Stylus Photo RX520" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Logiciels\SUPERAntispyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.incompris.net/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www2.tellmemorecampus.com/bin/tol9inst.cab
O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Logiciels\SUPERAntispyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: F-Secure BackWeb (backweb client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Station de travail lanmanworkstationFSMA (lanmanworkstationfsma) - Unknown owner - C:\WINDOWS\system32\adsndst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Plug-and-Play PlugPlayThemes (PlugPlayThemes) - Unknown owner - C:\WINDOWS\system32\1037h.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\WINDOWS\Private Folder\PrfldSvc.exe
O23 - Service: Emplacement protégé ProtectedStorageCiSvc (ProtectedStorageCiSvc) - Unknown owner - C:\WINDOWS\system32\1031l.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Logiciels\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Logiciels\wamp\bin\apache\apache2.2.10\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Logiciels\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

Réponse 108 / 166

Utilisateur anonyme

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

OtMoveIt 3

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d648f68-f315-11db-b26d-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17da64e1-fff8-11db-aaff-004f4e11c5e7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26a7351-39f9-11db-acd6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26a7352-39f9-11db-acd6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbff9473-bcf9-11db-9e6e-4d6564696130}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 109 / 166

Toast

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d648f68-f315-11db-b26d-4d6564696130}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17da64e1-fff8-11db-aaff-004f4e11c5e7}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26a7351-39f9-11db-acd6-806d6172696f}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26a7352-39f9-11db-acd6-806d6172696f}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbff9473-bcf9-11db-9e6e-4d6564696130}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_BmcuVdflQBWjKk1wCRoz scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_25c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03172009_151319

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_BmcuVdflQBWjKk1wCRoz not found!
File move failed. C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_25c.dat not found!
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_001_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_002_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_003_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\urlclassifier3.sqlite moved successfully.
C:\Documents And Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\dydk4s6j.default\XUL.mfl moved successfully.

Réponse 110 / 166

Utilisateur anonyme

ok il n a pas fonctionné réessaie le en mode sans échec sans prise en charge réseau

Réponse 111 / 166

Toast

Salut.

Alors tout d'abord, ca fait quelque fois que quand je démarrais, j'avais un message d'erreur ntsd.exe n'a pas pu se lancer parce qu'il manque dbgeng.dll

J'ai vu aussi que son absence empechait Antivir de démarrer. J'ai télécharger dbgeng.dll sur https://www.dll-files.com/ et je l'ai mis dans Windows/system. Je n'ai plus eu le message d'erreur mais antivir ne démarrait toujours pas, alors je l'ai mis dans Windows/system32 et pareil, il ne démarre pas...

Sinon pour moveit :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d648f68-f315-11db-b26d-4d6564696130}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17da64e1-fff8-11db-aaff-004f4e11c5e7}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26a7351-39f9-11db-acd6-806d6172696f}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26a7352-39f9-11db-acd6-806d6172696f}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbff9473-bcf9-11db-9e6e-4d6564696130}\\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03172009_203746

Réponse 112 / 166

Utilisateur anonyme

parce qu'il manque dbgeng.dll tu es sur que c est dans le system32 qu'elle va et non dans C:\Program Files\Avira avec le reste du program ?

Réponse 113 / 166

Toast

ya un dbghelp.dll dans system32 donc je pense qu'il le faut. Enfin au démarrage en tout cas j'ai plus le message d'erreur.

J'ai utilisé le setup de Avira pour essayer de réparer mais ca ne fonctionne toujours pas. Je pense que je vais le réinstaller ca sera plus simple.

Réponse 114 / 166

Utilisateur anonyme

ok :

Desinstaller Antivir

Réponse 115 / 166

Toast

Heu ?

Removal Tool for:
Sober.J/P/Y
TR/Spy.Banker.AATZ/Banker.AATZ.1/Banker.AATZ.2/Banker.AATZ.3
W32/Stanit.A
Worm/NetSky.P

Réponse 116 / 166

Utilisateur anonyme

ah non moi j'ai antivir removal tool quand je clique sur mon lien(Tool_en.exe)

Réponse 117 / 166

Toast

Oui moi aussi mais quand je le lance il scan mon pc avec ca :P

Réponse 118 / 166

Utilisateur anonyme

tiens bizzarre ca :(

Pour désinstaller AntiVir, faîtes un clic droit sur l'icône d'Antivir dans la barre des tâches (en bas à droite), cliquez sur "Antivir Guard enable" afin de le désactiver puis désinstallez le programme à partir de l'outil Ajout/suppression de programmes qui se trouve dans le Panneau de configuration.
Il existe aussi un utilitaire de désinstallation que l'on peut trouver sur :

cette page du site anglais d'Avira

outil qui ne devrait être utile que si l'ordinateur a été victime d'une attaque qui a touché AntiVir lui-même.

Réponse 119 / 166

Toast

Je viens de réinstaller et ca ne marche toujours pas :(

Je vais essayer de récuperer le .dll original de mon cd windows.

Réponse 120 / 166

Toast

En fait quand je copie colle dbgeng.dll dans system32 j'ai un message qui me dit que pour garder la stabilité de windows, il faut qu'il reprenne le fichier original du CD windows. (le probleme c'est que mon CD de boot n'a pas l'arborescence d'un cd windows habituel donc il ne le trouve pas).

Je prendrais un CD xp original pour le faire. Mais bon c'est embettant de rester sans antivirus :/

Discussions similaires

Softonic,est-ce un virus ?

Erreur d'exécution 13 Incompatibilité de type

Désinstaller Softonic

Message Apple virus !!

4 virus en raison d’un porno ????

Votre réponse

Discussions similaires