Sujet Précédent Sujet Suivant

Sos !! je suis en detresse !

Fermé
babareba Messages postés 4 Date d'inscription mercredi 6 février 2008 Statut Membre Dernière intervention 6 février 2008 - 6 févr. 2008 à 15:12
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 6 févr. 2008 à 19:43
Bonjour, je suis un nouveau de ce forum car je me suis inscrit pour demander de l'aide car mon ordinateur a plusieurs virus mais je ne sais pas comment les enlever ....
j'ai regarder de nombreux sujet sur ces virus mai je n'y arrive pas ( je suis un petit utilisateur d'ordi ... )
J'ai vu qu'il falai faire un scan avec HijackThis et le poster , c'est pour sa que je poste le scan ici .
Pouriez vous me dire qu'es qu'il faut ke je fasse pour enlever tous ces virus ( baidu , win32 ...) merci d'avance .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06, on 2008-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Odebit Multimédia\V3\Odebit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Baptiste\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.baidu.com/index.php?tn=LordFox
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: BdSearch - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\Program Files\Baidu\iexp\BDSrHook.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BIE] RUNDLL32.EXE C:\PROGRA~1\Baidu\iexp\BDSrHook.dll,Rundll32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] FIFA Football 2007
O4 - HKLM\..\Run: [dsixfdzhxn] c:\windows\system32\dsixfdzhxn.exe dsixfdzhxn
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Odebit Multimedia V3] C:\Program Files\Odebit Multimédia\V3\Odebit.exe
O4 - HKCU\..\Run: [Odebit Multimedia V3 - Services] C:\Program Files\Odebit Multimédia\V3\Odebit.exe /info
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Web Offer] C:\WINDOWS\system32\sp2protect.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Web Offer] C:\WINDOWS\system32\sp2protect.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: °Ù¶ÈÊ×Ò³ - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://www.baidu.com/index.php?tn=LordFoxdg (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [!IESearch] °Ù¶ÈËÑË÷°éÂÂ
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

7 réponses

Réponse 1 / 7
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
6 févr. 2008 à 15:24
salut

fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

post aussi un nouveau hijack this que tu auras fais apres le passage de combofix.

@+
0
Réponse 2 / 7
babareba Messages postés 4 Date d'inscription mercredi 6 février 2008 Statut Membre Dernière intervention 6 février 2008
6 févr. 2008 à 16:03
merci de ta reponse si rapide ! j'ai fait les deux sccan et voici ce que sa donne :

ComboFix 08-02.05.3 - Baptiste 2008-02-06 15:59:37.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.573 [GMT 1:00]
Endroit: C:\Documents and Settings\Baptiste\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\adsrsvc.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.

2008-02-06 15:42 . 2008-02-06 15:42 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-03 17:55 . 2008-02-03 17:55 268 --ah----- C:\sqmdata06.sqm
2008-02-03 17:55 . 2008-02-03 17:55 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 10:52 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-03 10:52 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-03 10:51 . 2008-02-06 15:54 <REP> d-------- C:\Program Files\Trojan Remover
2008-02-03 10:51 . 2008-02-03 10:51 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\Simply Super Software
2008-01-29 21:59 . 2004-08-05 13:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-29 21:48 . 2004-08-05 13:00 1,086,058 -ra------ C:\WINDOWS\SET3B.tmp
2008-01-29 21:48 . 2004-08-05 13:00 1,014,836 -ra------ C:\WINDOWS\SET38.tmp
2008-01-29 21:48 . 2004-08-05 13:00 14,043 -ra------ C:\WINDOWS\SET48.tmp
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-29 20:54 . 2008-01-29 20:54 <REP> d-------- C:\WINDOWS\NV8401696.TMP
2008-01-29 20:06 . 2004-08-05 13:00 1,086,058 -ra------ C:\WINDOWS\SET3A.tmp
2008-01-29 20:06 . 2004-08-05 13:00 1,014,836 -ra------ C:\WINDOWS\SET37.tmp
2008-01-29 20:06 . 2004-08-05 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-29 20:06 . 2004-08-05 13:00 14,043 -ra------ C:\WINDOWS\SET47.tmp
2008-01-29 20:06 . 2004-08-05 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-29 20:06 . 2004-08-05 13:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-28 14:56 . 2008-01-29 22:07 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\F-Secure
2008-01-28 07:25 . 2008-01-28 07:25 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\ispnews
2008-01-27 17:57 . 2008-01-27 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-27 17:57 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-27 17:57 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-27 08:33 . 2008-01-27 08:33 118,842 -ra------ C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
2008-01-20 07:32 . 2008-01-23 09:09 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\Apple Computer
2008-01-20 07:32 . 2008-02-06 15:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 07:32 . 2008-01-20 07:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 07:31 . 2008-01-20 07:31 <REP> d-------- C:\Program Files\iTunes
2008-01-20 07:31 . 2008-01-20 07:31 <REP> d-------- C:\Program Files\iPod
2008-01-20 07:30 . 2008-01-20 07:30 <REP> d-------- C:\Program Files\Bonjour
2008-01-20 07:28 . 2008-01-20 07:29 <REP> d-------- C:\Program Files\QuickTime
2008-01-20 07:28 . 2008-01-20 07:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-20 07:28 . 2008-01-20 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-20 07:27 . 2008-01-20 07:27 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-20 07:27 . 2008-01-20 07:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 14:55 --------- d-----w C:\Program Files\Wanadoo
2008-02-06 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 10:01 --------- d-----w C:\Program Files\Trend Micro
2008-01-20 11:25 --------- d-----w C:\Program Files\UltraStar
2007-12-29 19:48 --------- d-----w C:\Program Files\Exact Audio Copy
2007-12-29 19:48 --------- d-----w C:\Documents and Settings\Baptiste\Application Data\AccurateRip
2007-12-28 16:33 --------- d-----w C:\Program Files\nutri
2007-12-26 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-25 07:38 --------- d-----w C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2007-12-25 07:22 --------- d-----w C:\Program Files\EA GAMES
2007-12-24 22:23 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2007-03-26 18:31 30,616 ----a-w C:\Documents and Settings\Baptiste\Application Data\GDIPFONTCACHEV1.DAT
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.zip
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 20:43 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Orange Link"="C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"Odebit Multimedia V3"="C:\Program Files\Odebit Multimédia\V3\Odebit.exe" [2007-02-04 19:58 1833984]
"Odebit Multimedia V3 - Services"="C:\Program Files\Odebit Multimédia\V3\Odebit.exe" [2007-02-04 19:58 1833984]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 13:00 44032]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"I downloaded pirated Software from P2P "="FIFA Football 2007" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 13:44 296544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Web Offer"="C:\WINDOWS\system32\sp2protect.exe" [ ]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 13:00 44544]

C:\Documents and Settings\Baptiste\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe [2008-01-27 08:34:45 32807]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-16 21:18:20 124912]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-05-10 18:12:34 835584]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2008-01-27 08:34]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-01-28 07:27]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-15 07:32]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 13:39]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 15:37]
S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 05:20]
S3 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]

*Newly Created Service* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A34FAB34-467D-DD78-B409-C7BED22D3142}]
C:\WINDOWS\system32\123456.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-02 14:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At18.job"
- C:\Documents
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At19.job"
- C:\Documents
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At20.job"
- C:\Documents
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\username.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\wudupdate.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\sp2protect.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-02-06 00:03:32 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 16:01:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-06 16:01:48
ComboFix-quarantined-files.txt 2008-02-06 15:01:46
.
2008-02-06 02:00:26 --- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:11, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Odebit Multimédia\V3\Odebit.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Baptiste\Bureau\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.baidu.com/index.php?tn=LordFox
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: BdSearch - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] FIFA Football 2007
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Odebit Multimedia V3] C:\Program Files\Odebit Multimédia\V3\Odebit.exe
O4 - HKCU\..\Run: [Odebit Multimedia V3 - Services] C:\Program Files\Odebit Multimédia\V3\Odebit.exe /info
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Web Offer] C:\WINDOWS\system32\sp2protect.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Web Offer] C:\WINDOWS\system32\sp2protect.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: °Ù¶ÈÊ×Ò³ - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://www.baidu.com/index.php?tn=LordFoxdg (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [!IESearch] °Ù¶ÈËÑË÷°éÂÂ
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 3 / 7
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
6 févr. 2008 à 16:30
re,

supprime ceci : FIFA Football 2007

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\sp2protect.exe
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\system32\wunauclt.exe
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job"
C:\WINDOWS\Tasks\At13.job"
C:\WINDOWS\Tasks\At14.job"
C:\WINDOWS\Tasks\At15.job"
C:\WINDOWS\Tasks\At16.job"
C:\WINDOWS\Tasks\At17.job"
C:\WINDOWS\Tasks\At18.job"
C:\WINDOWS\Tasks\At19.job"
C:\WINDOWS\Tasks\At20.job"
C:\WINDOWS\Tasks\At4.job"
C:\WINDOWS\system32\username.exe
C:\WINDOWS\Tasks\At7.job"
C:\WINDOWS\system32\wudupdate.exe
C:\WINDOWS\Tasks\At8.job"
C:\WINDOWS\Tasks\At9.job"


Folder::
C:\Program Files\serial.zip
C:\Program Files\serial.tde
C:\Program Files\wunauclt.zip
C:\Program Files\wunauclt.tbe
C:\Documents

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I downloaded pirated Software from P2P "=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Web Offer"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt2

et fais ceci :

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

fais anlyser ceci:

C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe

sur ce site :

http://virusscan.jotti.org/de/

et post le rapport ici.

donc post les trois rapports ici stp

@+
0
Réponse 4 / 7
babareba Messages postés 4 Date d'inscription mercredi 6 février 2008 Statut Membre Dernière intervention 6 février 2008
6 févr. 2008 à 18:00
j'ai fait ce que tu m'a di , mais je n'ai pa trouver le dossierC:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe sur mon disque c ! voici les 2 scan ComboFix 08-02.05.3 - Baptiste 2008-02-06 16:42:46.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.515 [GMT 1:00]
Endroit: C:\Documents and Settings\Baptiste\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Baptiste\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
File::C:\WINDOWS\system32\sp2protect.exeC:\WINDOWS\Tasks\At10.jobC:\WINDOWS\system32\wunauclt.exeC:\WINDOWS\Tasks\At11.jobC:\WINDOWS\Tasks\At12.job"C:\WINDOWS\Tasks\At13.job"C:\WINDOWS\Tasks\At14.job"C:\WINDOWS\Tasks\At15.job"C:\WINDOWS\Tasks\At16.job"C:\WINDOWS\Tasks\At17.job"C:\WINDOWS\Tasks\At18.job"C:\WINDOWS\Tasks\At19.job"C:\WINDOWS\Tasks\At20.job"C:\WINDOWS\Tasks\At4.job"C:\WINDOWS\system32\username.exeC:\WINDOWS\Tasks\At7.job"C:\WINDOWS\system32\wudupdate.exeC:\WINDOWS\Tasks\At8.job"C:\WINDOWS\Tasks\At9.job" Folder::C:\Program Files\serial.zipC:\Program Files\serial.tdeC:\Program Files\wunauclt.zipC:\Program Files\wunauclt.tbe C:\Documents Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"I downloaded pirated Software from P2P "=-[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"Web Offer"=-
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.

2008-02-06 16:32 . 2008-02-06 16:32 <REP> d-------- C:\Program Files\RayV
2008-02-06 15:42 . 2008-02-06 15:42 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-06 15:35 . 2004-08-05 13:00 400,896 --a------ C:\kmd.exe
2008-02-03 17:55 . 2008-02-03 17:55 268 --ah----- C:\sqmdata06.sqm
2008-02-03 17:55 . 2008-02-03 17:55 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 10:52 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-03 10:52 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-03 10:51 . 2008-02-06 15:54 <REP> d-------- C:\Program Files\Trojan Remover
2008-02-03 10:51 . 2008-02-03 10:51 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\Simply Super Software
2008-01-29 21:59 . 2004-08-05 13:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-29 21:48 . 2004-08-05 13:00 1,086,058 -ra------ C:\WINDOWS\SET3B.tmp
2008-01-29 21:48 . 2004-08-05 13:00 1,014,836 -ra------ C:\WINDOWS\SET38.tmp
2008-01-29 21:48 . 2004-08-05 13:00 14,043 -ra------ C:\WINDOWS\SET48.tmp
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-29 20:54 . 2008-01-29 20:54 <REP> d-------- C:\WINDOWS\NV8401696.TMP
2008-01-29 20:06 . 2004-08-05 13:00 1,086,058 -ra------ C:\WINDOWS\SET3A.tmp
2008-01-29 20:06 . 2004-08-05 13:00 1,014,836 -ra------ C:\WINDOWS\SET37.tmp
2008-01-29 20:06 . 2004-08-05 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-29 20:06 . 2004-08-05 13:00 14,043 -ra------ C:\WINDOWS\SET47.tmp
2008-01-29 20:06 . 2004-08-05 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-29 20:06 . 2004-08-05 13:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-28 14:56 . 2008-01-29 22:07 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\F-Secure
2008-01-28 07:25 . 2008-01-28 07:25 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\ispnews
2008-01-27 17:57 . 2008-01-27 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-27 17:57 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-27 17:57 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-27 08:33 . 2008-01-27 08:33 118,842 -ra------ C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
2008-01-20 07:32 . 2008-01-23 09:09 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\Apple Computer
2008-01-20 07:32 . 2008-02-06 15:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 07:32 . 2008-01-20 07:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 07:31 . 2008-01-20 07:31 <REP> d-------- C:\Program Files\iTunes
2008-01-20 07:31 . 2008-01-20 07:31 <REP> d-------- C:\Program Files\iPod
2008-01-20 07:30 . 2008-01-20 07:30 <REP> d-------- C:\Program Files\Bonjour
2008-01-20 07:28 . 2008-01-20 07:29 <REP> d-------- C:\Program Files\QuickTime
2008-01-20 07:28 . 2008-01-20 07:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-20 07:28 . 2008-01-20 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-20 07:27 . 2008-01-20 07:27 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-20 07:27 . 2008-01-20 07:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 15:41 --------- d-----w C:\Program Files\EA SPORTS
2008-02-06 15:30 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-06 14:55 --------- d-----w C:\Program Files\Wanadoo
2008-02-06 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 10:01 --------- d-----w C:\Program Files\Trend Micro
2008-01-20 11:25 --------- d-----w C:\Program Files\UltraStar
2007-12-29 19:48 --------- d-----w C:\Program Files\Exact Audio Copy
2007-12-29 19:48 --------- d-----w C:\Documents and Settings\Baptiste\Application Data\AccurateRip
2007-12-28 16:33 --------- d-----w C:\Program Files\nutri
2007-12-26 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-25 07:38 --------- d-----w C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2007-12-25 07:22 --------- d-----w C:\Program Files\EA GAMES
2007-12-24 22:23 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2007-03-26 18:31 30,616 ----a-w C:\Documents and Settings\Baptiste\Application Data\GDIPFONTCACHEV1.DAT
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.zip
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 20:43 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Orange Link"="C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"Odebit Multimedia V3"="C:\Program Files\Odebit Multimédia\V3\Odebit.exe" [2007-02-04 19:58 1833984]
"Odebit Multimedia V3 - Services"="C:\Program Files\Odebit Multimédia\V3\Odebit.exe" [2007-02-04 19:58 1833984]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59 204288]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2007-11-20 09:12 4306208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 13:00 44032]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"I downloaded pirated Software from P2P "="FIFA Football 2007" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 13:44 296544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Web Offer"="C:\WINDOWS\system32\sp2protect.exe" [ ]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 13:00 44544]

C:\Documents and Settings\Baptiste\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe [2008-01-27 08:34:45 32807]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-16 21:18:20 124912]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-05-10 18:12:34 835584]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2008-01-27 08:34]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-01-28 07:27]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-15 07:32]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 13:39]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 15:37]
S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 05:20]
S3 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]

*Newly Created Service* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A34FAB34-467D-DD78-B409-C7BED22D3142}]
C:\WINDOWS\system32\123456.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-02 14:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At18.job"
- C:\Documents
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At19.job"
- C:\Documents
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At20.job"
- C:\Documents
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\username.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\wudupdate.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\sp2protect.exe
"2008-01-29 21:04:47 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-02-06 00:03:32 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 16:43:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-02-06 16:44:24
ComboFix-quarantined-files.txt 2008-02-06 15:44:21
ComboFix2.txt 2008-02-06 15:01:49
.
2008-02-06 02:00:26 --- E O F ---
SDFix: Version 1.137

Run by Baptiste on 06/02/2008 at 17:13

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 17:40:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c3,fc,21,8f,21,71,9d,f8,70,38,b7,3d,b2,5e,a1,09,93,ee,02,13,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c3,fc,21,8f,21,71,9d,f8,70,38,b7,3d,b2,5e,a1,09,93,ee,02,13,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:d3,cd,85,d5,36,d8,4d,5b,b2,84,9f,0c,b1,63,0f,da,15,82,b0,27,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,eb,f0,be,d4,90,32,c7,4d,b7,c1,ed,21,ed,c5,d1,c4,3d,..
"khjeh"=hex:1d,ee,f2,49,54,fa,55,d0,03,c0,07,2c,46,ed,66,81,03,fd,ee,46,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e0,0b,6e,5c,f8,84,41,bf,a5,b2,72,95,e0,30,53,90,a9,71,d5,a3,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c3,fc,21,8f,21,71,9d,f8,70,38,b7,3d,b2,5e,a1,09,93,ee,02,13,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:67,17,1e,cb,9c,7d,0c,ca,7e,ee,ae,3a,b3,6d,90,d4,57,13,f2,71,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fa,30,0a,d9,e3,d4,97,df,8e,ad,02,5f,4a,98,ef,a5,3c,..
"khjeh"=hex:1d,ee,f2,49,54,fa,55,d0,03,c0,07,2c,46,ed,66,81,03,fd,ee,46,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d5,af,7d,d5,5b,3d,de,f1,28,79,c7,e7,a1,c7,19,54,9a,ec,c2,c0,b1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c3,fc,21,8f,21,71,9d,f8,70,38,b7,3d,b2,5e,a1,09,93,ee,02,13,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:67,17,1e,cb,9c,7d,0c,ca,7e,ee,ae,3a,b3,6d,90,d4,57,13,f2,71,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fa,30,0a,d9,e3,d4,97,df,8e,ad,02,5f,4a,98,ef,a5,3c,..
"khjeh"=hex:1d,ee,f2,49,54,fa,55,d0,03,c0,07,2c,46,ed,66,81,03,fd,ee,46,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,c1,97,e4,e6,97,f5,d9,ee,9c,60,3a,c1,1e,9a,33,b4,e8,ff,5a,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c3,fc,21,8f,21,71,9d,f8,70,38,b7,3d,b2,5e,a1,09,93,ee,02,13,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:67,17,1e,cb,9c,7d,0c,ca,7e,ee,ae,3a,b3,6d,90,d4,57,13,f2,71,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fa,30,0a,d9,e3,d4,97,df,8e,ad,02,5f,4a,98,ef,a5,3c,..
"khjeh"=hex:1d,ee,f2,49,54,fa,55,d0,03,c0,07,2c,46,ed,66,81,03,fd,ee,46,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,c1,97,e4,e6,97,f5,d9,ee,9c,60,3a,c1,1e,9a,33,b4,e8,ff,5a,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c3,fc,21,8f,21,71,9d,f8,70,38,b7,3d,b2,5e,a1,09,93,ee,02,13,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:67,17,1e,cb,9c,7d,0c,ca,7e,ee,ae,3a,b3,6d,90,d4,57,13,f2,71,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fa,30,0a,d9,e3,d4,97,df,8e,ad,02,5f,4a,98,ef,a5,3c,..
"khjeh"=hex:1d,ee,f2,49,54,fa,55,d0,03,c0,07,2c,46,ed,66,81,03,fd,ee,46,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,c1,97,e4,e6,97,f5,d9,ee,9c,60,3a,c1,1e,9a,33,b4,e8,ff,5a,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c3,fc,21,8f,21,71,9d,f8,70,38,b7,3d,b2,5e,a1,09,93,ee,02,13,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:67,17,1e,cb,9c,7d,0c,ca,7e,ee,ae,3a,b3,6d,90,d4,57,13,f2,71,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fa,30,0a,d9,e3,d4,97,df,8e,ad,02,5f,4a,98,ef,a5,3c,..
"khjeh"=hex:1d,ee,f2,49,54,fa,55,d0,03,c0,07,2c,46,ed,66,81,03,fd,ee,46,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7a,c1,97,e4,e6,97,f5,d9,ee,9c,60,3a,c1,1e,9a,33,b4,e8,ff,5a,6e,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007d

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 61


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 18 Jul 2006 1,019,094 A.SHR --- "C:\Program Files\serial.zip"
Sun 28 May 2006 397,306 A.SHR --- "C:\Program Files\wunauclt.zip"
Fri 21 Nov 2003 90,112 A..H. --- "C:\WINDOWS\vstriplangue.exe"
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 18 Jan 2001 32,768 A..H. --- "C:\Program Files\RM-X© Radio Recorder\ASProtect.dll"
Sun 17 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 2 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 10 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\326d1a08fc685e3efad9e9a5b059ebfb\BIT188.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT84.tmp"
Sat 10 Nov 2007 17,230,864 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5b6da8fb69b176ee583a3734e2af76e6\BIT185.tmp"
Tue 24 Apr 2007 6,810,624 A..H. --- "C:\Documents and Settings\Baptiste\Mes documents\thomas\raportttttttttttttt\~WRL2046.tmp"
Wed 25 Apr 2007 6,836,736 A..H. --- "C:\Documents and Settings\Baptiste\Mes documents\thomas\raportttttttttttttt\~WRL4085.tmp"
Tue 24 Apr 2007 6,810,624 A..H. --- "C:\Documents and Settings\Baptiste\Bureau\Mes images\thomas\raportttttttttttttt\~WRL2046.tmp"
Wed 25 Apr 2007 6,836,736 A..H. --- "C:\Documents and Settings\Baptiste\Bureau\Mes images\thomas\raportttttttttttttt\~WRL4085.tmp"

Finished!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
6 févr. 2008 à 18:19
re,

il va faloir que tu recomence combofix car tu n´as pas copie la citation comme je te l´avais ecrite...

il faut que dans le bloc note il soit comme ci dessous ( toi tu as tout mis a la suite sur la meme ligne, il faut qu´ils soient les uns en dessous des autres >exactement comme tu le voie ici )

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\sp2protect.exe
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\system32\wunauclt.exe
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job"
C:\WINDOWS\Tasks\At13.job"
C:\WINDOWS\Tasks\At14.job"
C:\WINDOWS\Tasks\At15.job"
C:\WINDOWS\Tasks\At16.job"
C:\WINDOWS\Tasks\At17.job"
C:\WINDOWS\Tasks\At18.job"
C:\WINDOWS\Tasks\At19.job"
C:\WINDOWS\Tasks\At20.job"
C:\WINDOWS\Tasks\At4.job"
C:\WINDOWS\system32\username.exe
C:\WINDOWS\Tasks\At7.job"
C:\WINDOWS\system32\wudupdate.exe
C:\WINDOWS\Tasks\At8.job"
C:\WINDOWS\Tasks\At9.job"


Folder::
C:\Program Files\serial.zip
C:\Program Files\serial.tde
C:\Program Files\wunauclt.zip
C:\Program Files\wunauclt.tbe
C:\Documents

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I downloaded pirated Software from P2P "=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Web Offer"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt2

pour C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe

il est dans tes programmes files dans le dossier orange et sous dossier application data je pensse sous sous dossier communication agent

si tu ne le voie pas fais ceci :

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «Ok» pour valider les changements.

Et appliquer !

@+
0
Réponse 6 / 7
babareba Messages postés 4 Date d'inscription mercredi 6 février 2008 Statut Membre Dernière intervention 6 février 2008
6 févr. 2008 à 19:15
ok , dsl .... voici le rapport de combofix , mais par contre j'ai regarder dans mon dossier program files il n'y a pas de dossier orange ....Meme quand j'affiche les dossiers cachés .

ComboFix 08-02.05.3 - Baptiste 2008-02-06 19:07:41.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.527 [GMT 1:00]
Endroit: C:\Documents and Settings\Baptiste\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Baptiste\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\WINDOWS\system32\sp2protect.exe
C:\WINDOWS\system32\username.exe
C:\WINDOWS\system32\wudupdate.exe
C:\WINDOWS\system32\wunauclt.exe
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job"
C:\WINDOWS\Tasks\At13.job"
C:\WINDOWS\Tasks\At14.job"
C:\WINDOWS\Tasks\At15.job"
C:\WINDOWS\Tasks\At16.job"
C:\WINDOWS\Tasks\At17.job"
C:\WINDOWS\Tasks\At18.job"
C:\WINDOWS\Tasks\At19.job"
C:\WINDOWS\Tasks\At20.job"
C:\WINDOWS\Tasks\At4.job"
C:\WINDOWS\Tasks\At7.job"
C:\WINDOWS\Tasks\At8.job"
C:\WINDOWS\Tasks\At9.job"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\serial.tde\
C:\Program Files\serial.zip\
C:\Program Files\wunauclt.tbe\
C:\Program Files\wunauclt.zip\
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.

2008-02-06 17:12 . 2004-08-05 13:00 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-02-06 17:11 . 2008-02-06 17:11 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-06 17:07 . 2008-02-06 17:43 <REP> d-------- C:\SDFix
2008-02-06 16:40 . 2004-08-05 13:00 400,896 --a------ C:\kmd.exe
2008-02-06 16:32 . 2008-02-06 16:32 <REP> d-------- C:\Program Files\RayV
2008-02-06 15:42 . 2008-02-06 15:42 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-03 17:55 . 2008-02-03 17:55 268 --ah----- C:\sqmdata06.sqm
2008-02-03 17:55 . 2008-02-03 17:55 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 10:52 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-03 10:52 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-03 10:51 . 2008-02-06 18:41 <REP> d-------- C:\Program Files\Trojan Remover
2008-02-03 10:51 . 2008-02-03 10:51 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\Simply Super Software
2008-01-29 21:59 . 2004-08-05 13:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-29 21:48 . 2004-08-05 13:00 1,086,058 -ra------ C:\WINDOWS\SET3B.tmp
2008-01-29 21:48 . 2004-08-05 13:00 1,014,836 -ra------ C:\WINDOWS\SET38.tmp
2008-01-29 21:48 . 2004-08-05 13:00 14,043 -ra------ C:\WINDOWS\SET48.tmp
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-29 20:59 . 2008-01-29 21:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-29 20:54 . 2008-01-29 20:54 <REP> d-------- C:\WINDOWS\NV8401696.TMP
2008-01-29 20:06 . 2004-08-05 13:00 1,086,058 -ra------ C:\WINDOWS\SET3A.tmp
2008-01-29 20:06 . 2004-08-05 13:00 1,014,836 -ra------ C:\WINDOWS\SET37.tmp
2008-01-29 20:06 . 2004-08-05 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-29 20:06 . 2004-08-05 13:00 14,043 -ra------ C:\WINDOWS\SET47.tmp
2008-01-29 20:06 . 2004-08-05 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-29 20:06 . 2004-08-05 13:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-28 14:56 . 2008-01-29 22:07 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\F-Secure
2008-01-28 07:25 . 2008-01-28 07:25 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\ispnews
2008-01-27 17:57 . 2008-01-27 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-27 17:57 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-27 17:57 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-27 08:33 . 2008-01-27 08:33 118,842 -ra------ C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
2008-01-20 07:32 . 2008-01-23 09:09 <REP> d-------- C:\Documents and Settings\Baptiste\Application Data\Apple Computer
2008-01-20 07:32 . 2008-02-06 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 07:32 . 2008-01-20 07:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 07:31 . 2008-01-20 07:31 <REP> d-------- C:\Program Files\iTunes
2008-01-20 07:31 . 2008-01-20 07:31 <REP> d-------- C:\Program Files\iPod
2008-01-20 07:30 . 2008-01-20 07:30 <REP> d-------- C:\Program Files\Bonjour
2008-01-20 07:28 . 2008-01-20 07:29 <REP> d-------- C:\Program Files\QuickTime
2008-01-20 07:28 . 2008-01-20 07:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-20 07:28 . 2008-01-20 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-20 07:27 . 2008-01-20 07:27 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-20 07:27 . 2008-01-20 07:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 17:55 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-06 17:55 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-06 17:55 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-06 17:44 --------- d-----w C:\Program Files\Wanadoo
2008-02-06 15:41 --------- d-----w C:\Program Files\EA SPORTS
2008-02-06 15:30 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-06 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 10:01 --------- d-----w C:\Program Files\Trend Micro
2008-01-20 11:25 --------- d-----w C:\Program Files\UltraStar
2007-12-29 19:48 --------- d-----w C:\Program Files\Exact Audio Copy
2007-12-29 19:48 --------- d-----w C:\Documents and Settings\Baptiste\Application Data\AccurateRip
2007-12-28 16:33 --------- d-----w C:\Program Files\nutri
2007-12-26 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-25 07:38 --------- d-----w C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2007-12-25 07:22 --------- d-----w C:\Program Files\EA GAMES
2007-12-24 22:23 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2007-03-26 18:31 30,616 ----a-w C:\Documents and Settings\Baptiste\Application Data\GDIPFONTCACHEV1.DAT
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.zip
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 20:43 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Orange Link"="C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"Odebit Multimedia V3"="C:\Program Files\Odebit Multimédia\V3\Odebit.exe" [2007-02-04 19:58 1833984]
"Odebit Multimedia V3 - Services"="C:\Program Files\Odebit Multimédia\V3\Odebit.exe" [2007-02-04 19:58 1833984]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59 204288]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2007-11-20 09:12 4306208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 13:00 44032]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 13:44 296544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 13:00 44544]

C:\Documents and Settings\Baptiste\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe [2008-01-27 08:34:45 32807]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-16 21:18:20 124912]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-05-10 18:12:34 835584]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2008-01-27 08:34]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-01-28 07:27]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-15 07:32]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 13:39]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 15:37]
S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 05:20]
S3 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]

*Newly Created Service* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A34FAB34-467D-DD78-B409-C7BED22D3142}]
C:\WINDOWS\system32\123456.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-02 14:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-06 00:03:32 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 19:09:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-06 19:10:08
ComboFix-quarantined-files.txt 2008-02-06 18:10:06
ComboFix2.txt 2008-02-06 15:44:25
ComboFix3.txt 2008-02-06 15:01:49
.
2008-02-06 02:00:26 --- E O F ---

merci pour tout .
0
Réponse 7 / 7
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
6 févr. 2008 à 19:43
re,

bon c´est mieux,

fais ceci :

Vide tes fichiers temporaires avec ceci:
->Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm

click sur option et décoche la case devant : delete prefect files

vide le manuellement :

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !

redemarre le pc et

on va laisser le dossier introuvable de coté le temps de faire ce scan en ligne :

Scan en ligne bitdefender :

https://www.bitdefender.com/toolbox/

Clicker sur " I agree " et suivre les indications

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

post le rapport ici lorsqu´il a fini

@+
0

Discussions similaires

Téléfilm avec Tracey Gold
misszizanie -
misszizanie -

2 réponses
Maéva En Detresse Non Jdéconne
MaevaEnDetresseLa -
aiglenoirdu29 -

9 réponses
Arnaque : Femmes en détresse en côte d'ivoire
joelejohny -
KingPin04 -

224 réponses