Pb .dll + virus

Résolu

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention -
petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention - 9 mars 2008 à 18:54

Bonjour,

Je n'arrive plus à défragmenter (reste bloquer à 1% et ce pendant + d'une heure) + Antivir m'alerte souvent (divers trojan)
Y a t il un docteur dans la salle ?? :)

Rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:23, on 05/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\dllcache\wintcps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OFFICEKB] C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-1957994488-1003\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Afficher la suite

A voir également:

Pb .dll + virus
Virus mcafee - Accueil - Piratage
Advapi32.dll ccleaner - Forum Windows 7
Softonic virus ✓ - Forum Virus
Faux message virus iphone ✓ - Forum Virus
Xinput1_3.dll - Forum Windows

18 réponses

Réponse 1 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

slt

analyse ce ficheir sur virus total et dis si infécté: https://www.virustotal.com/gui/

C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe

________________

colle un rapport avec antivir que tu as

______________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Hello Hello

voici déjà le rapport de virustotal :

Fichier kbdap32a.exe reçu le 2008.03.05 12:57:12 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.4.0 2008.03.05 -
AntiVir 7.6.0.73 2008.03.05 -
Authentium 4.93.8 2008.03.04 -
Avast 4.7.1098.0 2008.03.05 -
AVG 7.5.0.516 2008.03.05 -
BitDefender 7.2 2008.03.05 -
CAT-QuickHeal 9.50 2008.03.04 -
ClamAV 0.92.1 2008.03.05 -
DrWeb 4.44.0.09170 2008.03.05 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5589 2008.03.05 -
Ewido 4.0 2008.03.04 -
FileAdvisor 1 2008.03.05 -
Fortinet 3.14.0.0 2008.03.05 -
F-Prot 4.4.2.54 2008.03.04 -
F-Secure 6.70.13260.0 2008.03.05 -
Ikarus T3.1.1.20 2008.03.05 -
Kaspersky 7.0.0.125 2008.03.05 -
McAfee 5244 2008.03.04 -
Microsoft 1.3301 2008.03.05 -
NOD32v2 2923 2008.03.05 -
Norman 5.80.02 2008.03.04 -
Panda 9.0.0.4 2008.03.04 -
Prevx1 V2 2008.03.05 -
Rising 20.34.22.00 2008.03.05 -
Sophos 4.27.0 2008.03.05 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.05 -
TheHacker 6.2.92.233 2008.03.04 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.04 -
Webwasher-Gateway 6.6.2 2008.03.05 -

Information additionnelle
File size: 387584 bytes
MD5: a2704e47f9ac4cb6469d22a72b477a66
SHA1: 67260000e145da97b7db373a98f664e5afac3e3c
PEiD: -

Je commence combo-fix

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention > petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Et voila Combo-fix

ComboFix 08-03-04.5 - yp 2008-03-05 13:27:44.1 - NTFSx86

Endroit: C:\Documents and Settings\yp\Bureau\Combo-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
/wow section - STAGE 3

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Microsoft Security Adviser
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\avp.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
.

2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-04 12:48 . 2008-03-04 12:48 63 --a------ C:\WINDOWS\system32\i
2008-03-04 10:27 . 2008-03-04 10:27 <REP> d-------- C:\Program Files\Trend Micro
2008-03-04 09:57 . 2008-03-04 09:57 389,120 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
2008-03-04 09:07 . 2008-03-04 09:07 <REP> d-------- C:\Program Files\Lavasoft
2008-03-04 09:07 . 2008-03-04 10:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 08:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-04 08:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-04 08:43 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-04 08:43 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-04 08:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-04 08:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-04 08:43 . 2008-03-04 08:43 2,652 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-04 08:39 . 2007-07-31 21:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-04 08:39 . 2007-07-31 23:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-04 08:39 . 2008-03-04 19:36 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-04 08:25 . 2008-03-04 08:25 <REP> d-------- C:\_OTMoveIt
2008-03-03 18:23 . 2008-03-03 18:25 <REP> d-------- C:\Program Files\Tor
2008-03-03 18:23 . 2008-03-03 18:23 <REP> d-------- C:\Documents and Settings\yp\Application Data\Tor
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-15 10:54 . 2008-02-15 10:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-10 09:49 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Common Files
2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-02-10 09:49 . 2008-02-10 09:49 2,464 --a------ C:\WINDOWS\$_hpcst$.hpc
2008-02-10 09:48 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Sony Gps
2008-02-10 09:47 . 2008-02-10 09:47 <REP> d--hs---- C:\WINDOWS\ftpcache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 12:02 --------- d-----w C:\Program Files\FlashGet
2008-03-04 08:02 --------- d-----w C:\Program Files\Navilog1
2008-03-04 08:00 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-03-04 07:47 41,004 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_32_53_small.dmp.zip
2008-03-04 07:47 40,604 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_26_15_small.dmp.zip
2008-03-04 07:25 42,713 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_22_41_small.dmp.zip
2008-03-04 07:22 43,875 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_26_09_small.dmp.zip
2008-03-04 07:22 14,170,817 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_25_21_full.dmp.zip
2008-03-04 07:09 40,182 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_04_19_small.dmp.zip
2008-03-03 17:02 38,573 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_13_49_13_small.dmp.zip
2008-03-03 12:46 24,426 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_08_15_29_small.dmp.zip
2008-03-03 07:13 42,665 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_02_17_58_49_small.dmp.zip
2008-02-26 19:44 --------- d-----w C:\Program Files\mIRC
2008-02-24 21:47 --------- d-----w C:\Program Files\DivX
2008-02-24 09:43 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-02-24 09:43 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-02-24 09:43 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-21 08:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-01-21 08:36 --------- d-----w C:\Program Files\Nokia
2008-01-19 12:00 --------- d-----w C:\Documents and Settings\yp\Application Data\PC Suite
2008-01-18 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-17 08:06 9,733,451 ----a-w C:\Documents and Settings\yp\vlc-0.8.6d-win32.exe
2008-01-07 16:36 --------- d-----w C:\Program Files\Google
2007-08-01 07:58 41,653,912 ----a-w C:\Documents and Settings\yp\zlsSetup_70_337_000_fr.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" [2007-05-10 12:01 598920]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"H/PC Connection Agent"="C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18 405583]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 17:44 249896]
"OFFICEKB"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe" [2007-08-01 09:08 387584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-01 08:21:39 598016]
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 18:53:38 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 11:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 11:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 16:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\System32\NeroCheck.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 13:30:27
Windows 5.1.2600 NTFS

Balayage processus cachés ...

? [52356]
? [63976]
? [64032]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-05 13:30:57
ComboFix-quarantined-files.txt 2008-03-05 12:30:49

Réponse 2 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

colle moi un rapport avec antivir svp

Réponse 3 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Et voilà

AntiVir PersonalEdition Classic
Report file date: jeudi 6 mars 2008 08:22

Scanning for 1132684 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: SYSTEM
Computer name: YP-RCGWX3F5H8V9

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 17:48:53
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 17:48:53
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 17:48:54
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 17:48:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:02:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:14:21
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 08:27:08
ANTIVIR3.VDF : 7.0.2.231 167424 Bytes 04/03/2008 17:59:15
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 16:59:31
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 17:48:53
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 08:33:23
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 17:48:53
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 17:48:53
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 17:48:53
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 20/11/2007 16:59:48
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 17:48:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 17:48:55

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 6 mars 2008 08:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'msimn.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wintcps.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
Scan process 'RaUI.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'KBDAP32A.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\coktel\adibou2\APPLI_05\bnjccckj.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48399c0e.qua'!
C:\coktel\adibou2\APPLI_05\bqwzjjkq.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48469c15.qua'!
C:\coktel\adibou2\APPLI_05\bsslehhr.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48429c17.qua'!
C:\coktel\adibou2\APPLI_05\czltebtl.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483b9c1e.qua'!
C:\coktel\adibou2\APPLI_05\eeltjbtj.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483b9c0a.qua'!
C:\coktel\adibou2\APPLI_05\eerrnehs.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48419c0a.qua'!
C:\coktel\adibou2\APPLI_05\ehjklljn.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48399c0d.qua'!
C:\coktel\adibou2\APPLI_05\eqqbhben.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48409c17.qua'!
C:\coktel\adibou2\APPLI_05\erhkhbkr.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48379c18.qua'!
C:\coktel\adibou2\APPLI_05\ewqwhkll.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48409c1d.qua'!
C:\coktel\adibou2\APPLI_05\jehrqblj.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48379c0c.qua'!
C:\coktel\adibou2\APPLI_05\jhnjhtcn.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483d9c0f.qua'!
C:\coktel\adibou2\APPLI_05\kekqexhl.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483a9c0d.qua'!
C:\coktel\adibou2\APPLI_05\kjnlxjkh.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483d9c12.qua'!
C:\coktel\adibou2\APPLI_05\kklhlejk.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483b9c13.qua'!
C:\coktel\adibou2\APPLI_05\kljqvjte.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48399c15.qua'!
C:\coktel\adibou2\APPLI_05\lensjthb.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483d9c0e.qua'!
C:\coktel\adibou2\APPLI_05\ljcbbvtv.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48329c13.qua'!
C:\coktel\adibou2\APPLI_05\lkchjexb.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48329c15.qua'!
C:\coktel\adibou2\APPLI_05\lwehlsve.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48349c21.qua'!
C:\coktel\adibou2\APPLI_05\netnkbnj.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48439c0f.qua'!
C:\coktel\adibou2\APPLI_05\nwxleqhr.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48479c22.qua'!
C:\coktel\adibou2\APPLI_05\qqsekhlv.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48429c1c.qua'!
C:\coktel\adibou2\APPLI_05\rbewwkvr.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48349c0d.qua'!
C:\coktel\adibou2\APPLI_05\rhjehjes.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48399c14.qua'!
C:\coktel\adibou2\APPLI_05\rqjnetks.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48399c1d.qua'!
C:\coktel\adibou2\APPLI_05\rvkhenzb.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483a9c22.qua'!
C:\coktel\adibou2\APPLI_05\scntbjbn.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '495ad040.qua'!
C:\coktel\adibou2\APPLI_05\snvjwekw.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48459c1b.qua'!
C:\coktel\adibou2\APPLI_05\tjlsbsxj.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483b9c17.qua'!
C:\coktel\adibou2\APPLI_05\vswhbwnj.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48469c20.qua'!
C:\coktel\adibou2\APPLI_05\xrntlljh.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483d9c20.qua'!
C:\coktel\adibou2\APPLI_05\znkwebqb.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483a9c1c.qua'!
C:\coktel\adibou2\APPLI_05\ztbqbxer.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '48319c22.qua'!
C:\Documents and Settings\All Users\Application Data\nbkrjlbx.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '483a9c2a.qua'!
C:\Documents and Settings\yp\Mes documents\carine\zecol\maternelle\900 Exercices De Maternelle Par Thème Zecol.rar
[0] Archive type: RAR
--> Et7KcHW.exe
[DETECTION] Contains detection pattern of the worm WORM/Drefir.E
--> X1560NO.exe
[DETECTION] Contains detection pattern of the worm WORM/Drefir.E
--> bn6gUo1.exe
[DETECTION] Contains detection pattern of the worm WORM/Drefir.E
--> v4T18SJ.exe
[DETECTION] Contains detection pattern of the worm WORM/Drefir.E
--> u15Xu88.exe
[DETECTION] Contains detection pattern of the worm WORM/Drefir.E
[INFO] The file was moved to '47ffa402.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4847aa29.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP127\A0044576.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.54
[INFO] The file was moved to '47ffaa8f.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0045614.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47ffaa92.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047616.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa94.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047635.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6c5.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047636.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa95.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047637.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6c6.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047638.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa97.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047639.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6c8.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047640.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa96.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047641.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6c7.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047642.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa98.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047643.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa99.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047644.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6ca.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047645.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa9b.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047646.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6cc.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047647.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6c9.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047648.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa9a.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047649.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6cb.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047650.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa9d.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047651.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6ce.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047652.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa9f.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047653.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6f0.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047654.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa9c.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047655.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6cd.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047656.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa9e.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047657.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaaa1.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047658.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6f2.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047659.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaaa3.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047660.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6f4.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047661.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6cf.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047662.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa80.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047663.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6d1.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047664.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaaa5.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047665.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6f6.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047666.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaaa7.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047667.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6f8.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047668.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '47ffaa82.qua'!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047669.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4698e6d3.qua'!
C:\WINDOWS\system32\urdvxc.exe
[DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
[INFO] The file was moved to '4833abf7.qua'!
C:\WINDOWS\system32\xmlhlp.VIR
[DETECTION] Is the Trojan horse TR/Dldr.Agent.kdt
[INFO] The file was moved to '483babfa.qua'!

End of the scan: jeudi 6 mars 2008 09:31
Used time: 1:09:26 min

The scan has been done completely.

3123 Scanning directories
253416 Files were scanned
81 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
77 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
253335 Files not concerned
2015 Archives were scanned
2 Warnings
1 Notes

Réponse 4 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

AVG antispyxare

https://www.01net.com/telecharger/

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

__________________
vire le fichier : 900 Exercices De Maternelle Par Thème Zecol.rar

en allant dans poste de travail puis

C:\Documents and Settings\yp\Mes documents\carine\zecol\maternelle\900 Exercices De Maternelle Par Thème Zecol.rar

___________________

vire ce qui est dans quarantine en allant dans poste de travail puis c

C:\QooBox\Quarantine\

_____________

vire ce qui est en quarantaine dans antivir

_______________

desactive ta restauration systeme, puis redemarre l'ordi puis réactive la

https://www.informatruc.com

______________
puis refais un scan antivir et colle le rapport et surtout dis tes soucis actuels

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Hello

Déolé pour le délai mais les scan sont assez long :

Voici déjà AVG

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:42:04 07/03/2008

+ Résultat de l'analyse:

[1056] C:\WINDOWS\System32\dllcache\wintcps.exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\yp\Cookies\yp@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.

Fin du rapport

Concernant le fichier 900 Exercices De Maternelle Par Thème Zecol.rar .... je ne le trouve pas?? même en recherche.... bizarre non ?

Je m'occupe du reboot en virant la restauration et post le scan d'antivir ... doncdans +/- 2 h :/
a+tard Merci

Petitjb

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

Concernant le fichier 900 Exercices De Maternelle Par Thème Zecol.rar

il a du etre viré! par l'antivirus

Réponse 6 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

voila le scan d'Antivir

AntiVir PersonalEdition Classic
Report file date: vendredi 7 mars 2008 20:01

Scanning for 1136109 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: SYSTEM
Computer name: YP-RCGWX3F5H8V9

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 17:48:53
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 17:48:53
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 17:48:54
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 17:48:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:02:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:14:21
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 08:27:08
ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 18:56:45
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 16:59:31
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 17:48:53
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 08:33:23
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 17:48:53
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 17:48:53
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 17:48:53
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 20/11/2007 16:59:48
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 17:48:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 17:48:55

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 7 mars 2008 20:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wintcps.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'System' - '1' Module(s) have been scanned
Scan process 'System' - '1' Module(s) have been scanned
Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
Scan process 'RaUI.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'Tilesoft.com' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System32\Tilesoft.com'
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'KBDAP32A.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'Tilesoft.com' has been terminated
C:\WINDOWS\System32\Tilesoft.com
[DETECTION] Contains detection pattern of the worm WORM/Rbot.205824.1
[INFO] The file was deleted!

30 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP2\A0000004.com
[DETECTION] Contains detection pattern of the worm WORM/Rbot.205824.1
[INFO] The file was deleted!

End of the scan: vendredi 7 mars 2008 21:08
Used time: 1:07:28 min

The scan has been done completely.

3068 Scanning directories
247254 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
247251 Files not concerned
2022 Archives were scanned
2 Warnings
1 Notes

Concernant les messages suspects :
1/ "Message deFROM à TO le 06/03/2008 21:54
STOP ! WINDOWS REQUIRES IMMEDIATE ATTENTION
Windows has found 55 critical System Errors
To fix errors please do the following
etc....."

et Antivir :
C\windows@system32\tilsoft.com
Contains detection pattern of the worm WORM\Tbot.205824.1

Voilà :)

petitjb

Réponse 7 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Bonjour

Petite nouveauté : toute les 2 minutes j'ai un message d'erreur :
"explorer .exe a rencontré un pb et doit fermer. Nous vous prions de nous excuser etc.... Envoyer rapport/ne pas envoyer" voire même toutes les minutes....

ARGH.... dois-je déposer mon UC sur le trottoir ? ;)

Réponse 8 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Nouveau message d'antivir :
C;\Windows\System32\biteav.exe is the Trojan horse TR/Crypt.XPACK.Gen

.. bref ca continue....

Réponse 9 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C\windows@system32\tilsoft.com
C\Windows\System32\biteav.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________

-----------------
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

__________________

recolle un rapport combofix et un nouveau rapport hijakchits

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Hello JLPJLP
Voici le rapport OtMoveit

File/Folder C\windows\system32\tilsoft.com not found.
File/Folder C\Windows\System32\biteav.exe not found.

OTMoveIt2 v1.0.20 log created on 03082008_110119

************************************************
Et voila Navilog

Search Navipromo version 3.5.0 commencé le 08/03/2008 à 11:04:12,12

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2600.0000
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\yp\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\yp\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\yp\menudm~1\progra~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\yp\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\yp\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

4)Recherche fichiers connus :

*** Analyse terminée le 08/03/2008 à 11:06:46,91 ***

*************************

Je lance combofix et hijakthis

Réponse 10 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

ComboFix 08-03-07.4 - yp 2008-03-08 11:10:20.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.523 [GMT 1:00]
Endroit: C:\Downloads\Combo-Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\system\

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
.

2008-03-08 09:07 . 2008-03-08 09:07 4 --a------ C:\WINDOWS\system32\remove.x
2008-03-08 09:00 . 2008-03-08 09:00 <REP> d-------- C:\Program Files\WebAnim Gif
2008-03-08 09:00 . 2008-03-08 09:00 17 ---hs---- C:\WINDOWS\system32\Watrix20.xxxx
2008-03-08 08:53 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\ctl3dv2.dll
2008-03-08 08:53 . 2008-03-08 08:53 16 --a------ C:\WINDOWS\aninst00.whe
2008-03-07 21:43 . 2008-03-07 21:43 13,824 --a------ C:\WINDOWS\system32\medrci.exe
2008-03-06 21:53 . 2008-03-06 21:53 <REP> d-------- C:\Documents and Settings\yp\Application Data\Grisoft
2008-03-06 21:53 . 2008-03-06 21:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-06 21:53 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-06 20:37 . 2008-03-06 20:37 <REP> d-------- C:\WINDOWS\system32\java
2008-03-06 20:36 . 2008-03-06 20:37 861,036 --a------ C:\taz.exe
2008-03-06 20:33 . 2008-03-08 10:59 11,955 --a------ C:\WINDOWS\system32\ODCB.INI
2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-04 12:48 . 2008-03-04 12:48 63 --a------ C:\WINDOWS\system32\i
2008-03-04 10:27 . 2008-03-04 10:27 <REP> d-------- C:\Program Files\Trend Micro
2008-03-04 09:57 . 2008-03-04 09:57 389,120 -----c--- C:\WINDOWS\system32\dllcache\wintcps.exe
2008-03-04 09:07 . 2008-03-04 09:07 <REP> d-------- C:\Program Files\Lavasoft
2008-03-04 09:07 . 2008-03-04 10:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 08:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-04 08:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-04 08:43 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-04 08:43 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-04 08:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-04 08:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-04 08:43 . 2008-03-04 08:43 2,652 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-04 08:39 . 2007-07-31 21:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-04 08:39 . 2007-07-31 23:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-04 08:39 . 2008-03-04 19:36 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-04 08:25 . 2008-03-04 08:25 <REP> d-------- C:\_OTMoveIt
2008-03-03 18:23 . 2008-03-03 18:25 <REP> d-------- C:\Program Files\Tor
2008-03-03 18:23 . 2008-03-03 18:23 <REP> d-------- C:\Documents and Settings\yp\Application Data\Tor
2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-15 10:54 . 2008-02-15 10:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-10 09:49 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Common Files
2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-02-10 09:49 . 2008-02-10 09:49 2,464 --a------ C:\WINDOWS\$_hpcst$.hpc
2008-02-10 09:48 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Sony Gps
2008-02-10 09:47 . 2008-02-10 09:47 <REP> d--hs---- C:\WINDOWS\ftpcache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 10:10 --------- d-----w C:\Program Files\FlashGet
2008-03-08 10:07 --------- d-----w C:\Program Files\Navilog1
2008-03-04 08:00 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-03-04 07:47 41,004 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_32_53_small.dmp.zip
2008-03-04 07:47 40,604 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_26_15_small.dmp.zip
2008-03-04 07:25 42,713 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_22_41_small.dmp.zip
2008-03-04 07:22 43,875 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_26_09_small.dmp.zip
2008-03-04 07:22 14,170,817 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_25_21_full.dmp.zip
2008-03-04 07:09 40,182 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_04_19_small.dmp.zip
2008-03-03 17:02 38,573 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_13_49_13_small.dmp.zip
2008-03-03 12:46 24,426 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_08_15_29_small.dmp.zip
2008-03-03 07:13 42,665 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_02_17_58_49_small.dmp.zip
2008-02-26 19:44 --------- d-----w C:\Program Files\mIRC
2008-02-24 21:47 --------- d-----w C:\Program Files\DivX
2008-02-24 09:43 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-02-24 09:43 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-02-24 09:43 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-02-02 02:32 234,271 ----a-w C:\WINDOWS\system32\BlueSoleiI.exe
2008-01-21 08:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-01-21 08:36 --------- d-----w C:\Program Files\Nokia
2008-01-19 12:00 --------- d-----w C:\Documents and Settings\yp\Application Data\PC Suite
2008-01-18 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-17 08:06 9,733,451 ----a-w C:\Documents and Settings\yp\vlc-0.8.6d-win32.exe
2007-08-01 07:58 41,653,912 ----a-w C:\Documents and Settings\yp\zlsSetup_70_337_000_fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-05_13.30.37,52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-04 18:27:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-06 18:57:51 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-04 18:27:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-03-06 18:57:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-03-04 18:27:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-06 18:57:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-28 14:17:04 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-06 20:50:48 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 14:17:04 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-06 20:50:48 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-10-28 14:17:04 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-06 20:50:48 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-28 14:17:04 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-06 20:50:48 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" [2007-05-10 12:01 598920]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"H/PC Connection Agent"="C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18 405583]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 17:44 249896]
"OFFICEKB"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe" [2007-08-01 09:08 387584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Topic Soft"="Tilesoft.com" []
"FixBluetooth"="C:\WINDOWS\system32\BlueSoleiI.exe" [2008-02-02 03:32 234271]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Topic Soft"="Tilesoft.com" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleiI.lnk - C:\WINDOWS\system32\BlueSoleiI.exe [2008-02-02 03:32:14 234271]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-01 08:21:39 598016]
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 18:53:38 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 11:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 11:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 16:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\System32\NeroCheck.exe

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-09-06 18:48]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-09-06 18:48]
R2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;"C:\WINDOWS\System32\dllcache\wintcps.exe" [2008-03-04 09:57]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\System32\DRIVERS\CamDrL21.sys [2002-06-10 13:16]
S2 Microsoft XP TCP Ack Timing;Microsoft XP TCP Ack Timing;"C:\WINDOWS\System32\dllcache\winxptcp.exe" []
S2 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" /service []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 11:11:42
Windows 5.1.2600 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-08 11:12:27
ComboFix-quarantined-files.txt 2008-03-08 10:12:18
ComboFix2.txt 2008-03-05 12:30:58

Réponse 11 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:34, on 08/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dllcache\wintcps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OFFICEKB] C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Topic Soft] Tilesoft.com
O4 - HKLM\..\Run: [FixBluetooth] C:\WINDOWS\system32\BlueSoleiI.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Topic Soft] Tilesoft.com
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleiI.lnk = C:\WINDOWS\system32\BlueSoleiI.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe
O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Réponse 12 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

je viens de me rendre compte que ton windows n'est pas a jour du tout!!! c'est pour cela que les infections reviennent, il
pourquoi????

_____________

si tu n'as pas de parefeu mets en un de suite! ce qui permettra d'eviter que tu te reinfecte!

KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

_____________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
_____________________

______________

ensuite recolle un rapport antivir

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

coucou

J'ai installé Sunbelt ex-kerio car Zonealarm refuse dedémarrer (je l'aivais déjà installé avant que mes ennuis commence et je pense qu'un virus me l'a bloqué!)

Voici l'analyse de Sdfix:

[b]SDFix: Version 1.154 [/b]

Run by Administrateur on 09/03/2008 at 09:44

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Bureau\SDFix

[b]Checking Services [/b]:

Name:
MSWindows

Path:
"C:\WINDOWS\System32\urdvxc.exe" /service

MSWindows - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\dllcache\wintcps.exe - Deleted
C:\WINDOWS\system32\i - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 09:49:55
Windows 5.1.2600 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 668

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\ADMINI~1\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 3 Aug 2004 25,088 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0003.tmp"
Mon 2 Aug 2004 43,008 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0354.tmp"
Tue 3 Aug 2004 56,832 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0356.tmp"
Tue 3 Aug 2004 26,624 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0397.tmp"
Tue 3 Aug 2004 127,488 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0450.tmp"
Mon 2 Aug 2004 20,992 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0663.tmp"
Mon 2 Aug 2004 77,312 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0944.tmp"
Tue 3 Aug 2004 90,624 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL1876.tmp"
Tue 3 Aug 2004 164,352 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL2053.tmp"
Mon 2 Aug 2004 25,088 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL2667.tmp"
Mon 2 Aug 2004 190,464 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL3345.tmp"
Tue 19 Oct 2004 102,400 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\thŠme NOEL zecol\CD DE NOEL\Histoires\~WRL0001.tmp"

[b]Finished![/b]

Je lance Antivir.. RV dans qq heures :/ Merci pour ton soutien !

Ah oui... quand je télécharge des trucs via Falshget, à chaque fin de téléchargement AVIRA Antivir Netw. m'affiche le message suivant : "INVALID PARAMETER. The application will be closed."
Et avant d'utiliser SDfix, j'avais eu plusieurs fois le message "Message de FROM à TO , STOP ! Windows requires immediate attentionetc etc...."

à + tard

Réponse 13 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

Ah oui... quand je télécharge des trucs via Falshget, à chaque fin de téléchargement AVIRA Antivir Netw. m'affiche le message suivant : "INVALID PARAMETER. The application will be closed."

essaye de reinstaller FLASHGET
pour voir

j'attends le rapport antivir et un rapport hijakchits

Réponse 14 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Re

AntiVir PersonalEdition Classic
Report file date: dimanche 9 mars 2008 10:03

Scanning for 1136109 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: SYSTEM
Computer name: YP-RCGWX3F5H8V9

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 17:48:53
AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 17:48:53
LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 17:48:54
LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 17:48:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:02:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:14:21
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 08:27:08
ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 18:56:45
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 16:59:31
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 17:48:53
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 08:33:23
AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 17:48:53
AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 17:48:53
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 17:48:53
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 20/11/2007 16:59:48
RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 17:48:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 17:48:55

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 9 mars 2008 10:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
Scan process 'RaUI.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'KBDAP32A.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: dimanche 9 mars 2008 11:11
Used time: 1:08:39 min

The scan has been done completely.

3114 Scanning directories
248450 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
248450 Files not concerned
2030 Archives were scanned
2 Warnings
1 Notes

Réponse 15 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

et voilà Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:30, on 09/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OFFICEKB] C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixBluetooth] C:\WINDOWS\system32\BlueSoleiI.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleiI.lnk = C:\WINDOWS\system32\BlueSoleiI.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)
O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Réponse 16 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

ok le rapport est bon encore des soucis???

si ton windows est légal mets a jour windows!

DEMARREr puis tous les programmes puis WINDOWS UPDATE

Réponse 17 / 18

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

Ok.. a priori ca roule.. je n'ai plus de messages intempestifs ... suis en train de recharger flashget...et ensuite je reboot. Je verrais .. je te tiens au jus...

a+ tard...

Réponse 18 / 18

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

petitjb Messages postés 34 Date d'inscription Statut Membre Dernière intervention

OKOK.. vali valo.. j'ai eu un peu de mal à télécharger falshget... mais c'est bon.. tout roule !Merci beaucoup pour ton aide !

Bonne soirée

Petitjb

Discussions similaires

XINPUT1_3.dll manquant (missing)

Softonic,est-ce un virus ?

Xinput1_3.dll

Probleme d'installation jeu pc (il manquerait " XINPUT1_3.dll)

Problème avec XINPUT1_3.dll

Votre réponse

Discussions similaires