Sujet Précédent Sujet Suivant

Exploit + Bagle + autres / besoin d'aide !

missnata -  
 missnata -
Bonjour,

Mon PC sous vista a chopé des bebetes (malgre norton) et je ne m'en sors pas.

Ca a d abord bloqué norton bien sur.
J'ai reussi a installer d'autres antivirus, j'ai fait plusieurs scan qui ont revele (et supprimé) dans l ordre :
hdlrrr.exe
exploit.w32.ms04-007
worm.bagle.cq-1
win32.theef-H

Mais depuis toujours impossible de lancer Norton.
Hijackthis idem : "n'est pas une appllication win32 valide"
Plus de connexion wi-fi, je reussis deja difficilement a me connecter par cable (il faut diagnostiquer et reparer la connexion plusieurs fois avant que la connexion se retablisse

Quand je suis connectée a internet, msn fonctionne, emule aussi, adaware reussit a recuperer des mises a jours mais pas avast et spybot, et internet explorer et firefox ne trouvent pas la connexion.

j'ai essayé RegCure pour nettoyer mais ca ne change rien.
J'ai essaye le cd de drivers, rien non plus.

Je suppose qu'il reste des virus ou autres mais je ne m'en sors pas.
Quelqu un peut il me venir en aide ? Meric :-)

42 réponses

Précédent
Réponse 21 / 42
Utilisateur anonyme
 
Résinstalle Antivir stp.
et dit moi ou ça en est.

Pour le Wi-fi c'est un problème obscur sous Vista ...
Pour l'instant on fini la désinfection

++
0
missnata
 
j'ai désinstallé et reinstallé antivir.
pendant l'installation j'ai eu deux messages d'erreur me disant que l'install avait raté mais le logicile s installe quand meme.
j'ai essayé d 'updater et j'ai un message qui bug (obligee d arreter via ctrl.alt/suppr) et qui dit :
exception in module avcenter.exe
exception : access violation (0xc0000005) at address 0x00a18dfb

je mentionne le probleme du wifi parce que c'est apparu en meme temps que tous les autres en fait...
0
Réponse 22 / 42
Utilisateur anonyme
 
Re ... =/

Refais un scan Combofix stp. j'ai du loupé quelque chose ...

++

0
missnata
 
c'est fait (j'ai eu des messages d erreur d installation au demarrage decombo fix).



ComboFix 08-03-10.1 - FS 2008-03-12 22:21:45.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1336 [GMT 1:00]
Endroit: C:\Users\FS\Desktop\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_IDSVIX86


((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
.

2008-03-12 21:41 . 2008-03-12 21:41 <REP> d-------- C:\Program Files\Avira
2008-03-12 15:18 . 2008-03-12 15:18 <REP> d-------- C:\Deckard
2008-03-12 14:43 . 2008-03-12 14:43 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-03-12 13:59 . 2008-03-12 14:10 <REP> d-------- C:\Users\FS\.housecall6.6
2008-03-12 13:55 . 2008-03-12 13:55 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-03-12 13:55 . 2008-03-12 13:55 286,720 --a------ C:\Windows\PATCH.EXE
2008-03-12 13:55 . 2008-03-12 13:55 69,689 --a------ C:\Windows\UNZIP.DLL
2008-03-12 13:40 . 2008-03-12 13:40 <REP> d-------- C:\Windows\BDOSCAN8
2008-03-12 12:58 . 2008-03-12 12:58 118 --a------ C:\Windows\System32\MRT.INI
2008-03-12 09:44 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 09:44 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-12 01:18 . 2008-03-12 01:18 <REP> d-------- C:\Program Files\CleanUp!
2008-03-12 00:34 . 2008-03-12 00:34 <REP> d-------- C:\Windows\Avira
2008-03-11 13:24 . 2008-03-11 13:24 <REP> d-------- C:\Program Files\Trend Micro
2008-03-10 18:33 . 2008-03-04 04:50 1,555,456 --a------ C:\Windows\System32\mshtml.tlb
2008-03-10 14:17 . 2008-03-10 14:17 <REP> d-------- C:\Users\All Users\Martau
2008-03-10 14:17 . 2008-03-10 14:17 <REP> d-------- C:\ProgramData\Martau
2008-03-10 14:17 . 2008-03-10 14:17 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-03-10 13:51 . 2008-03-10 18:02 <REP> d-------- C:\fsc.tmp
2008-03-10 12:45 . 2008-03-10 12:48 <REP> d-------- C:\Program Files\RegCure
2008-03-10 12:42 . 2008-03-10 12:44 <REP> d-------- C:\Users\FS\AppData\Roaming\ErrorKiller
2008-03-10 12:42 . 2008-03-10 12:42 <REP> d-------- C:\Program Files\ErrorKiller
2008-03-10 00:37 . 2008-03-10 00:37 <REP> d-------- C:\Users\All Users\CheckPoint
2008-03-10 00:37 . 2008-03-10 00:37 <REP> d-------- C:\ProgramData\CheckPoint
2008-03-10 00:36 . 2008-03-10 00:37 <REP> d-------- C:\Windows\System32\ZoneLabs
2008-03-10 00:36 . 2008-03-12 22:27 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-03-10 00:36 . 2008-01-23 10:38 276,368 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-03-10 00:35 . 2008-03-12 22:26 <REP> d-------- C:\Windows\Internet Logs
2008-03-09 19:33 . 2008-03-09 19:33 <REP> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-09 03:43 . 2008-03-09 03:43 <REP> d--hs---- C:\Users\FS\UserData
2008-03-06 20:37 . 2008-03-06 20:37 <REP> d-------- C:\Windows\report
2008-03-06 18:07 . 2008-03-08 15:01 <REP> d-------- C:\Users\FS\SecurityScans
2008-03-06 18:06 . 2008-03-06 18:06 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer
2008-03-06 17:43 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin
2008-03-06 17:42 . 2008-03-06 17:43 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-06 02:24 . 2008-03-06 02:24 <REP> d-------- C:\Users\FS\AppData\Roaming\Simply Super Software
2008-03-06 02:24 . 2008-03-06 02:24 <REP> d-------- C:\Users\All Users\Simply Super Software
2008-03-06 02:24 . 2008-03-06 02:24 <REP> d-------- C:\ProgramData\Simply Super Software
2008-03-06 02:24 . 2008-03-09 02:56 <REP> d-------- C:\Program Files\Trojan Remover
2008-03-06 02:24 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-03-06 02:24 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-03-06 02:24 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-03-06 02:24 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-03-06 02:24 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-03-05 20:08 . 2008-03-09 12:33 <REP> d-------- C:\Program Files\Alwil Software
2008-03-05 19:28 . 2008-03-05 19:28 268 --ah----- C:\sqmdata01.sqm
2008-03-05 19:28 . 2008-03-05 19:28 244 --ah----- C:\sqmnoopt01.sqm
2008-03-05 17:16 . 2008-03-05 17:16 268 --ah----- C:\sqmdata00.sqm
2008-03-05 17:16 . 2008-03-05 17:16 244 --ah----- C:\sqmnoopt00.sqm
2008-03-04 03:23 . 2008-03-04 03:23 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-04 03:23 . 2008-03-04 03:23 1,409 --a------ C:\Windows\QTFont.for
2008-03-03 15:25 . 2008-03-03 15:25 <REP> d--h----- C:\Users\FS\AppData\Roaming\FDBTemp
2008-03-03 15:24 . 2008-03-05 12:49 <REP> d-------- C:\Program Files\PPT To Flash Studio 1
2008-03-02 12:36 . 2008-03-02 12:36 <REP> d-------- C:\Users\FS\AppData\Roaming\Final Draft
2008-03-02 12:35 . 2008-03-02 12:36 <REP> d-------- C:\Program Files\Final Draft 6
2008-03-02 11:50 . 2008-03-02 11:50 <REP> d-------- C:\Program Files\Screenplay Systems
2008-03-02 11:50 . 2008-03-02 11:51 519 --a------ C:\Windows\PowerReg.dat
2008-03-02 11:49 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-03-02 11:33 . 2008-03-02 11:33 <REP> d-------- C:\Users\FS\AppData\Roaming\Greyfirst
2008-03-02 11:33 . 2008-03-02 11:33 <REP> d-------- C:\Program Files\Celtx
2008-03-01 13:29 . 2008-03-01 13:29 <REP> d-------- C:\Windows\Sun
2008-02-29 19:04 . 2008-02-29 19:04 <REP> d-------- C:\Program Files\Free Audio Pack
2008-02-29 18:58 . 2008-02-29 18:59 <REP> d-------- C:\Program Files\Audacity
2008-02-29 18:26 . 2004-03-05 16:59 108,336 --a------ C:\Windows\system\mswinsck.ocx
2008-02-29 18:23 . 2008-03-05 14:03 69 --a------ C:\Windows\NeroDigital.ini
2008-02-29 15:36 . 2008-02-29 15:36 <REP> d-------- C:\Program Files\MSNTools
2008-02-29 11:04 . 2008-02-29 15:29 <REP> d-------- C:\Program Files\Messenger Jump! MSN Winks Installer
2008-02-29 10:44 . 2005-04-11 11:53 28,672 --a------ C:\Windows\System32\mcoinstall.exe
2008-02-29 10:43 . 1998-06-24 00:00 108,336 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-02-29 10:43 . 2005-04-05 16:28 22,016 --a------ C:\Windows\System32\MSWINSCK.oca
2008-02-29 10:43 . 1998-06-18 00:00 2,465 --a------ C:\Windows\System32\MSWINSCK.DEP
2008-02-28 11:16 . 2008-02-28 11:16 <REP> d-------- C:\Users\FS\AppData\Roaming\Nero
2008-02-28 11:10 . 2008-02-28 11:10 <REP> d-------- C:\Users\All Users\Nero
2008-02-28 11:10 . 2008-02-28 11:10 <REP> d-------- C:\ProgramData\Nero
2008-02-28 11:10 . 2008-02-28 11:13 <REP> d-------- C:\Program Files\Common Files\Nero
2008-02-26 21:43 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-02-26 21:41 . 2008-02-26 21:43 <REP> d-------- C:\Program Files\Java
2008-02-26 21:40 . 2008-02-26 21:40 <REP> d-------- C:\Program Files\Common Files\Java
2008-02-21 11:32 . 2008-02-21 11:32 <REP> d-------- C:\Program Files\NFO viewer
2008-02-21 09:02 . 2008-02-21 09:02 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-21 09:02 . 2008-02-21 09:02 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-21 08:59 . 2008-02-21 08:59 943,800 --a------ C:\Windows\System32\winload.exe
2008-02-21 08:59 . 2008-02-21 08:59 905,400 --a------ C:\Windows\System32\winresume.exe
2008-02-21 08:59 . 2008-02-21 08:59 595,456 --a------ C:\Windows\System32\schedsvc.dll
2008-02-21 08:59 . 2008-02-21 08:59 115,200 --a------ C:\Windows\System32\loadperf.dll
2008-02-21 08:59 . 2008-02-21 08:59 54,784 --a------ C:\Windows\System32\drivers\i8042prt.sys
2008-02-21 08:59 . 2008-02-21 08:59 39,424 --a------ C:\Windows\System32\lodctr.exe
2008-02-21 08:59 . 2008-02-21 08:59 35,384 --a------ C:\Windows\System32\drivers\kbdclass.sys
2008-02-21 08:59 . 2008-02-21 08:59 32,256 --a------ C:\Windows\System32\unlodctr.exe
2008-02-21 08:59 . 2008-02-21 08:59 23,552 --a------ C:\Windows\System32\nshhttp.dll
2008-02-21 08:59 . 2008-02-21 08:59 17,408 --a------ C:\Windows\System32\prflbmsg.dll
2008-02-21 08:59 . 2008-02-21 08:59 15,872 --a------ C:\Windows\System32\drivers\kbdhid.sys
2008-02-21 08:55 . 2008-02-21 08:55 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-21 08:55 . 2008-02-21 08:55 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-21 08:54 . 2008-02-21 08:54 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-21 08:54 . 2008-02-21 08:54 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-21 08:54 . 2008-02-21 08:54 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-21 08:54 . 2008-02-21 08:54 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-21 08:54 . 2008-02-21 08:54 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-21 08:52 . 2008-02-21 08:52 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 14:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-12 14:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-12 11:59 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 11:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 00:22 27,050 ----a-w C:\Users\FS\AppData\Roaming\nvModes.dat
2008-03-11 23:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 10:11 --------- d---a-w C:\ProgramData\TEMP
2008-03-09 18:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 14:30 --------- d-----w C:\Users\FS\AppData\Roaming\PC Suite
2008-03-04 03:53 78,336 ----a-w C:\Windows\System32\ieencode.dll
2008-03-04 03:52 830,464 ----a-w C:\Windows\System32\wininet.dll
2008-03-04 03:52 47,616 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-04 03:52 41,984 ----a-w C:\Windows\System32\licmgr10.dll
2008-03-04 03:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-04 03:52 20,480 ----a-w C:\Windows\System32\PDMSetup.exe
2008-03-04 03:52 17,920 ----a-w C:\Windows\System32\corpol.dll
2008-03-04 03:52 142,848 ----a-w C:\Windows\System32\IESetting.dll
2008-03-04 03:52 13,824 ----a-w C:\Windows\System32\SetIEInstalledDate.exe
2008-03-04 03:52 13,824 ----a-w C:\Windows\System32\SetDepNx.exe
2008-03-04 03:51 69,120 ----a-w C:\Windows\System32\iesetup.dll
2008-03-04 03:51 69,120 ----a-w C:\Windows\System32\admparse.dll
2008-03-04 03:51 66,560 ----a-w C:\Windows\System32\wextract.exe
2008-03-04 03:51 168,448 ----a-w C:\Windows\System32\iexpress.exe
2008-03-04 03:50 48,128 ----a-w C:\Windows\System32\mshtmler.dll
2008-03-04 03:50 45,568 ----a-w C:\Windows\System32\mshta.exe
2008-03-04 03:50 36,352 ----a-w C:\Windows\System32\imgutil.dll
2008-02-29 14:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-28 10:10 --------- d-----w C:\Program Files\Nero
2008-02-28 10:10 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-24 19:59 --------- d-----w C:\ProgramData\Lavasoft
2008-02-24 19:57 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-02-24 19:57 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2008-02-24 19:57 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-21 07:50 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-21 07:50 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-21 07:50 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-21 07:50 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-20 09:48 --------- d-----w C:\Program Files\QuickTime
2008-02-20 09:47 --------- d-----w C:\ProgramData\Apple Computer
2008-02-10 17:11 --------- d-----w C:\ProgramData\Apple
2008-02-10 17:11 --------- d-----w C:\Program Files\Apple Software Update
2008-01-28 08:41 --------- d-----w C:\ProgramData\Nokia
2008-01-28 08:35 --------- d-----w C:\Program Files\Nokia
2008-01-28 08:35 --------- d-----w C:\Program Files\Common Files\Nokia
2008-01-28 08:34 --------- d-----w C:\ProgramData\Installations
2008-01-28 08:30 --------- d-----w C:\Program Files\NSS
2008-01-28 06:01 --------- d-----w C:\ProgramData\FLEXnet
2008-01-27 10:51 --------- d-----w C:\Users\FS\AppData\Roaming\CyberLink
2008-01-26 11:05 --------- d-----w C:\Program Files\DVD Rip Factroy
2008-01-26 10:40 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-23 09:38 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-23 09:37 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-01-23 09:37 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-16 22:42 --------- d-----w C:\Users\FS\AppData\Roaming\InterVideo
2008-01-14 22:40 --------- d-----w C:\Users\FS\AppData\Roaming\ma-config.com
2008-01-14 22:38 --------- d-----w C:\Program Files\ma-config.com
2008-01-14 22:23 --------- d-----w C:\Users\FS\AppData\Roaming\InstallShield
2008-01-14 21:50 --------- d-----w C:\Program Files\epson
2008-01-09 22:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-01 18:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-01 18:14 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-01 18:14 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-01 18:14 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-01 18:14 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-01 18:14 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-01 18:14 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-01 18:14 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-01 18:14 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-01 18:14 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-01 18:13 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-01 18:13 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-01 18:13 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-01 17:59 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-01 17:59 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-01 17:59 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-01 17:59 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-01 17:58 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-01 17:58 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-01 17:58 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-01 17:57 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-01 17:57 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2006-07-01 12:42 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-11_20.55.53.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-05-25 00:21:00 118,784 ----a-w C:\Windows\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\Windows\BDOSCAN8\ipsupd.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\Windows\bdoscandel.exe
- 2008-03-11 19:52:02 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-12 21:25:12 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-02-21 10:00:46 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-03-12 11:59:26 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-03-09 23:37:08 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-03-12 11:59:27 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-09 23:37:07 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-03-12 11:59:25 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-03-09 23:37:08 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-12 11:59:25 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2007-08-28 22:19:32 136,064 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\CONTAB32.DLL
+ 2007-08-24 03:49:12 89,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\DLGSETP.DLL
+ 2007-10-05 19:37:38 17,927,192 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-24 03:49:40 342,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\MIMEDIR.DLL
+ 2007-08-28 22:20:20 2,949,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OLMAPI32.DLL
+ 2007-08-24 04:42:40 663,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OMSMAIN.DLL
+ 2007-08-24 04:42:44 195,480 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OMSXP32.DLL
+ 2007-08-28 22:20:44 600,992 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OUTLMIME.DLL
+ 2007-09-06 17:01:10 12,836,728 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OUTLOOK.EXE
+ 2007-08-28 22:22:04 180,128 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\OUTLPH.DLL
+ 2007-08-24 03:51:48 416,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\PSTPRX32.DLL
+ 2007-08-24 03:52:08 266,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\SCNPST32.DLL
+ 2007-08-24 03:52:10 275,896 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\SCNPST64.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109110000000000000000F01FEC\12.0.6215\XLCALL32.DLL
- 2008-03-06 16:28:38 1,165,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-12 11:58:50 1,165,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-06 16:28:39 20,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-12 11:58:51 20,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-06 16:28:38 159,504 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-03-12 11:58:50 159,504 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-03-06 16:28:39 217,864 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-12 11:58:51 217,864 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-06 16:28:39 18,704 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-12 11:58:51 18,704 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-06 16:28:39 35,088 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-12 11:58:51 35,088 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-06 16:28:38 845,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-12 11:58:50 845,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-03-06 16:28:38 922,384 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-12 11:58:51 922,384 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-06 16:28:39 272,648 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-12 11:58:51 272,648 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-03-06 16:28:39 888,080 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-12 11:58:51 888,080 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-06 16:28:38 1,172,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-12 11:58:50 1,172,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2002-10-15 13:29:40 77,824 ----a-w C:\Windows\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\Windows\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\Windows\runtsckl.exe
- 2008-03-10 17:19:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-12 00:32:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-10 17:19:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-12 00:32:06 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-10 17:19:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-12 00:32:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-11 19:52:37 524,288 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-12 21:27:33 524,288 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-11 19:21:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-12 21:26:27 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-11 19:52:37 524,288 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-12 21:27:33 524,288 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-03-11 19:35:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-12 21:25:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-11 19:35:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-12 21:25:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-11 19:35:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-12 21:25:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-11 19:49:01 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-03-11 23:30:08 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-03-11 23:30:08 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2007-09-07 11:05:19 62,016 ----a-w C:\Windows\System32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\Windows\System32\drivers\ssmdrv.sys
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\monitor.inf_1a316eff\monitor.sys
+ 2005-05-16 18:34:48 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\Windows\System32\mrt.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\Windows\System32\mrt.exe
- 2008-03-10 00:56:52 104,768 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-12 20:44:22 102,632 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-10 00:56:52 118,450 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-12 20:44:22 118,450 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-10 00:56:52 613,046 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-12 20:44:22 610,910 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-10 00:56:52 693,588 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-12 20:44:22 693,588 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-11 19:15:29 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-03-12 14:07:43 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-03-11 19:39:10 9,098 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-896426259-4123288725-606310277-1000_UserData.bin
+ 2008-03-12 20:41:07 9,682 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-896426259-4123288725-606310277-1000_UserData.bin
- 2008-03-11 19:39:09 67,030 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-12 20:41:07 67,858 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-11 19:20:02 40,912 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-12 20:41:51 42,444 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-10 17:33:26 21,706,671 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-12 11:59:30 21,810,988 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
+ 2007-12-16 22:52:59 1,061,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys
+ 2008-01-15 00:00:51 2,414,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16643_none_f0799cac6e717dff\OESpamFilter.dat
+ 2008-01-15 00:00:38 2,414,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20778_none_f0e7cb2587a2f04f\OESpamFilter.dat
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.16615_none_4117345983213804\monitor.sys
+ 2007-12-16 09:50:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.20740_none_417b5fee9c5bacee\monitor.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-07-01 13:00 1006264]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 19:57 159744]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-03-09 03:26 868432]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 13:46 4349952 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 00:31 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 00:31 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 00:31 81920]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-23 10:37 959976]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-03-13 14:01 29696]
"ErrorKiller"="C:\Program Files\ErrorKiller\ErrorKiller.exe" [2008-03-07 13:34 2548984]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-896426259-4123288725-606310277-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7DCB6ED4-DD2F-4F20-8765-8139C3534225}"= Profile=Public|C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV|Desc=CyberLink PowerDV
"{7F3943E1-17A6-43A2-805D-217424758307}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{CE2002F2-B1CF-4A66-9E54-4D2F2AC9AE06}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E6955B29-FF43-44A2-A284-C431BA89448F}"= Disabled:C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV|Desc=CyberLink PowerDV
"{5BCEDEB1-652F-47BC-B096-8ACB71EB5FF9}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{EF64B08B-519B-430F-B814-B73ED516DD7B}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{4F8FD1C9-9EF6-43A9-B060-340F37FCEF7D}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 07:44]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 12:48]
R3 smscirrx;SMSC CIR Receive;C:\Windows\system32\DRIVERS\smscirrx.sys [2007-02-02 08:51]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 16:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 21:42:07 C:\Windows\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-03-12 21:27:29 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-10 11:56:41 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-11 00:40:00 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- F:\Spybot - Search & Destroy\SpybotSD.exe
"2008-03-12 21:20:31 C:\Windows\Tasks\User_Feed_Synchronization-{4836FA63-4A02-40D6-BC5E-C08D12FAE2C6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 22:27:59
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-12 22:30:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-12 21:30:05
ComboFix2.txt 2008-03-11 20:30:33
ComboFix3.txt 2008-03-11 19:56:12
.
2008-03-12 11:58:54 --- E O F ---
0
Réponse 23 / 42
Utilisateur anonyme
 
Re ,

Va sur ce site --> https://www.virustotal.com/gui/

Clique sur ' parcourir '

Cherche cse fichiers : ( en gras )

C:\Windows\PATCH.EXE
C:\Windows\QTFont.qfn
C:\Windows\QTFont.for


Clique sur ' send '

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

-> Poste le moi stp.

*************

Dit moi aussi tes soucis

++

0
missnata
 
Merci encore pour ton aide.

Voila les rapports :

C:\Windows\PATCH.EXE

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.4.0 2008.03.06 -
AntiVir 7.6.0.73 2008.03.06 -
Authentium 4.93.8 2008.03.06 -
Avast 4.7.1098.0 2008.03.06 -
AVG 7.5.0.516 2008.03.06 -
BitDefender 7.2 2008.03.06 -
CAT-QuickHeal 9.50 2008.03.06 -
ClamAV 0.92.1 2008.03.06 -
DrWeb 4.44.0.09170 2008.03.06 -
eSafe 7.0.15.0 2008.03.06 -
eTrust-Vet 31.3.5591 2008.03.06 -
Ewido 4.0 2008.03.06 -
FileAdvisor 1 2008.03.06 -
Fortinet 3.14.0.0 2008.03.06 -
F-Prot 4.4.2.54 2008.03.05 -
F-Secure 6.70.13260.0 2008.03.06 -
Ikarus T3.1.1.20 2008.03.06 -
Kaspersky 7.0.0.125 2008.03.06 -
McAfee 5245 2008.03.05 -
Microsoft 1.3301 2008.03.06 -
NOD32v2 2927 2008.03.06 -
Norman 5.80.02 2008.03.06 -
Panda 9.0.0.4 2008.03.06 -
Prevx1 V2 2008.03.06 -
Rising 20.34.32.00 2008.03.06 -
Sophos 4.27.0 2008.03.06 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.06 -
TheHacker 6.2.92.233 2008.03.04 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.06 -
Webwasher-Gateway 6.6.2 2008.03.06 -
Information additionnelle
File size: 286720 bytes
MD5: 19e73d5a247129160e27637328803475
SHA1: c2df5522ed494c66124f881db54e654d72d908ee
PEiD: Armadillo v1.71


C:\Windows\QTFont.qfn


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.12.0 2008.03.12 -
AntiVir 7.6.0.73 2008.03.12 -
Authentium 4.93.8 2008.03.11 -
Avast 4.7.1098.0 2008.03.11 -
AVG 7.5.0.516 2008.03.12 -
BitDefender 7.2 2008.03.12 -
CAT-QuickHeal 9.50 2008.03.10 -
ClamAV 0.92.1 2008.03.12 -
DrWeb 4.44.0.09170 2008.03.12 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5608 2008.03.12 -
Ewido 4.0 2008.03.12 -
FileAdvisor 1 2008.03.12 -
Fortinet 3.14.0.0 2008.03.12 -
F-Prot 4.4.2.54 2008.03.11 -
F-Secure 6.70.13260.0 2008.03.12 -
Ikarus T3.1.1.20 2008.03.12 -
Kaspersky 7.0.0.125 2008.03.12 -
McAfee 5249 2008.03.11 -
Microsoft 1.3301 2008.03.12 -
NOD32v2 2941 2008.03.12 -
Panda 9.0.0.4 2008.03.12 -
Prevx1 V2 2008.03.12 -
Rising 20.35.22.00 2008.03.12 -
Sophos 4.27.0 2008.03.12 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.12 -
TheHacker 6.2.92.243 2008.03.12 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.12 -
Webwasher-Gateway 6.6.2 2008.03.12 -
Information additionnelle
File size: 54156 bytes
MD5: dba91cd5a3a68302967c03213e52bde8
SHA1: 8188a5832590c810b08ee3a2f1567afcdd094108
PEiD: -


C:\Windows\QTFont.for


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.12.0 2008.03.12 -
AntiVir 7.6.0.73 2008.03.12 -
Authentium 4.93.8 2008.03.11 -
Avast 4.7.1098.0 2008.03.12 -
AVG 7.5.0.516 2008.03.12 -
BitDefender 7.2 2008.03.12 -
CAT-QuickHeal 9.50 2008.03.12 -
ClamAV 0.92.1 2008.03.12 -
DrWeb 4.44.0.09170 2008.03.12 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5608 2008.03.12 -
Ewido 4.0 2008.03.12 -
FileAdvisor 1 2008.03.12 -
Fortinet 3.14.0.0 2008.03.12 -
F-Prot 4.4.2.54 2008.03.12 -
F-Secure 6.70.13260.0 2008.03.12 -
Ikarus T3.1.1.20 2008.03.12 -
Kaspersky 7.0.0.125 2008.03.12 -
McAfee 5250 2008.03.12 -
Microsoft 1.3301 2008.03.12 -
NOD32v2 2942 2008.03.12 -
Norman 5.80.02 2008.03.12 -
Panda 9.0.0.4 2008.03.12 -
Prevx1 V2 2008.03.12 -
Rising 20.35.22.00 2008.03.12 -
Sophos 4.27.0 2008.03.12 -
Sunbelt 3.0.930.0 2008.03.05 -
TheHacker 6.2.92.244 2008.03.12 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.12 -
Webwasher-Gateway 6.6.2 2008.03.12 -
Information additionnelle
File size: 1409 bytes
MD5: f80b2b68002adb19673b086da1eedd4f
SHA1: b6046dc793ac196ae360b7243611d4c3bf58efe4
PEiD: -
0
Réponse 24 / 42
Utilisateur anonyme
 
Re , ok

Niveau Update d'Antivir ça en est ou ?

0
missnata
 
La quand je clique sur update (accueil ou menu) il ne se passe rien ou bien 1 seconde de sablier puis rien.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 42
Utilisateur anonyme
 
Re , fait un scan avec Antivir et poste moi le rapport.

( scan system now ) puis a la fin du scan ' report '

Je vais me coucher ^^
Fait le demain si tu es fatiguée ;)

+++
0
missnata
 
C'est rigolo, j'avais pas vu ce message et j'avais justement lancé un scan antivir !
Il a trouvé quelques bebetes.



AntiVir PersonalEdition Classic
Report file date: jeudi 13 mars 2008 00:03

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PORTABLE-FS

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 13 mars 2008 00:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'PM.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TestHandler.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '13' files ).


Starting the file scan:

Begin scan in 'C:\' <System>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\FS\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\077B0FD3-00000182.eml
[0] Archive type: MIME
--> file0.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> file1.html
[DETECTION] Contains detection pattern of the worm WORM/Netsky.P.Expl
[INFO] The file was moved to '480fbefe.qua'!
C:\Users\FS\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\3A17053A-00000139.eml
[0] Archive type: MIME
--> file0.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> file1.html
[DETECTION] Contains detection pattern of the worm WORM/Netsky.P.Expl
[INFO] The file was moved to '4809bf1d.qua'!
C:\Users\FS\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\51F33D04-000001CA.eml
[0] Archive type: MIME
--> file0.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> file1.html
[DETECTION] Contains detection pattern of the worm WORM/Netsky.P.Expl
[INFO] The file was moved to '481ebf11.qua'!
C:\Users\FS\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\5BF916FB-00000162.eml
[0] Archive type: MIME
--> file0.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> file1.html
[DETECTION] Contains detection pattern of the worm WORM/Netsky.P.Expl
[INFO] The file was moved to '481ebf24.qua'!
C:\Users\FS\Downloads\eMule\Incoming\New Novelist v1.0 - Dramatica Pro v4.0 - Final Draft v6.0 - Hollywood Screenplay with Storycraft.zip
[0] Archive type: ZIP
--> Hollywood Screenplay with StoryCraft v2.15/shkHS215.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '484fc9a8.qua'!
C:\Users\FS\Downloads\eMule\Incoming\New Novelist v1.0 - Dramatica Pro v4.0 - Final Draft v6.0 - Hollywood Screenplay with Storycraft\Hollywood Screenplay with StoryCraft v2.15\shkHS215.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4843cd60.qua'!
C:\Users\FS\usb2\Micro Application 101 Tours De Magie - Cd N°2.ace
[0] Archive type: ACE
--> 101 tours de magie.image clonecd\IMAGE.img
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
Begin scan in 'D:\' <DATA>


End of the scan: jeudi 13 mars 2008 08:05
Used time: 8:01:30 min

The scan has been done completely.

16660 Scanning directories
616441 Files were scanned
4 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
616437 Files not concerned
13586 Archives were scanned
6 Warnings
0 Notes
0
Réponse 26 / 42
Utilisateur anonyme
 
Re , okk

Reposte un rapport HJT

+
0
missnata
 
Petite info au passage : Antivir ne se met toujours pas a jour.

voila le rapport hjt :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:51, on 13/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\Explorer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [ErrorKiller] "C:\Program Files\ErrorKiller\ErrorKiller.exe" -boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 27 / 42
Utilisateur anonyme
 
Re ,

Une derniere verfication ... ( étant donné qu'Antivir à trouvé/supprimé un ver )

Télécharge SDFix et sauvegarde le sur ton Bureau.

Redémarre en MSE

→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
→ Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
→ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
→ Poste moi le rapport.

A+
0
missnata
 
J'ai un petit souci : je n'ai pas Y ou de yes dans le menu.

J'ai 1/2/3 vraisemblablement pour des nettoyages
et a/b/c/d pour ce qui doit etre des rapports.

Je fais quoi docteur ?
0
Réponse 28 / 42
Utilisateur anonyme
 
Il faut être en mode sans echec.( c'est dit dans la procédure )

A+
0
Réponse 29 / 42
missnata
 
C'est pourtant ce que j'ai fait : en mode sans echec, j'ai ce menu. Est ce que tu veux que je te donnes le menu en detail ?

Autre incident : j'ai mis le pc en veille, quand je l'ai rallumé j'ai eu l'ecran bleu 'windows recovering from crash ...".
0
Réponse 30 / 42
Utilisateur anonyme
 
Re , pfff décidemment c'est la fête des problèmes en se moment , ça n'arrête pas ><

....
Sinon tu as encore des soucis ?
J'imagine que le Wifi n'est pas revenu ...

A+
0
missnata
 
non pas d'autre nouveauté lol !

le wifi qui ne marche pas et antivir qui ne s update pas.
0
missnata > missnata
 
je viens de telecharger un update antivir sur leur site et j'ai pu l'installer. je lance un nouveau scan pour voir...
0
Réponse 31 / 42
Utilisateur anonyme
 
Re !
Ok tu posteras le rapport.
A+
0
Réponse 32 / 42
missnata
 
Le rapport antivir donne ca :

AntiVir PersonalEdition Classic
Report file date: vendredi 14 mars 2008 13:44

Scanning for 1147397 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PORTABLE-FS

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:36
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:07:50
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 13:07:50
ANTIVIR3.VDF : 7.0.3.29 154112 Bytes 14/03/2008 10:48:20
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 29/02/2008 14:36:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 14/03/2008 10:48:26
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 13:29:28
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 14 mars 2008 13:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'NclMSBTSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'PM.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TestHandler.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
68 processes with 68 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '13' files ).

Starting the file scan:

Begin scan in 'C:\' <System>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\FS\usb2\Micro Application 101 Tours De Magie - Cd N°2.ace
[0] Archive type: ACE
--> 101 tours de magie.image clonecd\IMAGE.img
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
Begin scan in 'D:\' <DATA>

End of the scan: vendredi 14 mars 2008 15:37
Used time: 1:52:35 min

The scan has been done completely.

16661 Scanning directories
617556 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
617556 Files not concerned
13610 Archives were scanned
6 Warnings
0 Notes
0
missnata
 
au fait, les 2 fichiers qui ne peuvent pas etre scannés n'apparaisent pas dans c quand j'explore le lecteur alors que j'ai activé l'affichage des fichiers cachés, c'est normal ?
0
Réponse 33 / 42
Utilisateur anonyme
 
Re , pas grave :)

Encore des soucis ?
0
Réponse 34 / 42
missnata
 
bonsoir,

restent juste les 2 memes pb : pas d'update pour antivir et pas de wifi.
Pour la wifi je vais peut etre poster dans un autre forum, qu en penses tu ? ca ne releve plus trop de la securite ou des virus si j'ai bien compris.

Merci beaucoup pour tout ce temps passé sur mon cas, c'est vraiment super sympa.
0
Réponse 35 / 42
Utilisateur anonyme
 
Re , pourtant tu as dit pour l'update d'antivir : 

je viens de telecharger un update antivir sur leur site et j'ai pu l'installer. je lance un nouveau scan pour voir...


Donc tu peut faire les MAJ via le site officiel ?

Par contre pour le WIFI , honnêtement je ne sais pas c'est pas vraiment mon domaine en fait =/
Il vaut mieux en effet que tu créer un nouveau message dans un autre forum.

***************************************************************************

On va terminer :

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

# Double clique sur ToolsCleaner2.exe >
# Clique sur .Recherche
# puis sur Suppression quand la liste est trouvée.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
# Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

******************************************************

Maintenant que ton pc n'est plus infecté creer un nouveau point de restauration

https://www.astucesinternet.com/modules/smartfaq/faq.php?faqid=113

**************************************************

Pour sécuriser ...

Télécharge Spybot (-> Scan passif + Résident )
+
Télécharge SpywareGuard ( ce logiciel complete très bien Spybot)
+
Eventuellement Spyware blaster

-------------Infos-------------

Ce lien explique ce que sont les pirates , leurs méthodes , comment les contrer , et la prévention ( merci espion3004 )

*****************

Pourquoi sécuriser mon pc ?

Trojan ? =/

**************

Voila j'attends le rapport Toolcleaner.

A++

0
Réponse 36 / 42
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

je m'immisce sur le wifi.

Peux tu aller sur cette clé : HKEY Local Machine > system > CurrentControlSet > Services > Ndisuio

(clic droit démarrer, exécuter, taper regedit puis OK. Ensuite, naviguer avec les + net les - jusqu'à la clé)

Dans la fenêtre de droite, tu as une ligne avec start et une valeur (1, 2, 3 ou 4).

Donne la valeur.
0
missnata
 
Bonjour,
Merci a vous deux.

Pour le wifi, la valeur est 4.

Pour toolsclean, encore des galeres : impossible de creer le fichier .....acces refusé.

Je colle quand meme ce qu'il y avait dans la fenetre :

-->- Recherche:

C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\QooBox\Quarantine\C\Qoobox: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\FS\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\FS\Desktop\Dss.exe: trouvé !
C:\Users\FS\Desktop\SdFix.exe: trouvé !
C:\Users\FS\Desktop\HijackThis.lnk: trouvé !
C:\Users\FS\Desktop\Clean.zip: trouvé !
C:\Users\FS\Desktop\HJTInstall.exe: trouvé !
C:\Users\FS\Desktop\clean\tar.exe: trouvé !
C:\Users\FS\Desktop\clean\remove.reg: trouvé !
C:\Users\FS\Desktop\clean\pskill.exe: trouvé !
C:\Users\FS\Desktop\clean\LFiles.exe: trouvé !
C:\Users\FS\Desktop\clean\gzip.exe: trouvé !
C:\Users\FS\Desktop\clean\delsiri.cmd: trouvé !
C:\Users\FS\Desktop\clean\delr.cmd: trouvé !
C:\Users\FS\Desktop\clean\del3.cmd: trouvé !
C:\Users\FS\Desktop\clean\del2.cmd: trouvé !
C:\Users\FS\Desktop\clean\clean.cmd: trouvé !
C:\Users\FS\Desktop\clean\cherche.cmd: trouvé !
C:\Users\FS\Desktop\clean\clean\tar.exe: trouvé !
C:\Users\FS\Desktop\clean\clean\remove.reg: trouvé !
C:\Users\FS\Desktop\clean\clean\pskill.exe: trouvé !
C:\Users\FS\Desktop\clean\clean\LFiles.exe: trouvé !
C:\Users\FS\Desktop\clean\clean\gzip.exe: trouvé !
C:\Users\FS\Desktop\clean\clean\delsiri.cmd: trouvé !
C:\Users\FS\Desktop\clean\clean\delr.cmd: trouvé !
C:\Users\FS\Desktop\clean\clean\del3.cmd: trouvé !
C:\Users\FS\Desktop\clean\clean\del2.cmd: trouvé !
C:\Users\FS\Desktop\clean\clean\clean.cmd: trouvé !
C:\Users\FS\Desktop\clean\clean\cherche.cmd: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
C:\Users\FS\Desktop\Dss.exe: supprimé !
C:\Users\FS\Desktop\SdFix.exe: supprimé !
C:\Users\FS\Desktop\HijackThis.lnk: supprimé !
C:\Users\FS\Desktop\Clean.zip: supprimé !
C:\Users\FS\Desktop\HJTInstall.exe: supprimé !
C:\Users\FS\Desktop\clean\tar.exe: supprimé !
C:\Users\FS\Desktop\clean\remove.reg: supprimé !
C:\Users\FS\Desktop\clean\pskill.exe: supprimé !
C:\Users\FS\Desktop\clean\LFiles.exe: supprimé !
C:\Users\FS\Desktop\clean\gzip.exe: supprimé !
C:\Users\FS\Desktop\clean\delsiri.cmd: supprimé !
C:\Users\FS\Desktop\clean\delr.cmd: supprimé !
C:\Users\FS\Desktop\clean\del3.cmd: supprimé !
C:\Users\FS\Desktop\clean\del2.cmd: supprimé !
C:\Users\FS\Desktop\clean\clean.cmd: supprimé !
C:\Users\FS\Desktop\clean\cherche.cmd: supprimé !
C:\Users\FS\Desktop\clean\clean\tar.exe: supprimé !
C:\Users\FS\Desktop\clean\clean\remove.reg: supprimé !
C:\Users\FS\Desktop\clean\clean\pskill.exe: supprimé !
C:\Users\FS\Desktop\clean\clean\LFiles.exe: supprimé !
C:\Users\FS\Desktop\clean\clean\gzip.exe: supprimé !
C:\Users\FS\Desktop\clean\clean\delsiri.cmd: supprimé !
C:\Users\FS\Desktop\clean\clean\delr.cmd: supprimé !
C:\Users\FS\Desktop\clean\clean\del3.cmd: supprimé !
C:\Users\FS\Desktop\clean\clean\del2.cmd: supprimé !
C:\Users\FS\Desktop\clean\clean\clean.cmd: supprimé !
C:\Users\FS\Desktop\clean\clean\cherche.cmd: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
C:\QooBox\Quarantine\C\Qoobox: supprimé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\FS\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 37 / 42
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

change la valeur de 4 en 3.

rechercher toutes les clés du type

HKEY Local Machine > system > ControlSet001 > Services > Ndisuio

(tous les controlset que tu trouves).

la aussi,si la valeur de Start n'est pas à 3 , tu la mets à 3.

tu redémarres l'ordi.

Tu dis le résultat.
0
missnata
 
la je suis un peu perdue, comme j'ai peur de faire des betises je prefere te demander qq precisions.

dis moi si jai compris : je dois changer la valeur de tous les fichiers start de ndisuio dans currentcontrolset, controlset001, controlset006 (ce sont les 3 controlset que je trouve dans le dossier system) ?

merci de ton aide.
0
Réponse 38 / 42
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

OK, on va faire comme ça :

Ouvre le Bloc Notes.
Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :

*****************************
REGEDIT4

[HKEY_Local_Machine\system\ControlSet001\Services\Ndisuio]
Start=dword:3

[HKEY_Local_Machine\system\ControlSet006\Services\Ndisuio]
Start=dword:3

[HKEY_Local_Machine\system\CurrentControlSet\Services\Ndisuio]
Start=dword:3

*****************************
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes

Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.

Redémarre l'ordi et réessaye la connexion.
0
missnata
 
merci.
tout s'est deroulé normalement sauf que la connec sans fil ne fonctionne toujours pas.
0
Réponse 39 / 42
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

si tu vas voir les clés après redémarrage, la valeur est toujours à 3 ?
0
missnata
 
bien vu !
tout est a 4 !
0
Réponse 40 / 42
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

alors petite modif.

tu refais passer le fix.reg.

Tu retournes voir les clés avant de redémarrer.

la valeur est à 3 ou à 4 ?

si c'est 4, tu ne redémarres pas.
0
missnata
 
En effet tout est resté a 4.
0

Discussions similaires

DCOM exploit
mpisisi -
ADtechnicalsupport -

1 réponse
dcom exploit
vyto -
mrdark25 -

26 réponses
dcom exploit
cathe41 -
Utilisateur anonyme -

1 réponse
DCOM exploit, pas de solution
bluemoon57 -
Tom_Morrow -

2 réponses
PS3 - Les Firmware
Pinea-Apple -
le vieux21 -

2 réponses