Sujet Précédent Sujet Suivant

Virus msn

Résolu
kombat43 Messages postés 19 Statut Membre -  
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour, tout le monde jaurais besoin d'aide avec mon msn pcq que jai stupidement ouvert un fichier que mon friend ma "envoyer" qui disait en anglais voici une photo de moi et toi jvoulais savoir si jpouvais la mettre et apres sa bin la a chaque que quelquun se connecte quand jsuis connecter bin sa lui envoye un message et un dossier

svp jai besoin daide merci davance

tk peace

ps: désoler si jlai po mit dans la bonne section
A voir également:

33 réponses

  • 1
  • 2
Réponse 1 / 33
tanger212 Messages postés 205 Statut Membre 22
 
salut ton message n'est pas claire
0
Réponse 2 / 33
titicecile
 
salut

http://www.webaide.net/Suppression-du-virus-MSN-Backdoor-Win32-IRCBot-aaq-aide-161.html

va faire un tour si c'est la solution tant mieux sinon explque mieux ton probleme
0
Réponse 3 / 33
kombat43 Messages postés 19 Statut Membre
 
bin jvien de lai essayer pi yon rien trouver mais cest koi ke tu voudrait de plus comme information
0
Réponse 4 / 33
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
--

S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Salut !
Fais ceci Puis redémarres : http://sosvirus.changelog.fr/MSNFix.zip
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Doubles cliques sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarres ton ordinateur en mode sans échec .
Puis passes SDfix.
Et postes les rapports ici stp.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
tanger212 Messages postés 205 Statut Membre 22
 
slut essaye d'utiliser avast c'est un antivirus il est gratuit
0
Réponse 6 / 33
Utilisateur anonyme
 
Rebonsoir kombat43, on va suivre la discussion ici (par la suite évite les doublons : tu as poster à deux endroits différents....Il y en a d'autres ?)
http://www.commentcamarche.net/forum/affich 4655747 svp besoin d aide ac messenger

Salut jalob. et les autres,

tanger212 => slut essaye d'utiliser avast c'est un antivirus il est gratuit => Qui te dis qu'il ne l'a pas ?

Kombat, suis les infos de jalob. (peut-être faire un HiJack avant le SDfix...?)

A+
0
Réponse 7 / 33
kombat43 Messages postés 19 Statut Membre
 
sry pour le doublons cest pcqe lautre jlai po plasser dans bonne catégorie et jai eu peur quont me répondre po
0
Réponse 8 / 33
kombat43 Messages postés 19 Statut Membre
 
sry pour le doublons cest pcqe lautre jlai po plasser dans bonne catégorie et jai eu peur quont me répondre po

tk vla kesse ke ta demander jespere que cest sa

SDFix: Version 1.126

Run by ric on 2008-01-14 at 20:53

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\ric\Mes documents\Nouveau dossier\SDFix

Safe Mode:
Checking Services:

Name:
uyggryna

Path:
C:\WINDOWS\system32\kcesvsn.exe /service

uyggryna - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\KCESVSN.EXE - Deleted
C:\WINDOWS\SYSTEM32\WLCFNJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\J.EXE - Deleted
C:\WINDOWS\SYSTEM32\EXNEJLK.EXE - Deleted
C:\Documents and Settings\ric\Favoris\Error Cleaner.url - Deleted
C:\Documents and Settings\ric\Favoris\Privacy Protector.url - Deleted
C:\Documents and Settings\ric\Favoris\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 21:00:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli cy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\WINDOWS\\System32\\LEXPPS.EXE:*:En abled:LEXPPS.EXE"
"C:\\Program Files\\Maestro Connector\\maestro_connector.exe"="C:\\Program Files\\Maestro Connector\\maestro_connector.exe:*:Enabled:Maestro Connector"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli cy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\ric\MESDOC~1\NOUVEA~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 29 Oct 2007 59,392 ..SHR --- "C:\WINDOWS\system32\runsvc.exe"
Mon 23 Apr 2007 3,358,720 A..H. --- "C:\My Games\Puzzle Detective\PuzzleDetective.exe"
Wed 19 Dec 2007 3,100,672 A..H. --- "C:\My Games\Zodiac Tower\Zodiac Tower.exe"
Sun 3 Jun 2007 1,425,408 A..H. --- "C:\My Games\Bistro Stars\BistroStars.exe"
Sun 3 Jun 2007 14,865,839 ...H. --- "C:\My Games\Mahjong Century\MahJongCentury.exe"
Sun 3 Jun 2007 610,304 A..H. --- "C:\My Games\The Da Vinci Code\TheDaVinciCode.exe"
Mon 4 Jun 2007 856,064 A..H. --- "C:\My Games\Mah Jong Medley\exe.exe"
Sun 10 Jun 2007 2,416,640 ...H. --- "C:\My Games\Da Vinci's Secret\da_vinci.exe"
Thu 18 Oct 2007 278,528 A..H. --- "C:\My Games\Bricks of Egypt\Bricks of Egypt.exe"
Fri 16 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 14 Nov 2007 6,219,320 A..H. --- "C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0041487.exe"
Mon 7 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 23 Nov 2007 315,787 A..H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Local Settings\Temp\BIT14.tmp"
Sat 13 Oct 2007 339,187 A..H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Local Settings\Temp\BIT12.tmp"
Sat 13 Oct 2007 336,252 A..H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Local Settings\Temp\BIT13.tmp"
Sat 13 Oct 2007 336,252 A..H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Local Settings\Temp\BIT11.tmp"
Sat 13 Oct 2007 292,539 A..H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Local Settings\Temp\BIT15.tmp"
Mon 27 Aug 2007 278,528 A.SH. --- "C:\Documents and Settings\ric\Local Settings\Temp\~rnsetu0\pncrt.dll"
Sun 13 Jan 2008 35,328 ...H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 13 Jan 2008 35,840 ...H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Application Data\Microsoft\Word\~WRL0432.tmp"
Sun 13 Jan 2008 37,888 ...H. --- "C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Application Data\Microsoft\Word\~WRL3326.tmp"

Finished!7 message(s) posté(s) depuis le mardi 15 janvier 2008
0
Réponse 9 / 33
Utilisateur anonyme
 
ARffff, on est pas du bon coté (pas sécurité...)
Je ne sais pas si les modos transfereront le topic ou s'il faut mieux aller là-bas...

A+
0
Réponse 10 / 33
kombat43 Messages postés 19 Statut Membre
 
okkk tu vien de me perdre lol

tk kin vla mon hi jack sa pourait peut etre taider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:52, on 2008-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\runsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://outlook.live.com/owa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Running Service] runsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
0
Réponse 11 / 33
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
--

S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)

Ouais !!!
Fichiers avec des attributs cachés ouais !
Jeux ,Crack,P2P belle sauce aux problèmes en effet !
SDfix a bien travaillé .
Non DllD continues mon ami ,j'ai eu ma journée bien remplie avec 7 assistances MSN.
Je ne voulais que limiter les dégats et les demandes pour MSN ,tu connais l'effet boule de neige ;-)
Bonne nuit
Jal
0
Réponse 12 / 33
Utilisateur anonyme
 
C'est sympa, jalob. mais je comptais partir au lit...il fait sommeil...OuuuahhHHH¨¨°°°...

Bon alors on reprend demain...

Bonne nuit à tous...

A+
0
Réponse 13 / 33
kombat43 Messages postés 19 Statut Membre
 
okk bin bonne nuit man
0
Réponse 14 / 33
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
--

S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)

KOMBAT, 1 min je te donnes des devoirs !
0
Réponse 15 / 33
kombat43 Messages postés 19 Statut Membre
 
kk
0
Réponse 16 / 33
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
--

S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)

Ok un petit coup KoMBAT 43.

Tu as aucun antivirus !
Tu as aucun pare-feu !
Tu as des infections !

1: Installes ceci sur le bureau et fermes tous les programmes Y compris ce fichue IE

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et poste le rapport.

2: Installes Antivir : http://www.commentcamarche.net/telecharger/telechargement 55 antivir

tutoriel : https://www.astucesinternet.com/modules/news/article.php?storyid=253

3: Installes un pare-feu : https://forums.cnetfrance.fr Lien et tuto.

4: Scan complet avec Antivir
Mets les resultâts de scans ici
Bon travail A+ Jal
0
Réponse 17 / 33
kombat43 Messages postés 19 Statut Membre
 
ComboFix 08-01-15.3 - Éric 2008-01-14 21:52:25.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.282 [GMT -5:00]
Running from: C:\Documents and Settings\Éric\Local Settings\Temporary Internet Files\Content.IE5\TSKPX1K2\ComboFix[1].exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Éric\Application Data\ShoppingReport
C:\Documents and Settings\Éric\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Éric\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Éric\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Éric\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Éric\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Éric\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Éric\Application Data\ShoppingReport\cs\res1\WhiteList.dbs

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.

2008-01-14 21:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 20:52 . 2008-01-14 20:52 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-14 20:32 . 2008-01-14 20:32 <REP> d-------- C:\Program Files\Trend Micro
2008-01-14 20:00 . 2008-01-14 20:00 <REP> d-------- C:\VundoFix Backups
2008-01-13 21:37 . 2008-01-13 21:37 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-13 19:59 . 2008-01-13 19:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 14:55 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-10 18:59 . 2008-01-10 18:59 <REP> d-------- C:\Program Files\uTorrent
2008-01-10 18:59 . 2008-01-10 18:59 <REP> d-------- C:\Documents and Settings\Éric\Application Data\uTorrent
2008-01-05 18:29 . 2008-01-05 18:29 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-31 14:28 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-27 22:35 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-12-27 22:35 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-27 22:35 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-12-27 22:35 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-12-27 22:34 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-27 22:34 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-27 22:34 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-27 22:34 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-27 22:34 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-27 22:34 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-27 22:34 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-27 22:34 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-27 22:34 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2007-12-17 17:39 . 2008-01-14 21:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 17:39 . 2007-12-17 17:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 17:38 . 2007-12-17 17:38 <REP> d-------- C:\Program Files\iPod
2007-12-17 09:02 . 2007-12-17 09:02 <REP> d--hs---- C:\FOUND.014

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 00:13 --------- d-----w C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Application Data\Zylom
2007-12-04 00:11 --------- d-----w C:\Program Files\Zylom Games
2007-11-28 02:42 --------- d-----w C:\Program Files\Picasa2
2007-11-28 02:37 --------- d-----w C:\Program Files\Winamp
2007-11-28 02:37 --------- d-----w C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-11-23 06:14 --------- d-----w C:\Program Files\SPYWAREfighter
2007-11-23 05:54 --------- d-----w C:\Program Files\AntiSpywareShield(2)
2007-11-22 23:25 --------- d-----w C:\Program Files\a-squared Free
2007-11-22 23:18 --------- d-----w C:\Program Files\AntiSpyGolden 5.1
2007-11-22 05:39 --------- d-----w C:\Program Files\VirusProtect 3.8
2007-11-21 21:16 --------- d-----w C:\Program Files\iPod(4)
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 06:00 59,392 --sh--r C:\WINDOWS\system32\runsvc.exe
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\shell32(2)(2).dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 15:01 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-25 15:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 15:00 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-17 15:40 1,941,504 ----a-w C:\WINDOWS\system32\Tropix.scr
2007-04-18 11:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-24 20:21 77,160 ----a-w C:\Documents and Settings\Diane\DSETUP.dll
2007-01-24 20:21 503,144 ----a-w C:\Documents and Settings\Diane\DXSETUP.exe
2007-01-24 20:21 1,673,576 ----a-w C:\Documents and Settings\Diane\dsetup32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-13 17:58 1838592]
"Windows Running Service"="runsvc.exe" [2007-10-29 01:00 59392 C:\WINDOWS\system32\runsvc.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 19:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-14 22:11:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{90350B76-994C-431B-9424-8763C10F9EF5}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-01-15 02:09:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 21:53:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 21:54:13
ComboFix-quarantined-files.txt 2008-01-15 02:54:12
.
2008-01-11 01:39:19 --- E O F ---
0
Réponse 18 / 33
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
--

S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)

Salut!
Je t'indique un lien afin que le jour ou ((( ta machine sera propre et fonctionnelle))) ,tu devras installer la ''Console de récupération'',
qui est absente sur ta machine.

Il est entendu que tu dois le faire mais 'seulement quand moi ou un autre helper te donnera le feu vert'!
Lien: http://support.microsoft.com/kb/307654/fr
-------------------------------------------------------------------------------------------------------------------------------------------------------------

j'attends le reste de tes résultâts. ^-)
0
Réponse 19 / 33
kombat43
 
bin jvien darriver pi la jsuis en train de faire le scan ac lanti virus pi des que cest fini jtenvoye le rapport

tk peace
0
Réponse 20 / 33
kombat43 Messages postés 19 Statut Membre
 
voici le rapport de lanti virus

AntiVir PersonalEdition Classic
Report file date: 15 janvier 2008 16:21

Scanning for 1041443 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Éric
Computer name: OEM-QHYHA2XN5XP

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 19:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 18:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 21:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 18:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 20:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:59:14
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 2008-01-15 20:59:14
ANTIVIR3.VDF : 7.0.2.1 2048 Bytes 2008-01-15 20:59:14
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 2008-01-15 20:59:16
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 16:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 13:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-15 20:59:16
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 13:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 18:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 13:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 17:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 18:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 18:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 15:37:22

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 15 janvier 2008 16:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RUNSVC.EXE' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\runsvc.exe'
Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'APDPROXY.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'UPHCLEAN.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
Process 'RUNSVC.EXE' has been terminated
C:\WINDOWS\system32\runsvc.exe
[DETECTION] Is the Trojan horse TR/Delf.akj.2
[INFO] The file was deleted!

35 processes with 34 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '23' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Éric\Mes documents\Nouveau dossier\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/kcesvsn.exe
[DETECTION] Is the Trojan horse TR/Agent.dnb
--> backups/wlcfnj.exe
[DETECTION] Is the Trojan horse TR/Agent.dnb
--> backups/j.exe
[DETECTION] Is the Trojan horse TR/Agent.dnb
--> backups/exnejlk.exe
[DETECTION] Is the Trojan horse TR/Agent.dnb
[INFO] The file was moved to '47f04ca6.qua'!
C:\Documents and Settings\Diane.OEM-QHYHA2XN5XP.000\Mes documents\Ma musique\downloads\001AB92F\Protected_11_16_2007_12_17_45.asf
[DETECTION] Is the Trojan horse TR/Wimad.A.Gen
[INFO] The file was moved to '47fc4cff.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0041460.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd50dc.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0041464.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd50ea.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0041512.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd530f.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0041523.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd5315.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0042527.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0042541.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] A backup was created as '47bd5321.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP234\A0042552.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd5326.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP235\A0045613.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd5328.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP235\A0046117.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd5337.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP235\A0046118.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '46230448.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP235\A0046119.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd5338.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP235\A0046120.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '46230449.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP235\A0046121.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd5339.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP235\A0046122.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4623044a.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP240\A0047702.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
[INFO] The file was moved to '47bd5350.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0047735.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.319488
[INFO] The file was moved to '47bd5352.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0047738.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.Zlob.AAGR
[INFO] The file was moved to '46230423.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048041.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '47bd535a.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048250.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd535c.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048251.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4623042d.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048252.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd535e.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048253.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd535d.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048254.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4623042e.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048343.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd535f.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP241\A0048393.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd5360.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0049381.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '47bd5376.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0049382.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '46230407.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0049383.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '47bd5378.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0049392.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '47bd5377.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0049393.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '46230408.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0049394.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '47bd5379.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050393.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '46230409.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050394.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '47bd537a.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050395.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '4623040a.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050413.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
[INFO] The file was moved to '47bd537b.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050427.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '47bd537c.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050428.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '4623040d.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050429.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '47bd537d.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0050438.exe
[DETECTION] Is the Trojan horse TR/Virtl.1091
[INFO] The file was moved to '4623040e.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051459.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '47bd537f.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051460.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '462304f0.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051461.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '47bd5380.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051470.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '462304f1.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051471.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '47bd5382.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051472.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '47bd5381.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051498.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '462304f3.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051499.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '47bd5384.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP242\A0051500.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '462304f5.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP243\A0051520.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '47bd5383.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP243\A0051521.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '47bd5386.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP243\A0051522.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '462304f7.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP243\A0051530.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '47bd5388.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP243\A0051531.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '47bd5385.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP243\A0051532.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '462304f6.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051538.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABHB
[INFO] The file was moved to '462304f9.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051539.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.eoz.3
[INFO] The file was moved to '47bd538a.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051540.dll
[DETECTION] Is the Trojan horse TR/Zlob.14336.3
[INFO] The file was moved to '462304fb.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051616.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Malwarewipe.Q.5
[INFO] The file was moved to '47bd538c.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051638.DLL
[DETECTION] Is the Trojan horse TR/Dldr.FakeAlert.E
[INFO] The file was moved to '47bd5389.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051642.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.aab.2
[INFO] The file was moved to '462304fd.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051644.EXE
[DETECTION] Is the Trojan horse TR/Zlob.8704.1
[INFO] The file was moved to '47bd538e.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0051646.EXE
[DETECTION] Is the Trojan horse TR/Zlob.34304.C
[INFO] The file was moved to '462304ff.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0052616.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd5398.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0052666.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '462304e9.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0052692.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd5399.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0052693.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '462304ea.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0052694.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd539b.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0052695.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd539a.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0056029.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
[INFO] The file was moved to '47bd539f.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP244\A0056035.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '462304d0.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0058056.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53b3.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0058057.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '462304c4.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0058058.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53b5.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0058059.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '462304c6.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0058060.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53b4.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0058142.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd53b6.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0058192.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd53b7.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059294.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '47bd53c6.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059339.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '462304b7.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059346.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53c7.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059347.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '462304b8.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059348.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53c9.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059349.SYS
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53c8.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059403.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '462304ba.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059404.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53cb.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059405.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '462304bc.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059406.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53cd.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059407.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47bd53ca.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059416.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '462304bb.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP248\A0059461.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '462304be.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP297\A0066281.EXE
[DETECTION] Is the Trojan horse TR/Agent.dnb
[INFO] The file was moved to '47bd542e.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP297\A0066282.EXE
[DETECTION] Is the Trojan horse TR/Agent.dnb
[INFO] The file was moved to '4623035f.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP297\A0066283.EXE
[DETECTION] Is the Trojan horse TR/Agent.dnb
[INFO] The file was moved to '47bd5410.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP297\A0066284.EXE
[DETECTION] Is the Trojan horse TR/Agent.dnb
[INFO] The file was moved to '46230361.qua'!
C:\System Volume Information\_restore{CEB618B1-55E7-4C73-A5BA-BAC6C3D1D585}\RP299\A0066418.EXE
[DETECTION] Is the Trojan horse TR/Delf.akj.2
[INFO] The file was moved to '47bd5432.qua'!

End of the scan: 15 janvier 2008 19:52
Used time: 3:30:39 min

The scan has been done completely.

9993 Scanning directories
274677 Files were scanned
102 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
96 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
274575 Files not concerned
6847 Archives were scanned
1 Warnings
0 Notes
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses