Sujet Précédent Sujet Suivant

Virus ??????

lylouma Messages postés 255 Statut Membre -  
lylouma Messages postés 255 Statut Membre -
Bonjour,
je viens vers vous car j'ai un soucis !!

hier sur msn y'a un copain qui m'a envoyé un lien et bien sur ma fille à cliqué dessus !!!

depuis l'orsque j'ouvre internet c'est postarticle.net qui s'ouvre

en plus tout mes contacts reçoivent des liens de ma part

j'ai fait un test et il ressort cela

Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2010-03-04 09:30:09
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 64 GB (81%) free of 79 GB
Total RAM: 1983 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:17, on 04/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\infocard.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\internet explorer.EXE
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Program Files\trend micro\Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [Firewall Administrating] C:\WINDOWS\infocard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Firewall Administrating] C:\WINDOWS\infocard.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 4466 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2004-10-11 589824]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-09-06 450560]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2005-04-12 229376]
"Firewall Administrating"=C:\WINDOWS\infocard.exe [2010-03-03 103565]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"Firewall Administrating"=C:\WINDOWS\infocard.exe [2010-03-03 103565]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage
Notification de cadeaux MSN.lnk - C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
dslelglt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\IM11842.JPG-www.facebook.com.exe"="C:\WINDOWS\infocard.exe:*:Enabled:Firewall Administrating"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

======List of files/folders created in the last 1 months======

2010-03-04 07:18:57 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-03 20:09:41 ----D---- C:\Program Files\trend micro
2010-03-03 20:09:39 ----D---- C:\rsit
2010-03-03 17:53:37 ----A---- C:\msnmssgs.exe
2010-03-03 17:53:33 ----RSH---- C:\WINDOWS\infocard.exe
2010-02-24 10:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 17:57:20 ----N---- C:\WINDOWS\Ctregrun.exe
2010-02-23 17:55:54 ----RA---- C:\WINDOWS\V0260Cfg.exe
2010-02-23 17:55:54 ----RA---- C:\WINDOWS\system32\V0260Vfw.dll
2010-02-23 17:55:54 ----RA---- C:\WINDOWS\CtDrvIns.exe
2010-02-23 17:55:53 ----RA---- C:\WINDOWS\system32\V0260Srv.exe
2010-02-23 17:55:52 ----RA---- C:\WINDOWS\system32\V0260Pin.dll
2010-02-23 17:55:52 ----RA---- C:\WINDOWS\system32\V0260Hwx.dll
2010-02-23 17:55:52 ----RA---- C:\WINDOWS\system32\CtCamMgr.dll
2010-02-23 17:55:50 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-02-23 17:54:50 ----A---- C:\WINDOWS\IsUn040c.exe
2010-02-23 17:54:00 ----D---- C:\Program Files\Creative
2010-02-23 17:47:05 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2010-02-23 17:46:52 ----A---- C:\WINDOWS\system32\CNMLM83.DLL
2010-02-10 11:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:07:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-08 15:19:47 ----D---- C:\Documents and Settings\Propriétaire\Application Data\ImgBurn
2010-02-08 15:19:13 ----D---- C:\Program Files\ImgBurn
2010-02-08 14:45:59 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Cyberlink
2010-02-08 14:44:39 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-06 15:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-06 15:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-06 15:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-06 15:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-05 20:37:41 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-05 20:37:37 ----D---- C:\Program Files\MSBuild
2010-02-05 20:37:35 ----D---- C:\WINDOWS\system32\en-US
2010-02-05 20:37:29 ----D---- C:\Program Files\Reference Assemblies
2010-02-05 20:37:09 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-02-05 20:37:09 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-02-05 20:37:08 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-02-05 20:37:08 ----D---- C:\f78bd2282199b282fe378cb7ea3667fd
2010-02-05 20:34:45 ----D---- C:\Program Files\MSXML 6.0
2010-02-05 15:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-05 15:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-05 15:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-05 15:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-05 15:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-05 15:58:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-05 15:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-05 15:58:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-05 15:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-05 15:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-05 15:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-05 15:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-05 15:58:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-05 15:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-02-05 15:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-05 15:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-05 15:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-05 15:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-05 15:57:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-05 15:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-05 15:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-05 15:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-05 15:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-05 15:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-05 15:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-05 15:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-05 15:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-05 15:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-05 15:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-05 15:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-05 15:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-05 15:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-05 15:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-05 15:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-05 15:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-05 15:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-05 15:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-05 15:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-05 15:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-05 15:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-05 15:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-05 15:55:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-05 15:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-05 15:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-05 15:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-05 15:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-05 15:54:50 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-05 15:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-05 15:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-05 15:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-05 15:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-02-05 15:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-05 15:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-05 15:54:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-05 15:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-05 15:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-05 15:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-05 15:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-05 15:53:40 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-05 15:40:05 ----A---- C:\WINDOWS\system32\muweb.dll
2010-02-05 15:40:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-02-05 15:40:05 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-02-05 13:57:00 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Macromedia
2010-02-05 09:52:11 ----D---- C:\Documents and Settings\Propriétaire\Application Data\WinRAR
2010-02-05 09:45:16 ----D---- C:\Program Files\WinRAR
2010-02-05 09:44:03 ----D---- C:\Program Files\7-Zip
2010-02-05 08:09:42 ----RSD---- C:\WINDOWS\assembly
2010-02-05 08:09:20 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-05 08:08:41 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-02-05 08:08:37 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-02-05 08:08:18 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-02-05 08:07:41 ----D---- C:\Program Files\Microsoft
2010-02-05 08:07:24 ----D---- C:\Program Files\Windows Live SkyDrive
2010-02-05 08:07:02 ----D---- C:\Program Files\Windows Live
2010-02-05 08:02:16 ----D---- C:\Program Files\Fichiers communs\Windows Live
2010-02-05 07:29:52 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-02-05 07:26:09 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-05 07:24:46 ----D---- C:\Documents and Settings\Propriétaire\Application Data\MSNInstaller

======List of files/folders modified in the last 1 months======

2010-03-04 09:21:56 ----D---- C:\WINDOWS\system32
2010-03-04 09:13:13 ----D---- C:\WINDOWS\Temp
2010-03-04 07:19:02 ----D---- C:\WINDOWS\Prefetch
2010-03-04 07:19:01 ----D---- C:\WINDOWS\Debug
2010-03-04 07:18:28 ----D---- C:\WINDOWS
2010-03-04 07:16:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-04 07:16:36 ----D---- C:\Program Files\lg_fwupdate
2010-03-04 07:16:34 ----A---- C:\WINDOWS\lgfwup.ini
2010-03-04 07:16:30 ----RD---- C:\Program Files
2010-03-03 20:52:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-03 20:20:07 ----SHD---- C:\WINDOWS\Installer
2010-02-24 10:04:43 ----HD---- C:\WINDOWS\inf
2010-02-23 17:58:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-23 17:56:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-23 17:56:25 ----D---- C:\WINDOWS\system32\drivers
2010-02-23 17:55:53 ----D---- C:\WINDOWS\twain_32
2010-02-23 17:53:02 ----SD---- C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2010-02-23 17:53:02 ----D---- C:\Program Files\Fichiers communs\InstallShield
2010-02-12 08:33:55 ----D---- C:\WINDOWS\Media
2010-02-11 19:53:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-10 11:08:17 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:08:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-08 14:56:26 ----D---- C:\MyWorks
2010-02-07 09:44:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-06 15:04:45 ----D---- C:\WINDOWS\WinSxS
2010-02-06 15:02:52 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-05 20:37:33 ----RSD---- C:\WINDOWS\Fonts
2010-02-05 20:37:16 ----D---- C:\WINDOWS\system32\spool
2010-02-05 20:35:53 ----D---- C:\WINDOWS\system32\mui
2010-02-05 20:35:53 ----D---- C:\Program Files\Internet Explorer
2010-02-05 17:22:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-05 17:21:01 ----D---- C:\WINDOWS\system32\wbem
2010-02-05 17:21:01 ----D---- C:\WINDOWS\AppPatch
2010-02-05 15:58:54 ----D---- C:\Program Files\Messenger
2010-02-05 15:55:49 ----D---- C:\Program Files\Outlook Express
2010-02-05 13:57:00 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Adobe
2010-02-05 09:22:39 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-02-05 08:08:42 ----D---- C:\WINDOWS\system32\DirectX
2010-02-05 08:07:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-05 08:07:29 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-02-05 08:06:48 ----D---- C:\WINDOWS\pchealth
2010-02-05 08:02:16 ----D---- C:\Program Files\Fichiers communs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
R3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-08-03 202112]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
que dois je faire merci
Configuration: Windows XP / Internet Explorer 6.0

15 réponses

Réponse 1 / 15
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
Bonjour,

--> Télécharge UsbFix (par El Desaparecido & C_XX) sur ton Bureau.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le programme UsbFix situé sur ton Bureau.

--> Choisis l'option 1 (Recherche).

--> Laisse travailler l'outil.

--> Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
0
Réponse 2 / 15
Utilisateur anonyme
 
salut :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

0
Réponse 3 / 15
lylouma Messages postés 255 Statut Membre 2
 
merci de m'avoir répondu si vite

donc j'ai fait ce que tu ma dit gen -hack man

j'ai un écran blanc où il est noté searching ... patienté et il y a un curseur dessous qui clignote
avast n'a pas identifié de virus
0
Réponse 4 / 15
Utilisateur anonyme
 
ok c est presque la fin ;)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
lylouma Messages postés 255 Statut Membre 2
 
ça doit etre ça !!

List'em by g3n-h@ckm@n 1.2.8.5

User : Propriétaire (Administrateurs)
Update on 03/03/2010 by g3n-h@ckm@n ::::: 18.30
Start at: 10:09:37 | 04/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886498 [ Enabled | Updated ]

C:\ -> Disque fixe local | 76,68 Go (62,24 Go free) | NTFS
D:\ -> Disque CD-ROM

Boot: Normal

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\infocard.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\internet explorer.EXE
C:\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temp\10.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
Creative WebCam Tray REG_SZ "C:\Program Files\Creative\Shared Files\CamTray.exe"
Firewall Administrating REG_SZ C:\WINDOWS\infocard.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast5 REG_SZ C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
RaidTool REG_SZ C:\Program Files\VIA\RAID\raid_tool.exe
AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
RemoteControl REG_SZ "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
InCD REG_SZ C:\Program Files\Ahead\InCD\InCD.exe
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
LGODDFU REG_SZ "C:\Program Files\lg_fwupdate\fwupdate.exe"
Firewall Administrating REG_SZ C:\WINDOWS\infocard.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ MAISON-250B5777
DefaultUserName REG_SZ Propriétaire
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Propriétaire
AltDefaultDomainName REG_SZ MAISON-250B5777

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\IM11842.JPG-www.facebook.com.exe REG_SZ C:\WINDOWS\infocard.exe:*:Enabled:Firewall Administrating

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B794345-CA54-4274-8FCE-6E13F8F7E5F6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B794345-CA54-4274-8FCE-6E13F8F7E5F6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B794345-CA54-4274-8FCE-6E13F8F7E5F6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.orange.fr/portail

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Propriétaire\Local Settings\Temp\10.tmp
## C:\> hashdeep.exe C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Propriétaire\Local Settings\Temp\10.tmp
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
76,68 Go total, 62,26 Go libre (81%), 14% fragment‚ (fragmentation du fichier 28%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\WINDOWS\SET1A.tmp
Present !! : C:\WINDOWS\SET1D.tmp
Present !! : C:\WINDOWS\SET29.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\infocard.exe
Present !! : C:\Documents and Settings\Propri‚taire\Local Settings\Temp\~5A.tmp
Present !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Present !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\msgpl_db61.exe
Present !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\TFR7.exe
Present !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\{D7610C32-4B6B-A7CC-B1CF-26F73CD6F910}-infocard.exe
Present !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\mpengine.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 10:17:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\OF63YLZN\728x90_meetic_ciel_161209[1].swf 19939 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 10:32:28,50
0
Réponse 6 / 15
Utilisateur anonyme
 
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

ensuite ceci :

https://forums.commentcamarche.net/forum/affich-16865701-virus#1
0
Réponse 7 / 15
lylouma Messages postés 255 Statut Membre 2
 
Kill'em by g3n-h@ckm@n 1.2.8.5

User : Propriétaire (Administrateurs)
Update on 03/03/2010 by g3n-h@ckm@n ::::: 18.30
Start at: 10:49:35 | 04/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886498 [ Enabled | Updated ]

C:\ -> Disque fixe local | 76,68 Go (62,24 Go free) | NTFS
D:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\internet explorer.EXE
C:\Documents and Settings\Propriétaire\Bureau\internet explorer.EXE
C:\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temp\14.tmp\ERUNT.EXE
C:\Documents and Settings\Propriétaire\Local Settings\Temp\14.tmp\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\WINDOWS\SET1A.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET1D.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET29.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\infocard.exe

Quarantined & Deleted !! : C:\Documents and Settings\Propri‚taire\Local Settings\Temp\~5A.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\msgpl_db61.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\TFR7.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\{D7610C32-4B6B-A7CC-B1CF-26F73CD6F910}-infocard.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri‚taire\LOCAL Settings\Temp\mpengine.dll

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 8 / 15
lylouma Messages postés 255 Statut Membre 2
 
j'ai toujour postarticles.net qui reviens toujour à la page de demarage internet
0
Réponse 9 / 15
Utilisateur anonyme
 
fais le post1
0
Réponse 10 / 15
lylouma Messages postés 255 Statut Membre 2
 
c'est quoi le^post 1 ????

je suis novice

merci
0
Réponse 11 / 15
Utilisateur anonyme
 
(desole willy j'ai pas vu de suite....)

le post1 :

https://forums.commentcamarche.net/forum/affich-16865701-virus#1
0
Réponse 12 / 15
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
Pas grave ;)
0
Réponse 13 / 15
lylouma Messages postés 255 Statut Membre 2
 
ok
donc comment je peut faire pour supprimer postarticle
0
Réponse 14 / 15
lylouma Messages postés 255 Statut Membre 2
 
up s'il vous plait
0
Réponse 15 / 15
lylouma Messages postés 255 Statut Membre 2
 
resolu cool
merci encore
0

Discussions similaires

Chrome://newtab
Nova -
snoopy35_ -

14 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses
Virus dans filezilla
balnelius10 -
fabul -

9 réponses