Virus pb explorer.exe

dadou -
Utilisateur anonyme - 15 mai 2009 à 00:11

Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:30, on 06/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\edwige\LOCALS~1\Temp\Rar$EX05.781\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} (Quest3DCtlr2 Class) - http://www.quest3d.com/webplugin/download/quest3dactivex2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

End of file - 10810 bytes

Afficher la suite

A voir également:

Virus pb explorer.exe
Explorer.exe - Télécharger - Divers Utilitaires
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Virus informatique - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares

98 réponses

Réponse 61 / 98

Utilisateur anonyme

salut....pas bon

Prends celui-ci

et remplace le tien, mais au prealable deplace le tien afin de pouvoir le retrouver au cas-où

dadou

je suis desolée mais j'ai vraiment rien compris lol

Réponse 62 / 98

Utilisateur anonyme

non excuse c'est impossible ce que je te demande de faire

dadou

tant pis

Réponse 63 / 98

Utilisateur anonyme

tu as toujours le souci quand tu eteins ton pc au fait ?

dadou

oui toujours

Réponse 64 / 98

Utilisateur anonyme

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

!!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

dadou

Avira AntiVir Personal
Report file date: mercredi 13 mai 2009 16:37

Scanning for 1392258 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ACER-CAB9EEA47C

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 17/04/2009 07:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12/05/2009 14:24:57
ANTIVIR3.VDF : 7.1.3.197 63488 Bytes 13/05/2009 14:24:57
Engineversion : 8.2.0.166
AEVDF.DLL : 8.1.1.1 106868 Bytes 13/05/2009 14:25:10
AESCRIPT.DLL : 8.1.1.81 385401 Bytes 13/05/2009 14:25:10
AESCN.DLL : 8.1.1.10 127348 Bytes 13/05/2009 14:25:09
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 13/05/2009 14:25:08
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.128 1757559 Bytes 13/05/2009 14:25:06
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.42 348531 Bytes 13/05/2009 14:25:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 13/05/2009 14:24:59
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: mercredi 13 mai 2009 16:37

Starting search for hidden objects.
'47107' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned
Scan process 'admtray.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'epm-dm.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '61' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP741\A0115938.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP741\A0115939.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>

Beginning disinfection:
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP741\A0115938.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a3be7a6.qua'!
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP741\A0115939.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b4854ff.qua'!

End of the scan: mercredi 13 mai 2009 17:29
Used time: 46:11 Minute(s)

The scan has been done completely.

7706 Scanned directories
309659 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
309654 Files not concerned
7931 Archives were scanned
3 Warnings
4 Notes
47107 Objects were scanned with rootkit scan
0 Hidden objects were found

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 65 / 98

Utilisateur anonyme

?????????

dadou

j'ai refait un scan avec antivir elle y a detecté des choses comme tu le vois ci dessus

voici ce que tu m'as demandée
aComboFix 09-05-12.06 - edwige 13/05/2009 18:09.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.582 [GMT 2:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-13 au 2009-05-13 ))))))))))))))))))))))))))))))))))))
.

2009-05-13 14:18 . 2009-05-13 14:18 -------- d-----w c:\documents and settings\LocalService\Menu Démarrer
2009-05-13 14:18 . 2009-05-13 14:18 -------- d-----w c:\windows\LastGood
2009-05-13 14:17 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-13 14:17 . 2009-05-13 14:17 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-13 14:17 . 2009-05-13 14:17 -------- d-----w c:\program files\Avira
2009-05-09 22:30 . 2009-05-09 22:30 -------- d-----w c:\documents and settings\edwige\Local Settings\Application Data\Mozilla
2009-05-09 20:27 . 2009-05-09 21:19 -------- d-----w c:\windows\BDOSCAN8
2009-05-07 22:57 . 2009-05-07 22:57 -------- d-----w c:\program files\CCleaner
2009-05-07 20:10 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-07 20:10 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 20:10 . 2009-05-07 20:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-07 19:11 . 2009-05-07 19:11 -------- d-----w c:\program files\Ad-remover
2009-05-07 17:34 . 2009-05-07 17:34 -------- d-----w C:\_OTMoveIt
2009-05-07 17:02 . 2009-05-07 17:02 -------- d-----w C:\rsit
2009-05-07 15:05 . 2009-05-07 16:04 -------- d-----w C:\UsbFix
2009-05-07 11:13 . 2009-05-07 11:13 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-06 13:06 . 2009-05-06 13:06 -------- d-----w c:\program files\AdwareSpywareScannerDeleter
2009-05-05 16:01 . 2009-05-05 17:41 -------- d-----w c:\program files\a-squared Free
2009-05-04 17:31 . 2009-05-04 17:31 -------- d-----w c:\program files\uTorrent
2009-05-04 17:30 . 2009-05-04 17:30 -------- d-----w c:\program files\OrangeHSS
2009-04-30 20:06 . 2009-05-04 17:31 -------- d-----w c:\documents and settings\edwige\Application Data\BitTorrent
2009-04-30 20:06 . 2009-05-04 17:31 -------- d-----w c:\documents and settings\edwige\Application Data\DNA
2009-04-16 10:58 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 10:58 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 10:58 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 10:58 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 10:58 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 10:58 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 10:58 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 10:58 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 10:58 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 10:57 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-16 10:57 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 18:17 . 2007-12-11 18:22 65536 ----a-w c:\windows\system32\Autodial2000.dll
2009-04-15 18:17 . 2003-09-23 08:38 34688 ----a-w c:\windows\system32\pcampr5.sys
2009-04-15 18:16 . 2009-04-15 18:16 -------- d-----w c:\program files\Fichiers communs\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 19:23 . 2008-05-03 15:52 -------- d-----w c:\program files\LimeWire
2009-05-09 18:51 . 2009-01-05 20:47 -------- d-----w c:\program files\Trend Micro
2009-05-08 14:54 . 2006-08-10 05:14 57016 -c--a-w c:\documents and settings\edwige\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 16:07 . 2006-01-06 15:16 64922 ----a-w c:\windows\system32\perfc00C.dat
2009-05-07 16:07 . 2006-01-06 15:16 447222 ----a-w c:\windows\system32\perfh00C.dat
2009-05-07 11:14 . 2006-08-10 05:16 -------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-04-20 20:30 . 2006-01-06 15:04 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-15 18:19 . 2009-04-12 15:35 -------- d-----w c:\program files\Securitoo
2009-04-12 15:36 . 2009-04-12 15:36 -------- d-----w c:\program files\SAGEM
2009-04-12 15:36 . 2006-01-06 04:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-30 18:14 . 2006-08-10 21:46 7762 ----a-w c:\documents and settings\edwige\Application Data\wklnhst.dat
2009-03-06 14:20 . 2004-08-05 03:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-05 03:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-08-05 03:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-04-14 02:33 . 2004-08-05 03:00 65024 --sha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 . 2004-08-05 03:00 617472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 . 2004-08-05 03:00 1028096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 03:00 . 2004-08-05 03:00 57344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 . 2004-08-05 03:00 413696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 . 2004-08-05 03:00 343040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-05 03:00 . 2004-08-05 03:00 253952 --sha-w c:\windows\system32\msvcrt20.dll
2008-04-14 02:33 . 2004-08-05 03:00 30749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\edwige\Menu D‚marrer\Programmes\D‚marrage\
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-7-12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/05/2009 16:17 108289]
S0 rztfpbmr;rztfpbmr;c:\windows\system32\drivers\lcohvd.sys --> c:\windows\system32\drivers\lcohvd.sys [?]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [20/12/2008 20:36 39296]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - INT15.SYS
*NewlyCreated* - SSMDRV
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
mWindow Title =
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab
FF - ProfilePath - c:\documents and settings\edwige\Application Data\Mozilla\Firefox\Profiles\cxydl3it.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 18:13
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1872201131-929660118-282677122-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-05-13 18:16
ComboFix-quarantined-files.txt 2009-05-13 16:15

Avant-CF: 5 838 237 184 octets libres
Après-CF: 5 916 449 792 octets libres

169 --- E O F --- 2009-04-17 20:55

Réponse 66 / 98

Utilisateur anonyme

essaie de faire ceci :

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier :

c:\windows\system32\ZDCndis5.SYS
c:\windows\system32\drivers\lcohvd.sys
c:\documents and settings\edwige\Application Data\wklnhst.dat

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

ensuite :

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

dadou

je ne trouve pas les deux premiers fichiers

dadou

Fichier wklnhst.dat reçu le 2009.05.13 19:23:25 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.13 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6503 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.13 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.13 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.13 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.12 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.13 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -

Information additionnelle
File size: 7762 bytes
MD5...: 4ae50f9add9d00cb8a73459507cba0db
SHA1..: d05d2d57ea29e8671706028cfdbaaacb86893b14
SHA256: b64a7d8bd10210de5ded2ed6cb08b1881c918a1ac0362b876b9e0da78dcac199
SHA512: de83515c50ba9847cad3e52c140c8448753e6bcc8b1e5804a6dcefc954a26865 28d7aae33ea36ff4cc1e91e474fdc0a7812f08250e18851bcddabb4823893a6f
ssdeep: 192:SLQUef7H3njOZlR374ONOiOwOqO1EZ2ZyV7oKOrOAOP7OgOOOOOP1OTOG2XO 8OBT:bMfQYDb 
PEiD..: -
TrID..: File type identification Lumena CEL bitmap (58.3%) Corel Photo Paint (37.9%) MS Flight Simulator Aircraft Performance Info (3.7%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.13 -
AhnLab-V3 5.0.0.2 2009.05.13 -
AntiVir 7.9.0.166 2009.05.13 -
Antiy-AVL 2.0.3.1 2009.05.13 -
Authentium 5.1.2.4 2009.05.13 -
Avast 4.8.1335.0 2009.05.13 -
AVG 8.5.0.327 2009.05.13 -
BitDefender 7.2 2009.05.13 -
CAT-QuickHeal 10.00 2009.05.13 -
ClamAV 0.94.1 2009.05.13 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6503 2009.05.13 -
F-Prot 4.4.4.56 2009.05.13 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.13 -
GData 19 2009.05.13 -
Ikarus T3.1.1.49.0 2009.05.13 -
K7AntiVirus 7.10.734 2009.05.13 -
Kaspersky 7.0.0.125 2009.05.13 -
McAfee 5614 2009.05.13 -
McAfee+Artemis 5614 2009.05.13 -
McAfee-GW-Edition 6.7.6 2009.05.13 -
Microsoft 1.4602 2009.05.13 -
NOD32 4072 2009.05.13 -
Norman 6.01.05 2009.05.13 -
nProtect 2009.1.8.0 2009.05.13 -
Panda 10.0.0.14 2009.05.13 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.13 -
Rising 21.29.24.00 2009.05.13 -
Sophos 4.41.0 2009.05.13 -
Sunbelt 3.2.1858.2 2009.05.13 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.12 -
TrendMicro 8.950.0.1092 2009.05.13 -
VBA32 3.12.10.5 2009.05.13 -
ViRobot 2009.5.13.1733 2009.05.13 -
VirusBuster 4.6.5.0 2009.05.13 -

Information additionnelle
File size: 7762 bytes
MD5...: 4ae50f9add9d00cb8a73459507cba0db
SHA1..: d05d2d57ea29e8671706028cfdbaaacb86893b14
SHA256: b64a7d8bd10210de5ded2ed6cb08b1881c918a1ac0362b876b9e0da78dcac199
SHA512: de83515c50ba9847cad3e52c140c8448753e6bcc8b1e5804a6dcefc954a26865 28d7aae33ea36ff4cc1e91e474fdc0a7812f08250e18851bcddabb4823893a6f
ssdeep: 192:SLQUef7H3njOZlR374ONOiOwOqO1EZ2ZyV7oKOrOAOP7OgOOOOOP1OTOG2XO 8OBT:bMfQYDb 
PEiD..: -
TrID..: File type identification Lumena CEL bitmap (58.3%) Corel Photo Paint (37.9%) MS Flight Simulator Aircraft Performance Info (3.7%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

Réponse 67 / 98

dadou

Réponse 68 / 98

Utilisateur anonyme

?? la suite :)

dadou

les deux premiers fichiers je ne les trouve pas

Réponse 69 / 98

Utilisateur anonyme

oui j ai vu et bien...la suite :)

Réponse 70 / 98

dadou

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\Content.IE5\UJ5664CI\ads[10].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\Content.IE5\UJ5664CI\ads[11].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\Content.IE5\07DCS9ED\affich-12343840-virus-pb-explorer-exe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_21c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_NAwdzYRzQhXWo0T scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_205405

Files moved on Reboot...
File move failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\Content.IE5\UJ5664CI\ads[10].htm scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\Content.IE5\UJ5664CI\ads[11].htm scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\Content.IE5\07DCS9ED\affich-12343840-virus-pb-explorer-exe[1].htm scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\edwige\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_21c.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\sqlite_NAwdzYRzQhXWo0T scheduled to be moved on reboot.

Réponse 71 / 98

Utilisateur anonyme

bon on va se servir de la console de recuperation pour effectuer un changement de fichier impossible a faire sous windows

quand tu demarres ton pc tu as le choix entre ton windows et la "Microsoft Recovery console"

exact ?

dadou

oui

Réponse 72 / 98

Utilisateur anonyme

ok tu peux te servir du pc pas malade pour repondre ou pas ?

dadou

oui j'y vais

Réponse 73 / 98

Utilisateur anonyme

ensuite telecharges l'explorer que je t ai donné au post 101 et tu le copies dans le pc melede dans C:\ dans un dossier que tu appeleras "Explorer"

une fois ceci fais dis moi

Réponse 74 / 98

dadou

c'est bon

Réponse 75 / 98

Utilisateur anonyme

redemarre le pc sur la console de recuperation

il va demander sur quelle session tu veux agir et tu devrais avoir à répondre 1 pour etre dans windows et tu devrais obtenir ceci

C:\WINDOWS>(et un curseur qui clignote)

dadou

c'est ok

Réponse 76 / 98

Utilisateur anonyme

ok desolé du temps

dans la console tu tapes :(je souligne de maniere a ce que tu respectes bien les espaces)

del c:\Windows\Explorer.exe

entrée

copy c:\Explorer\Explorer.exe c:\Windows\Explorer.exe

entrée

shutdown -r

entrée

ton pc va redemarrer tout seul et revenir sur ton bureau windows

ensuite redemarres ,

laisses-le réafficher le bureau puis redemarres encore une fois

et vois si tu as toujours ton souci

dadou

aucun fichier correspondant a cet emplecement pour la premiere etape

Réponse 77 / 98

Utilisateur anonyme

del c:\Windows\Explorer.exe

cette étape ?

dadou

oui

Réponse 78 / 98

Utilisateur anonyme

ok passe à la copie

dadou

ça me dit " acces refusé"

dadou > dadou

quand je demarre mon ordi il reste bloqué sur mon fond d'ecan sans ouvrir le bureau

Réponse 79 / 98

Utilisateur anonyme

???????????????????

dadou

je sais plus quoi faire

Réponse 80 / 98

Utilisateur anonyme

il faut abslument que copy passe

Discussions similaires

plantage explorer.exe

Softonic,est-ce un virus ?

Désinstaller Softonic

virus Artemis!

Message Apple virus !!

Virus pb explorer.exe

98 réponses

Votre réponse

Discussions similaires

Newsletters