Sujet Précédent Sujet Suivant

Infecté par des virus popup

Résolu/Fermé
Utilisateur anonyme - 24 mars 2010 à 01:12
 Utilisateur anonyme - 1 avril 2010 à 11:52
Bonjour,

J'ai des problèmes avec mon portable. J'ai des virus popup dont je ne suis pas capable de me débarassé. Merci à celui qui va me donner un coup de pouce

16 réponses

Réponse 1 / 16
Utilisateur anonyme
24 mars 2010 à 01:17
salut ;

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"


1
Utilisateur anonyme
24 mars 2010 à 02:06
List'em by g3n-h@ckm@n 1.6.0.4

User : Administrateur (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 20:25:33 | 2010-03-23

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local | 68,36 Go (42,46 Go free) | NTFS
D:\ -> Disque fixe local | 29,29 Go (28,89 Go free) [DONNEES] | NTFS
E:\ -> Disque fixe local | 14,13 Go (14,07 Go free) [GHOST] | NTFS
F:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\bill104.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.EXE
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\findstr.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LightScribe Control Panel REG_SZ C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
feedreader.exe REG_SZ "C:\Program Files\FeedReader30\feedreader.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Gestionnaire Antidote.exe REG_SZ C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsmqIntCert REG_SZ regsvr32 /s mqrt.dll
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe
SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
PDF Complete REG_SZ "C:\Program Files\PDF Complete\pdfsty.exe"
PTHOSTTR REG_SZ C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
CognizanceTS REG_SZ rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
Recguard REG_SZ C:\WINDOWS\Sminst\Recguard.exe
Reminder REG_SZ C:\WINDOWS\Creator\Remind_XP.exe
Scheduler REG_SZ C:\WINDOWS\SMINST\Scheduler.exe
Cpqset REG_SZ C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
WatchDog REG_SZ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
AccelerometerSysTrayApplet REG_SZ C:\WINDOWS\system32\AccelerometerSt.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ShStatEXE REG_SZ "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI REG_SZ "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
<NO NAME> REG_SZ
lxdxmon.exe REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
lxdxamon REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
sysfbtray REG_SZ C:\windows\bill104.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ APSHook.dll,wbsys.dll

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ administrateur
AltDefaultDomainName REG_SZ MARTINEAUJ
DefaultDomainName REG_SZ MARTINEAUJ
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
DisableCAD REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ PROTIC
DCacheUpdate REG_BINARY aebcef61e3caca01
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\DomainCache

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
C:\WINDOWS\SMINST\Scheduler.exe REG_SZ C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\McAfee\Common Framework\FrameworkService.exe REG_SZ C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\WINDOWS\system32\lxdxcoms.exe REG_SZ C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor
C:\WINDOWS\system32\lxdxcfg.exe REG_SZ C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Documents and Settings\Administrateur\Local Settings\Temp\7zS21.tmp\SymNRT.exe REG_SZ C:\Documents and Settings\Administrateur\Local Settings\Temp\7zS21.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe:*:Enabled:Lexmark Web Gateway
C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe:*:Enabled:
C:\Program Files\Armagetron Advanced\armagetronad.exe REG_SZ C:\Program Files\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad
C:\Program Files\Safari\Safari.exe REG_SZ C:\Program Files\Safari\Safari.exe:*:Enabled:Safari

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Disabled:Printer Device Monitor
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

DNS Server Search Order: 24.200.243.189
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www8.hp.com/fr/fr/home.html

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
68,36 Go total, 42,46 Go libre (62%), 12% fragment' (fragmentation du fichier 25%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Present !! : C:\WINDOWS\002718_.tmp
Present !! : C:\WINDOWS\bk23567.dat
Present !! : C:\WINDOWS\fdgg34353edfgdfdf
Present !! : C:\WINDOWS\lgo
Present !! : C:\WINDOWS\ligh
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : C:\WINDOWS\System32\x64
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 21:02:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:02:49,56
0
Réponse 2 / 16
Utilisateur anonyme
24 mars 2010 à 05:45
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0
Réponse 3 / 16
Utilisateur anonyme
25 mars 2010 à 00:15
Kill'em by g3n-h@ckm@n 1.6.0.4

User : Administrateur (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 18:02:25 | 2010-03-24

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local | 68,36 Go (42,48 Go free) | NTFS
D:\ -> Disque fixe local | 29,29 Go (28,89 Go free) [DONNEES] | NTFS
E:\ -> Disque fixe local | 14,13 Go (14,07 Go free) [GHOST] | NTFS
F:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SMINST\PCAngel.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Quarantined & Deleted !! : C:\WINDOWS\002718_.tmp
Quarantined & Deleted !! : C:\WINDOWS\bk23567.dat
Quarantined & Deleted !! : C:\WINDOWS\fdgg34353edfgdfdf
Quarantined & Deleted !! : C:\WINDOWS\lgo

Quarantined & Deleted !! : C:\WINDOWS\System32\_003083_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\x64
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467594.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467926.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146111103.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146114101.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\01011201014650115.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat

==============
host file OK !
==============

========
Registry
========

Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 4 / 16
Utilisateur anonyme
25 mars 2010 à 00:33
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur "all"

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
Utilisateur anonyme
25 mars 2010 à 02:18
Bonjour,
Votre lien de Oldtimer ne fonctionne pas,
ci vous ;e pouvez, il serait gentil de le réparer
0
Utilisateur anonyme
25 mars 2010 à 02:32
desactive ton antivirus pour le telecharger
0
Réponse 6 / 16
Utilisateur anonyme
26 mars 2010 à 00:47
Bonjour,
voici mes liens:

OTL.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsJ8Z1O6.txt



Extras.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsxwouar.txt
0
Utilisateur anonyme
26 mars 2010 à 00:50
Bonjour,
est-t-il grave que je ne l'ai pas fait en administrateur?
0
Réponse 7 / 16
Utilisateur anonyme
26 mars 2010 à 00:59
Bonjour,

Voici eux de ma session administrateur:

Otl: http://www.cijoint.fr/cjlink.php?file=cj201003/cijntQjt2p.txt


Extras: http://www.cijoint.fr/cjlink.php?file=cj201003/cijzipIS1q.txt
0
Réponse 8 / 16
Utilisateur anonyme
26 mars 2010 à 11:12
▶ Télécharge UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 9 / 16
Utilisateur anonyme
26 mars 2010 à 22:54
############################## | UsbFix V6.100 |

User : Administrateur (Administrateurs) # MARTINEAUJ
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:52:02 | 2010-03-26
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local # 68,36 Go (42,37 Go free) # NTFS
D:\ -> Disque fixe local # 29,29 Go (28,89 Go free) [DONNEES] # NTFS
E:\ -> Disque fixe local # 14,13 Go (14,07 Go free) [GHOST] # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 1,88 Go (1,85 Go free) # FAT

################## | Elements infectieux |

G:\autorun.inf

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

################## | Vaccin |


################## | ! Fin du rapport # UsbFix V6.100 ! |
0
Réponse 10 / 16
Utilisateur anonyme
26 mars 2010 à 23:45
ok option 2...............
0
Réponse 11 / 16
Utilisateur anonyme
26 mars 2010 à 23:56
Je pense que ce virus n'est plus dans mon ordinateur. Aujourd'hui, je n'ai remarqué aucun acte de virus
0
Réponse 12 / 16
Utilisateur anonyme
27 mars 2010 à 00:09
et ca c'est quoi ?

HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
0
Réponse 13 / 16
Utilisateur anonyme
31 mars 2010 à 23:40
J'ai trouvé le nom du virus qui est dans mon ordinateur

il s'agit de Xp defender pro
0
Réponse 14 / 16
Utilisateur anonyme
1 avril 2010 à 00:10
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 15 / 16
Utilisateur anonyme
1 avril 2010 à 02:58
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3939

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-03-31 20:50:20
mbam-log-2010-03-31 (20-50-20).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 250479
Temps écoulé: 1 heure(s), 19 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 11
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 61

Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swoko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql600oko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QL600OKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWOKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvc (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d46908fb-4d97-4c4d-8d00-02d665cf8b7e}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpq.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\00004baa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DQPU513E\Setup_312s2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IF9OETQO\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\LHZ99H29\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269302769.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269308610.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352672.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269363783.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364268.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269383009.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269436294.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\F5SCEZCJ\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[3].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\K1TJ8MEF\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\Setup_312s1[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\UMSPI9ON\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\ZR6NXQ3E\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Mes documents\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269296700.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269302825.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269383250.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269388273.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467594.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467926.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096703.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096704.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096705.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096706.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096707.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096708.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill104.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mrxoko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00004c8e.tmp (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269458438.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269466737.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146114101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\01011201014650115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269300841.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301142.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301143.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301144.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301149.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301150.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352977.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352979.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352981.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352983.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364570.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364571.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
0
Réponse 16 / 16
Utilisateur anonyme
1 avril 2010 à 11:52
je peux avoir le rapport de usbfix option suppression ?
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
Mon ordinateur a été infecté par un virus ou
henry4002 -
jorginho67 -

6 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses