Avast et spybot introuvables
cecilialanha
Messages postés
11
Statut
Membre
-
salwa5 Messages postés 7552 Statut Contributeur -
salwa5 Messages postés 7552 Statut Contributeur -
bonjour j'ai un souci avec avast et spybot
leurs fichiers .exe ont tous disparu.
que faire ? AIDEZ-MOI svp.
je vous colle le rapport
Logfile of HijackThis v1.99.1
Scan saved at 22:00:47, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Securepoint Personal Firewall\driver\spfirewallsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Securepoint Personal Firewall] "C:\Program Files\Securepoint Personal Firewall\bin\sppfw.exe"
O4 - HKLM\..\Run: [tfoyjckdq] c:\windows\system32\tfoyjckdq.exe tfoyjckdq
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2be62b13d4794221a5dd361ff6258689
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2be62b13d4794221a5dd361ff6258689
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://es6-scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\t88ulil918q.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\slnceng.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Securepoint Personal Firewall (spfirewallsvc) - Securepoint GmbH - C:\Program Files\Securepoint Personal Firewall\driver\spfirewallsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
leurs fichiers .exe ont tous disparu.
que faire ? AIDEZ-MOI svp.
je vous colle le rapport
Logfile of HijackThis v1.99.1
Scan saved at 22:00:47, on 13/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Securepoint Personal Firewall\driver\spfirewallsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Securepoint Personal Firewall] "C:\Program Files\Securepoint Personal Firewall\bin\sppfw.exe"
O4 - HKLM\..\Run: [tfoyjckdq] c:\windows\system32\tfoyjckdq.exe tfoyjckdq
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2be62b13d4794221a5dd361ff6258689
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2be62b13d4794221a5dd361ff6258689
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://es6-scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\t88ulil918q.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\slnceng.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Securepoint Personal Firewall (spfirewallsvc) - Securepoint GmbH - C:\Program Files\Securepoint Personal Firewall\driver\spfirewallsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
A voir également:
- Avast et spybot introuvables
- Spybot - Télécharger - Antivirus & Antimalwares
- Désinstaller avast - Télécharger - Antivirus & Antimalwares
- Avast gratuit - Télécharger - Antivirus & Antimalwares
- Desinstaller avast secure browser ✓ - Forum Virus
- Vpn avast avis - Guide
11 réponses
bonsoir Télécharge Blacklight (de F-Secure)
https://www.f-secure.com/en
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
a++++
https://www.f-secure.com/en
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
a++++
salut,
je n'arrive a exécuter le logiciel que tu m'a dit l'icone est bien sur mon bureau mais quand je veux le lancer il ne sexécute pas
merci
je n'arrive a exécuter le logiciel que tu m'a dit l'icone est bien sur mon bureau mais quand je veux le lancer il ne sexécute pas
merci
ok essay ceci
Télécharge gmer : http://www2.gmer.net/gmer.zip
Déconnecte toi d'internet si possible et ferme tous les programmes.
Décompresse le fichier zip et double-clic sur gmer.exe
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
A droite, coche "Files" et "Services"
Clic sur Scan
Lorsque le scan est terminé, clic sur "copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
a+++
Télécharge gmer : http://www2.gmer.net/gmer.zip
Déconnecte toi d'internet si possible et ferme tous les programmes.
Décompresse le fichier zip et double-clic sur gmer.exe
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
A droite, coche "Files" et "Services"
Clic sur Scan
Lorsque le scan est terminé, clic sur "copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
a+++
bonjour,
voici le rootkit scan
merci d'avance
GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-16 21:37:19
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwQuerySystemInformation
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00CF200E
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00CF1DAF
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00CF1CF2
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00CF191B
.text C:\WINDOWS\EXPLORER.EXE[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF2D81
.text C:\WINDOWS\EXPLORER.EXE[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF2CF3
.text C:\WINDOWS\EXPLORER.EXE[1216] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 00CF2EF4
.text C:\WINDOWS\EXPLORER.EXE[1216] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 00CF2E63
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\AGRSMMSG.EXE[1780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\AGRSMMSG.EXE[1780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\SOUNDMAN.EXE[1792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\SOUNDMAN.EXE[1792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0090200E
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00901DAF
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00901CF2
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0090191B
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00902D81
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00902CF3
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 00902EF4
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 00902E63
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00A2200E
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00A21DAF
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00A21CF2
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00A2191B
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A22D81
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A22CF3
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 00A22EF4
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 00A22E63
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ADVAPI32.DLL!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ADVAPI32.DLL!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 011B200E
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 011B1DAF
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 011B1CF2
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 011B191B
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011B2D81
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011B2CF3
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 011B2EF4
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 011B2E63
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes [ FF, 25, F6, EC, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 06, E4, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 66, E8, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!VirtualAllocEx 7C809A72 6 Bytes [ FF, 25, AE, EA, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!CreateRemoteThread 7C81042C 6 Bytes [ FF, 25, 36, E6, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] advapi32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] advapi32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0180200E
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01801DAF
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01801CF2
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0180191B
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01802D81
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01802CF3
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 01802EF4
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 01802E63
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\WinRAR\WinRAR.exe[3496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Program Files\WinRAR\WinRAR.exe[3496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ADVAPI32.DLL!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ADVAPI32.DLL!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
---- Processes - GMER 1.0.12 ----
Process C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE (*** hidden *** ) 164
Process C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE (*** hidden *** ) 2036
Library C:\windows\system32\tfoyjckdq.exe (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE [2036] 0x00400000
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_04.b05\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_04\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_04\bin\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150040}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_09\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_09\bin\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150090}\
voici le rootkit scan
merci d'avance
GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-16 21:37:19
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Acer\Application Data\hidires\m_hook.sys ZwQuerySystemInformation
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[152] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE[164] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00CF200E
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00CF1DAF
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00CF1CF2
.text C:\WINDOWS\EXPLORER.EXE[1216] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00CF191B
.text C:\WINDOWS\EXPLORER.EXE[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CF2D81
.text C:\WINDOWS\EXPLORER.EXE[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CF2CF3
.text C:\WINDOWS\EXPLORER.EXE[1216] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 00CF2EF4
.text C:\WINDOWS\EXPLORER.EXE[1216] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 00CF2E63
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\AGRSMMSG.EXE[1780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\AGRSMMSG.EXE[1780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\AGRSMMSG.EXE[1780] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\SOUNDMAN.EXE[1792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\SOUNDMAN.EXE[1792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\SOUNDMAN.EXE[1792] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0090200E
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00901DAF
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00901CF2
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0090191B
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00902D81
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00902CF3
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 00902EF4
.text C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE[1800] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 00902E63
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00A2200E
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00A21DAF
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00A21CF2
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00A2191B
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A22D81
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A22CF3
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 00A22EF4
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1820] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 00A22E63
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE[1828] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE[1840] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ADVAPI32.DLL!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\Program Files\Microsoft Office\Office10\WINWORD.EXE[1868] ADVAPI32.DLL!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE[1880] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE[1964] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 011B200E
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 011B1DAF
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 011B1CF2
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 011B191B
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011B2D81
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011B2CF3
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 011B2EF4
.text C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE[1988] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 011B2E63
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes [ FF, 25, F6, EC, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 06, E4, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 66, E8, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!VirtualAllocEx 7C809A72 6 Bytes [ FF, 25, AE, EA, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] kernel32.dll!CreateRemoteThread 7C81042C 6 Bytes [ FF, 25, 36, E6, 15, 00 ]
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] advapi32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\PROGRAM FILES\SECUREPOINT PERSONAL FIREWALL\BIN\SPPFW.EXE[2008] advapi32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0180200E
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01801DAF
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01801CF2
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0180191B
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01802D81
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01802CF3
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 01802EF4
.text C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE[2036] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 01802E63
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\WinRAR\WinRAR.exe[3496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Program Files\WinRAR\WinRAR.exe[3496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ADVAPI32.DLL!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\Program Files\WinRAR\WinRAR.exe[3496] ADVAPI32.DLL!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ADVAPI32.dll!CreateProcessAsUserW 77DC7775 5 Bytes JMP 10002EF4
.text C:\DOCUME~1\Acer\LOCALS~1\Temp\Rar$EX00.484\gmer.exe[3596] ADVAPI32.dll!CreateProcessAsUserA 77DE0958 5 Bytes JMP 10002E63
---- Processes - GMER 1.0.12 ----
Process C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE (*** hidden *** ) 164
Process C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE (*** hidden *** ) 2036
Library C:\windows\system32\tfoyjckdq.exe (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\TFOYJCKDQ.EXE [2036] 0x00400000
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_04.b05\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_04\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_04\bin\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150040}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_09\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\jre1.5.0_09\bin\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150090}\
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonsoir tu es infecter par le virus bagle le plus simple c'est d'utiliser ce fix espagnole
telecharge eligabla :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil
à telecharger,clique sur:Descargar Elibagla 10.09
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe>laisse la case
"eliminar ficheros automaticamente">clique sur"explorar"
>laisse-le travailler>poste le rapport final qui sera
dans c:\infosat.txt
a+++
telecharge eligabla :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
tout en bas de cette page tu trouveras un outil
à telecharger,clique sur:Descargar Elibagla 10.09
installe ce fichier sur le bureau.
ensuite double-clic sur Elibagla.exe>laisse la case
"eliminar ficheros automaticamente">clique sur"explorar"
>laisse-le travailler>poste le rapport final qui sera
dans c:\infosat.txt
a+++
bonsoir
il reste WINTEMS.EXE.VIR ->bagle
que je n'arrive pas à enlever.
que faire?
Fri Feb 16 22:20:11 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE --> Bagle Renombrado a .VIR
C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"
Fri Feb 16 22:20:55 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Documents and Settings\Acer\Bureau\hamed\télécharger\rhéo\TRACKPRO CALIBRATION AND MAINTENANCE MANAGEMENT 2.4.192.ZIP --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0061838.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0061839.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0061840.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062006.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062017.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062093.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062108.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063106.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063121.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063227.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063459.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063465.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063472.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063493.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063534.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0064529.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0064534.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0064563.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP275\A0064596.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064607.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064608.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064609.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064624.EXE --> Eliminado Bagle
Fri Feb 16 22:27:08 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
il reste WINTEMS.EXE.VIR ->bagle
que je n'arrive pas à enlever.
que faire?
Fri Feb 16 22:20:11 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\HIDR.EXE --> Bagle Renombrado a .VIR
C:\DOCUMENTS AND SETTINGS\ACER\APPLICATION DATA\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"
Fri Feb 16 22:20:55 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Documents and Settings\Acer\Bureau\hamed\télécharger\rhéo\TRACKPRO CALIBRATION AND MAINTENANCE MANAGEMENT 2.4.192.ZIP --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0061838.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0061839.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0061840.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062006.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062017.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062093.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0062108.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063106.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063121.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063227.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063459.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063465.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063472.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063493.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0063534.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0064529.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0064534.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP274\A0064563.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP275\A0064596.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064607.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064608.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064609.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP276\A0064624.EXE --> Eliminado Bagle
Fri Feb 16 22:27:08 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
bonsoir normalement maintenant tu peu installer un antivirus
dans un premier temp je te conseille d'installer kaspersky car cette antivirus supprime tres cette infection
Télécharge la version d'essai de kaspersky ici :
https://www.kaspersky.fr/downloads?chapter=186498689
tutorial a suivre i (merci Malekal_morte) :
https://www.malekal.com/tutorial-kaspersky-trial/
Imprime ces instructions pour ne rien oublié
Après l'installation, lors de la configuration via l'assistant :
- désactive ou desinstalle avast sinon il va y'avoir un conflit
- Active la version d'évaluation des licences de 30 jours
- Lance une mise à jour automatique
- Active la protection de base
**Ne lance pas le scan tout de suite**
Redémarre en Sans Échec
- Démarre Kaspersky à partir du Menu Démarrer >> Tous les programmes >> Kaspersky Anti-virus
- Une icone avec un K grisé va apparaître en bas à droite à côté de l'horloge
- Fais un clic droit sur cette icône puis "Analyser le Poste de travail"
- Le scan de l'ordinateur va démarrer
- Une fois le scan terminé, de preference repare tous les virus trouvé
- Créé un rapport à partir du bouton Enregistrer-sous en bas de la fenêtre, enregistre le fichier sous le nom Kaspersky.txt sur ton Bureau.
a+++
dans un premier temp je te conseille d'installer kaspersky car cette antivirus supprime tres cette infection
Télécharge la version d'essai de kaspersky ici :
https://www.kaspersky.fr/downloads?chapter=186498689
tutorial a suivre i (merci Malekal_morte) :
https://www.malekal.com/tutorial-kaspersky-trial/
Imprime ces instructions pour ne rien oublié
Après l'installation, lors de la configuration via l'assistant :
- désactive ou desinstalle avast sinon il va y'avoir un conflit
- Active la version d'évaluation des licences de 30 jours
- Lance une mise à jour automatique
- Active la protection de base
**Ne lance pas le scan tout de suite**
Redémarre en Sans Échec
- Démarre Kaspersky à partir du Menu Démarrer >> Tous les programmes >> Kaspersky Anti-virus
- Une icone avec un K grisé va apparaître en bas à droite à côté de l'horloge
- Fais un clic droit sur cette icône puis "Analyser le Poste de travail"
- Le scan de l'ordinateur va démarrer
- Une fois le scan terminé, de preference repare tous les virus trouvé
- Créé un rapport à partir du bouton Enregistrer-sous en bas de la fenêtre, enregistre le fichier sous le nom Kaspersky.txt sur ton Bureau.
a+++
je ne peux pas installer Kaspersky
car au cours de l'installation il détecte encore Avast.
alors j'arrête l'installation de Kaspersky
j'essaie de lancer avast c'est impossible
j'essaie d'enlever avast c'est impossible
en résumé je ne peux pas installer de nouveau anti-virus ni lancer
l'ancien antivirus avast
car au cours de l'installation il détecte encore Avast.
alors j'arrête l'installation de Kaspersky
j'essaie de lancer avast c'est impossible
j'essaie d'enlever avast c'est impossible
en résumé je ne peux pas installer de nouveau anti-virus ni lancer
l'ancien antivirus avast
il faut d'abord desinstaller avast dans ajout/suppression de programe
relance l'outil Elibagla.exe
ensuite essay d'installer kaspersky
a+++
relance l'outil Elibagla.exe
ensuite essay d'installer kaspersky
a+++
impossible de supprimer avast
même en passant par le paneau de confiuration (ajouter/supprimer ynprogramme).
quand je lance EliBagle v10.14
Fri Feb 16 22:27:08 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Fri Feb 16 23:35:08 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Fri Feb 16 23:35:24 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Fri Feb 16 23:38:34 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\
plusieurs fois aucours de la soirée le firewall boque ce programme
est-ce que cela a un lien
File : C:\windows\system32\tfoyjckdq.exe
From : 192.168.1.2:137
To : 192.168.1.255:137
même en passant par le paneau de confiuration (ajouter/supprimer ynprogramme).
quand je lance EliBagle v10.14
Fri Feb 16 22:27:08 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Fri Feb 16 23:35:08 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Fri Feb 16 23:35:24 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Fri Feb 16 23:38:34 2007
EliBagle v10.14 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\
plusieurs fois aucours de la soirée le firewall boque ce programme
est-ce que cela a un lien
File : C:\windows\system32\tfoyjckdq.exe
From : 192.168.1.2:137
To : 192.168.1.255:137
