G!rly

Résolu

cynthia92 Messages postés 298 Statut Membre -
g!rly - 23 mars 2008 à 19:33

voila je t'attends

Afficher la suite

A voir également:

G!rly
G-talk - Télécharger - Messagerie
G mail connexion - Guide
Logitech g hub ne se lance pas - Forum Logiciels
Logitech g hub installation impossible - Forum Jeux vidéo

58 réponses

Précédent

1
2
3

Suivant

Réponse 21 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

analyse sur virus total ces fichiers et dis moi si inféctés: https://www.virustotal.com/gui/

C:\WINDOWS\system32\htjxyioy.ini
C:\WINDOWS\system32\gqjbctso.ini
C:\WINDOWS\system32\mfjhaxxx.ini
C:\WINDOWS\system32\d3d9caps.dat

________________

puis refais un nouveau combofix car la tu m'as collé un d'hier et il est incomplet

Réponse 22 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

up

Réponse 23 / 58

cynthia92 Messages postés 298 Statut Membre 1

donc je recommence le processus de combofix? si oui avant ou après avoir analyser sur virustotal.fr??

Réponse 24 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

fais d'abords virus total

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 58

cynthia92 Messages postés 298 Statut Membre 1

ok j'ai compris.

Réponse 26 / 58

cynthia92 Messages postés 298 Statut Membre 1

Résultat: C:\WINDOWS\system32\htjxyioy.ini 0/32(0%)

C:\WINDOWS\system32\gqjbctso.ini 0/32(0%)

C:\WINDOWS\system32\mfjhaxxx.ini 0/32(0%)

C:\WINDOWS\system32\d3d9caps.dat 0/32(0%)

Réponse 27 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok recolle un combofix et dis si encore des soucis

Réponse 28 / 58

cynthia92 Messages postés 298 Statut Membre 1

Voila, je vais commencer combo donc je me déconnecte et je pense que je serai de retour dans 15min. environ!

Réponse 29 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok

Réponse 30 / 58

cynthia92 Messages postés 298 Statut Membre 1

Pour l'instant depuis le combofix d'hier rien a signaler, mon pc a l'air normal.
Je recommence un combofix ou non?

Réponse 31 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

oui pour être sûr

Réponse 32 / 58

cynthia92 Messages postés 298 Statut Membre 1

ComboFix 08-03-18.1 - Dimitri 2008-03-21 10:24:17.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.189 [GMT 1:00]
Endroit: C:\Documents and Settings\Dimitri\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))))))))
.

2008-03-20 13:34 . 2008-03-20 13:59 <REP> d-------- C:\VundoFix Backups
2008-03-19 17:14 . 2008-03-19 17:14 <REP> d-------- C:\Program Files\Red Kawa
2008-03-19 17:14 . 2008-03-19 17:14 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-03-19 15:35 . 2008-03-20 13:18 <REP> d-------- C:\Program Files\Navilog1
2008-03-19 11:57 . 2008-03-20 12:31 <REP> d-------- C:\Program Files\Panda Security
2008-03-18 16:42 . 2008-03-21 09:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 16:42 . 2008-03-18 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 15:44 . 2008-03-18 15:44 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-18 15:06 . 2008-03-18 15:10 <REP> d-------- C:\MSNFix
2008-03-18 14:15 . 2008-03-19 10:53 654 ---hs---- C:\WINDOWS\system32\htjxyioy.ini
2008-03-17 21:37 . 2008-03-17 21:37 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-03-17 21:37 . 2008-03-17 21:37 3,120 --a------ C:\WINDOWS\118294.78
2008-03-17 21:36 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-03-17 21:36 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-03-17 21:36 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-03-17 21:34 . 2008-03-17 21:34 17,657,512 --a------ C:\Program Files\Defenza.exe
2008-03-17 21:25 . 2006-11-22 11:35 42,496 --a------ C:\WINDOWS\system32\AdvUninstCPL.cpl
2008-03-17 15:22 . 2008-03-17 15:22 <REP> d-------- C:\Documents and Settings\Dimitri\Application Data\Grisoft
2008-03-17 15:16 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-17 14:18 . 2008-03-17 14:25 894 ---hs---- C:\WINDOWS\system32\gqjbctso.ini
2008-03-17 13:22 . 2008-03-17 13:22 <REP> d-------- C:\Program Files\Lavasoft
2008-03-17 12:31 . 2008-03-17 12:25 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-17 12:31 . 2008-03-17 12:31 2,550 --a------ C:\WINDOWS\unins000.dat
2008-03-16 16:06 . 2008-03-16 16:06 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-15 23:26 . 2008-03-17 13:59 834 ---hs---- C:\WINDOWS\system32\mfjhaxxx.ini
2008-03-15 23:24 . 2008-03-15 23:24 63 --a------ C:\WINDOWS\system32\[u]0[/u]422f8ba
2008-03-15 23:18 . 2007-11-19 14:25 3,829,382 --a------ C:\WINDOWS\winavi_ipod_video_converter.exe
2008-03-15 22:13 . 2008-03-15 22:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-03-15 21:00 . 2008-03-15 21:00 <REP> d-------- C:\Program Files\iTunes
2008-03-15 21:00 . 2008-03-15 21:00 <REP> d-------- C:\Program Files\iPod
2008-03-15 20:56 . 2008-03-15 20:59 <REP> d-------- C:\Program Files\QuickTime
2008-03-15 20:56 . 2008-03-15 21:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-15 19:39 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-15 19:26 . 2008-03-15 19:26 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-15 19:26 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-15 19:09 . 2008-03-15 19:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-15 19:08 . 2008-03-15 19:08 <REP> d-------- C:\Program Files\Security Task Manager
2008-03-15 19:08 . 2008-03-15 22:12 <REP> d-------- C:\Program Files\Innovative Solutions
2008-03-15 13:39 . 2008-03-15 13:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-11 20:57 . 2008-03-11 20:57 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-03-02 20:20 . 2008-03-20 12:33 <REP> d-------- C:\Program Files\Tweak-XP Pro 4
2008-03-02 20:19 . 2008-03-02 20:20 6,376,978 --a------ C:\Program Files\tweak-xp-pro_tweak_xp_pro_4.0.8_multi-langues_10772.exe
2008-03-01 18:51 . 2008-03-01 18:51 2,733,520 --a------ C:\Program Files\ccsetup205.exe
2008-03-01 18:50 . 2008-03-01 18:50 1,523,040 --a------ C:\Program Files\install_flash_player_active_x.exe
2008-03-01 18:34 . 2008-03-01 18:36 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2008-02-24 20:20 . 2008-02-24 20:21 21,364,592 --a------ C:\Program Files\Lavasoft_Adaware2007_fr.exe
2008-02-24 19:56 . 2008-03-17 12:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-24 19:36 . 2008-02-24 19:45 7,467,056 --a------ C:\Program Files\spybotsd15.exe
2008-02-23 21:06 . 2008-02-23 22:48 42,609,040 --a------ C:\Program Files\zaZA_Setup_fr.exe
2008-02-23 20:53 . 2008-02-23 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-23 20:53 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-02-23 20:53 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-23 20:50 . 2008-02-23 20:50 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-02-23 20:43 . 2008-02-23 20:46 <REP> d-------- C:\Program Files\VirtualDJ
2008-02-23 13:24 . 2008-02-23 13:24 <REP> d-------- C:\Program Files\VideoLAN
2008-02-23 13:24 . 2008-03-18 13:41 <REP> d-------- C:\Program Files\Trend Micro
2008-02-23 13:24 . 2008-02-23 13:24 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-23 13:24 . 2008-02-23 13:24 <REP> d-------- C:\Documents and Settings\Dimitri\Application Data\TransRender
2008-02-23 13:06 . 2008-02-23 13:06 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-02-22 20:15 . 2008-02-23 13:24 <REP> d-------- C:\Program Files\Xfire
2008-02-21 18:21 . 2008-02-23 13:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure(2)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 09:23 --------- d-----w C:\Program Files\Wanadoo
2008-03-21 08:37 --------- d-----w C:\Program Files\Java
2008-03-20 11:36 --------- d-----w C:\Program Files\a-squared Free
2008-03-20 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 12:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-17 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 20:15 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-15 20:00 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Apple Computer
2008-03-15 19:44 59,163,944 -c--a-w C:\Program Files\iTunesSetup.exe
2008-03-15 18:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-15 18:08 --------- d-----w C:\Program Files\DivX
2008-03-15 18:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-12 17:44 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Temporary
2008-03-05 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-28 20:12 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-02-28 20:11 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin
2008-02-24 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 19:12 --------- d-----w C:\Program Files\Google
2008-02-23 19:53 --------- d-----w C:\Program Files\AntivirusFirewall
2008-02-23 18:05 --------- d-----w C:\Program Files\Blaero Start Orb
2008-02-23 12:25 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-23 12:25 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-23 12:25 --------- d-----w C:\Program Files\Update
2008-02-23 12:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-23 12:24 --------- d-----w C:\Program Files\MAIET
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\Screenshot Sender
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\OfficeUpdate12
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\F-Secure
2008-02-23 12:24 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\DivX
2008-02-22 17:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 17:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-20 17:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-20 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-20 16:26 336,752 ----a-w C:\Program Files\BootVis-Tool.exe
2008-02-17 15:35 --------- d-----w C:\Documents and Settings\Dimitri\Application Data\TuneUp Software
2008-02-17 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-14 18:58 1,719 ----a-w C:\Program Files\sg_backup_2008-02-14-1958.spg
2008-02-14 18:52 610,304 ----a-w C:\Program Files\TCPOptimizer.exe
2008-02-12 12:23 22,654,883 ----a-w C:\Program Files\VistaMizer_2.2.1.0.exe
2008-02-12 12:10 6,956,145 ----a-w C:\Program Files\vista-icons.rar
2008-02-12 11:31 14,771,744 ----a-w C:\Program Files\IE7-WindowsXP-x86-fra.exe
2008-02-11 16:43 3,178,874 ----a-w C:\Program Files\VISTA-Ultimate-0.2.0(www.MsnTrucAstuce.fr).zip
2008-01-22 19:35 --------- d-----w C:\Program Files\Bonjour
2008-01-14 12:05 2,402,832 -c--a-w C:\Program Files\WLinstaller.exe
2008-01-14 12:03 262,544 -c--a-w C:\Program Files\emoticones.exe
2008-01-09 11:18 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-08 19:23 2,323,086 -c--a-w C:\Program Files\iPod2PC_Setup.exe
2007-12-09 11:45 6,532,272 -c--a-w C:\Program Files\Firefox Setup 3.0 Beta 1.exe
2007-12-06 16:45 12,413,440 -c--a-w C:\Program Files\avgas-setup-7.5.1.43.exe
2007-12-02 19:28 920,378 -c--a-w C:\Program Files\General-CleanTool.zip
2007-12-02 13:18 6,626,032 -c--a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2007-12-02 11:46 5,843,256 -c--a-w C:\Program Files\Firefox Setup 2.0.0.11.exe
2007-12-02 10:21 6,575,800 -c--a-w C:\Program Files\Sunbelt-Personal-Firewall.exe
2007-12-01 18:48 17,521,856 -c--a-w C:\Program Files\setupfre.exe
2007-12-01 18:28 16,309,944 -c--a-w C:\Program Files\setupeng.exe
2007-12-01 18:21 2,724,328 ----a-w C:\Program Files\ccsetup203.exe
2007-12-01 18:12 210,416 -c--a-w C:\Program Files\zaSetup_fr.exe
2007-12-01 18:10 1,144,839 -c--a-w C:\Program Files\stng260.exe
2007-11-29 18:37 1,579,360 -c--a-w C:\Program Files\taskmanager17.exe
2007-11-06 18:56 19,135,776 -c--a-w C:\Program Files\a2FreeSetup.exe
2007-11-03 21:11 17,769,608 -c--a-w C:\Program Files\setupfrepro.exe
2007-10-27 14:29 11,753,013 -c--a-w C:\Program Files\OODefrag_FRA.exe
2007-10-24 08:36 3,199,998 ----a-w C:\Program Files\trialsetup.exe
2007-09-28 09:07 22,103,392 -c--a-w C:\Program Files\bitdefender_free_v10.exe
2007-09-20 14:08 2,977,522 -c--a-w C:\Program Files\FA-124_FR.exe
2007-09-14 13:00 3,378,248 -c--a-w C:\Program Files\LimeWireWin.exe
2007-09-13 17:57 13,410,816 -c--a-w C:\Program Files\Google_Earth_BZXD.exe
2007-09-13 15:53 690,272 -c--a-w C:\Program Files\Dacty5SU.exe
2007-09-07 17:41 2,693,578 -c--a-w C:\Program Files\BitComet_0.67_setup.exe
2007-08-30 14:02 4,670,227 -c--a-w C:\Program Files\PC Booster_fr.exe
2007-08-03 09:49 9,483,616 -c--a-w C:\Program Files\winzip111.exe
2007-05-29 14:22 1,510,059 -c--a-w C:\Program Files\diskdefrag_install.exe
2007-05-23 19:46 830,223 -c--a-w C:\Program Files\msnreaper-1.3.exe
2007-05-22 13:51 1,104,734 -c--a-w C:\Program Files\dvdshrink_3.2.0.16_fr.zip
2007-05-22 13:47 6,705,152 -c--a-w C:\Program Files\winzip111fr.msi
2007-03-09 10:47 5,205,504 -c--a-w C:\Program Files\WindowsDefender.msi
2007-02-26 23:14 408 -c--a-w C:\Documents and Settings\Dimitri\Application Data\wklnhst.dat
2007-02-20 15:43 17,929,072 -c--a-w C:\Program Files\Install_Messenger.exe
2007-02-15 10:36 57,273,968 -c--a-w C:\Program Files\20070112093709031_Samsung_PC_Studio.exe
2007-01-20 19:28 4,688,168 ----a-w C:\Program Files\WindowsDesktopSearch-KB917013-XP-x86-fra.exe
2007-01-12 11:40 346,666,032 -c--a-w C:\Program Files\X12-30105.exe
2007-01-11 14:07 58,032,562 -c--a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2007-01-04 21:32 22,845,992 -c--a-w C:\Program Files\AdbeRdr80_fr_FR.exe
2007-01-04 21:25 867,424 -c--a-w C:\Program Files\GoogleToolbarInstaller_ADBx_fr_401019_signed.exe
2007-01-04 21:00 62,482,427 -c--a-w C:\Program Files\install_avfw412_or.exe
2007-01-04 20:45 7,020,185 -c--a-w C:\Program Files\Gestionnaire_internetLB.exe
2007-01-03 12:25 16,179,264 -c--a-w C:\Program Files\DivXPlay.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-20_14.44.53.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-15 20:01:00 102,400 ----a-r C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe
+ 2008-03-20 14:40:42 102,400 ----a-r C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe
- 2007-09-24 21:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 21:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 22:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-10-31 12:13 1239952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 11:05 729178]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45 356352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a--c--- 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a--c--- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16087:TCP"= 16087:TCP:BitComet 16087 TCP
"16087:UDP"= 16087:UDP:BitComet 16087 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-03-20 13:21]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 13:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 11:24]
S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-02-23 20:51]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-15 19:26]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-17 15:35:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-15 14:41:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 08:10:41 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 10:26:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-21 10:27:32
ComboFix-quarantined-files.txt 2008-03-21 09:27:15
ComboFix2.txt 2008-03-20 13:45:17
.
2008-03-16 15:07:32 --- E O F ---

Réponse 33 / 58

cynthia92 Messages postés 298 Statut Membre 1

Que fare maintenant stp???

Réponse 34 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

colle le rapport d'un scan en ligne
avec un des suivants: (désactiver ton antivirus si besoin)

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Réponse 35 / 58

cynthia92 Messages postés 298 Statut Membre 1

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Fri, Mar 21, 2008 - 14:07:23</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">C:\;D:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">00:20:27</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">62711</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6383</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1216</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5110</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1021171</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">41</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146707.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.GH</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146707.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146708.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146708.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146709.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDV</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146709.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146710.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EEB</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146710.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146711.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDT</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146711.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146713.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.GH</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146713.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146714.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Vundo.EDM</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{162AAE2D-6693-42B0-AD7D-7BAA5EC54FF8}\RP448\A0146714.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>

Réponse 36 / 58

cynthia92 Messages postés 298 Statut Membre 1

Voilà !!!

Réponse 37 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

il me faut le rapport qui donne le nom des virus et les fichiers inféctés

(il y avait des infections?

Réponse 38 / 58

cynthia92 Messages postés 298 Statut Membre 1

c'est ce que j'ai exporté comme rapport...
En fait il a supprimé un trojan!

Réponse 39 / 58

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

non malheureusement, regarde dans ce post ce que cela donne:

http://www.commentcamarche.net/forum/affich 5440379 infecte par trojan vundo gen 2?page=2#22

Réponse 40 / 58

cynthia92 Messages postés 298 Statut Membre 1

Que faire???

Discussions similaires

A quoi sert ce boitier ?

Logitech G hub loop infini

Problème avec logitech g hub

Logitech g29 chargements des ressources...

Le son ne sort que d'un côté de mon casque, pourquoi ?

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple