Virus
Résolu
rislou71
Messages postés
1500
Statut
Membre
-
rislou71 Messages postés 1500 Statut Membre -
rislou71 Messages postés 1500 Statut Membre -
Bonjour,
L'ordi est a ma tante, je suis arrivé et ma informer qu'il vais des virus qu'avast ne pouvait supprimé. J'ai donc fait un scan online sur bitdefender.com puis ensuite j'ai fait un scan avec antivir, puis avec avg anti-spyware, puis avec anti- malware. Ensuite j'ai fait un rapport hijackthis puis analysé ce rapport a l'aide de hijackthis.de, mais je ne supprime rien bien sur ! Mais l'analyse ne montrais rien d'étrange !
CONSEQUENCE :
* 11 virus on été trouvé par antivir, il les a supprimé
* qql spyware on également été trouvé, AVG les a supprimé
* qql malware ont été trouvé (27 infections) puis les a supprimé
* le scan online de bitdefender a trouvé 7 virus et 64 infections et s'est occupe de 6 virus et 62 infections
* la restauration est imcomplète --> ne fonctione donc pas (du au virus surement)
* plein de message d'erreur a chaque application lancé après que antivir est supprimé ces virus ! ^^
"L'application ou la DLL c:\WINDOWS\system32\kernel32.sys n'est pas une image valide.
Vérifiez à l'aide de votre disquette d'installation"
* les mises a jour d'antivir sont impossible
PS : je dois résoudre ce problème avant demain car je serai partie et ma tante s'y connais pas de trop...
Pouvez-vous m'aider ? Je vous en serai très reconnaissante, merci !!!!
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:54, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{714B7F06-2639-4859-863A-A8701FF67B23}: NameServer = 41.221.20.4 213.140.2.12
O20 - AppInit_DLLs: kernel32.sys
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
L'ordi est a ma tante, je suis arrivé et ma informer qu'il vais des virus qu'avast ne pouvait supprimé. J'ai donc fait un scan online sur bitdefender.com puis ensuite j'ai fait un scan avec antivir, puis avec avg anti-spyware, puis avec anti- malware. Ensuite j'ai fait un rapport hijackthis puis analysé ce rapport a l'aide de hijackthis.de, mais je ne supprime rien bien sur ! Mais l'analyse ne montrais rien d'étrange !
CONSEQUENCE :
* 11 virus on été trouvé par antivir, il les a supprimé
* qql spyware on également été trouvé, AVG les a supprimé
* qql malware ont été trouvé (27 infections) puis les a supprimé
* le scan online de bitdefender a trouvé 7 virus et 64 infections et s'est occupe de 6 virus et 62 infections
* la restauration est imcomplète --> ne fonctione donc pas (du au virus surement)
* plein de message d'erreur a chaque application lancé après que antivir est supprimé ces virus ! ^^
"L'application ou la DLL c:\WINDOWS\system32\kernel32.sys n'est pas une image valide.
Vérifiez à l'aide de votre disquette d'installation"
* les mises a jour d'antivir sont impossible
PS : je dois résoudre ce problème avant demain car je serai partie et ma tante s'y connais pas de trop...
Pouvez-vous m'aider ? Je vous en serai très reconnaissante, merci !!!!
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:54, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{714B7F06-2639-4859-863A-A8701FF67B23}: NameServer = 41.221.20.4 213.140.2.12
O20 - AppInit_DLLs: kernel32.sys
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
4 réponses
slt,
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
______________________
colle un rapport antivir
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
______________________
colle un rapport antivir
Merci !
* Rapport Combofix :
ComboFix 08-04-13.3 - SOFTPLUS 2008-04-14 21:26:03.1 - NTFSx86
Endroit: C:\Documents and Settings\SOFTPLUS\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\system32\kernel32.sys
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.
2008-04-14 18:21 . 2008-04-14 18:21 0 --a------ C:\LOG17.tmp
2008-04-14 15:00 . 2008-04-14 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 14:59 . 2008-04-14 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-14 13:30 . 2008-04-14 14:58 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-14 11:02 . 2008-04-14 14:58 <REP> d-------- C:\Program Files\PhotoFiltre
2008-04-14 10:48 . 2008-04-14 10:48 0 --a------ C:\LOG3.tmp
2008-04-13 21:30 . 2008-04-14 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-04-12 19:14 . 2008-04-12 19:14 0 --a------ C:\LOGC3.tmp
2008-04-11 22:49 . 2008-04-11 22:49 0 --a------ C:\LOG266.tmp
2008-04-11 19:56 . 2008-04-11 19:56 0 --a------ C:\LOG25F.tmp
2008-04-11 15:42 . 2008-04-11 15:42 0 --a------ C:\LOG208.tmp
2008-04-11 15:37 . 2008-04-11 15:37 0 --a------ C:\LOG206.tmp
2008-04-11 14:29 . 2008-04-11 14:29 268 --ah----- C:\sqmdata00.sqm
2008-04-11 14:29 . 2008-04-11 14:29 244 --ah----- C:\sqmnoopt00.sqm
2008-04-11 14:27 . 2008-04-14 14:59 <REP> d-------- C:\Program Files\MSN Messenger
2008-04-11 12:02 . 2008-04-14 14:59 <REP> d-------- C:\Program Files\PConPoint
2008-04-11 11:42 . 2008-04-11 11:42 <REP> d-------- C:\Documents and Settings\SOFTPLUS\Application Data\Grisoft
2008-04-11 11:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 01:45 . 2008-07-19 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 01:45 . 2007-11-11 12:31 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-11 01:45 . 2007-11-11 11:41 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 01:45 . 2008-04-11 01:45 <REP> d-------- C:\Documents and Settings\Administrateur
2008-04-11 01:28 . 2008-04-12 01:42 3,471,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-11 01:28 . 2008-04-12 01:42 42,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-11 01:28 . 2008-04-12 01:42 29,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-11 01:28 . 2008-04-12 01:42 4,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-11 01:17 . 2008-04-11 01:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 01:17 . 2008-04-11 01:17 <REP> d-------- C:\Documents and Settings\SOFTPLUS\Application Data\Malwarebytes
2008-04-11 01:17 . 2008-04-11 01:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 00:04 . 2008-04-11 01:18 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-10 23:52 . 2008-04-10 23:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-10 23:42 . 2008-04-10 23:43 <REP> d-------- C:\Program Files\CCleaner
2008-04-10 23:15 . 2008-04-14 18:21 <REP> d-------- C:\Documents and Settings\SOFTPLUS\Application Data\U3
2008-04-10 23:15 . 2008-04-10 23:15 0 --a------ C:\LOGA1.tmp
2008-04-04 10:56 . 2008-04-11 01:41 48,546 --a------ C:\WINDOWS\system32\%MS%HCopy.tmp
2008-04-04 10:56 . 2008-04-04 10:56 72 ---hs---- C:\desktop.ini
2008-04-03 22:58 . 2008-04-03 22:58 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-04-03 19:56 . 2008-04-04 15:53 42,501 --a------ C:\WINDOWS\system32\%MS%UCopy.tmp
2008-04-03 19:40 . 2008-04-03 19:40 1,179 --a------ C:\WINDOWS\system32\~%MS%HCopy.tmp
2008-04-03 19:40 . 2008-04-03 19:40 0 --a------ C:\WINDOWS\system32\~%MS%UCopy.tmp
2008-03-29 21:01 . 2008-04-12 15:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-27 15:25 . 2008-03-27 15:25 <REP> d-------- C:\Program Files\MSECache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:14 --------- d-----w C:\Program Files\ooVoo
2008-07-19 21:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-19 19:57 --------- d-----w C:\Program Files\Google
2008-07-19 19:53 --------- d-----w C:\Program Files\Trend Micro
2008-07-18 22:32 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-18 10:53 --------- d-----w C:\Program Files\Common Files
2008-07-16 17:14 --------- d-----w C:\Program Files\Application Compatibility Toolkit
2008-07-16 17:13 --------- d-----w C:\Program Files\Support Tools
2008-07-15 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-13 22:25 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\Skype
2008-04-13 19:05 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\skypePM
2008-04-13 13:43 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\LimeWire
2008-04-13 13:07 --------- d-----w C:\Program Files\eMule
2008-04-11 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 21:43 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 23:11 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\Samsung
2008-04-03 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 20:58 --------- d-----w C:\Program Files\Samsung
2008-02-20 20:28 --------- d-----w C:\Program Files\Services en ligne
2008-02-20 16:18 --------- d-----w C:\Program Files\LimeWire
2007-11-21 12:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720]
[HKLM\~\startupfolder\C:^Documents and Settings^SOFTPLUS^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:54 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2005-04-25 14:45 36040 C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\TribalWeb\\tribalweb.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:TCP port 443 ooVoo
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:UDP port 37675 ooVoo
R3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 00:31]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 08:00]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-01-05 14:45]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064f305a-06dd-11dd-a6c7-0050fce8e86c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064f305b-06dd-11dd-a6c7-0050fce8e86c}]
\Shell\AutoRun\command - H:\b.com
\Shell\explore\Command - H:\b.com
\Shell\open\Command - H:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0755cd30-a1ad-11dc-af09-00e0e402fe45}]
\Shell\Auto\command - F:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - F:\[u]0[/u]hct8ybw.bat
\Shell\open\Command - F:\[u]0[/u]hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077ffa25-a8ee-11dc-b997-00e0e402fe45}]
\Shell\AutoRun\command - cayfq2.cmd
\Shell\explore\Command - cayfq2.cmd
\Shell\open\Command - cayfq2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1110e3cf-c4e4-11db-ba39-00e0e402fe45}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31db59e4-cf01-11db-ba5d-0050fce8e86c}]
\Shell\AutoRun\command - G:\v.com
\Shell\explore\Command - G:\v.com
\Shell\open\Command - G:\v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{411bad22-b534-11dc-b9be-00e0e402fe45}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b844d8-d95d-11dc-ba1c-00e0e402fe45}]
\Shell\AutoRun\command - G:\h.cmd
\Shell\explore\Command - G:\h.cmd
\Shell\open\Command - G:\h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{572f6402-aa2a-11dc-b99d-00e0e402fe45}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9448033b-c31a-11db-ba36-00e0e402fe45}]
\Shell\AutoRun\command - G:\[u]0[/u]hct8ybw.bat
\Shell\explore\Command - G:\[u]0[/u]hct8ybw.bat
\Shell\open\Command - G:\[u]0[/u]hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974331f0-cdb9-11db-ba5a-00e0e402fe45}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5c5930c-db45-11dc-ba20-00e0e402fe45}]
\Shell\AutoRun\command - F:\cayfq2.cmd
\Shell\explore\Command - F:\cayfq2.cmd
\Shell\open\Command - F:\cayfq2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab80696c-ca2e-11db-ba4f-00e0e402fe45}]
\Shell\AutoRun\command - F:\x6.bat
\Shell\explore\Command - F:\x6.bat
\Shell\open\Command - F:\x6.bat
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 21:36:08
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-14 21:42:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 19:42:14
Pre-Run: 23,568,031,744 octets libres
Post-Run: 23,507,415,040 octets libres
.
2008-04-14 10:00:46 --- E O F ---
* Rapport antivir
AntiVir PersonalEdition Classic
Report file date: lundi 14 avril 2008 22:00
Scanning for 740715 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SOFTPLUS
Computer name: FAMILLE
Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 14 avril 2008 22:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ccleaner.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '6' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: lundi 14 avril 2008 22:36
Used time: 35:40 min
The scan has been done completely.
2866 Scanning directories
120110 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
120110 Files not concerned
819 Archives were scanned
1 Warnings
0 Notes
0 Hidden objects were found
* REMARQUE : Je n'est plus de message d'erreur !! Quel soulagement , merci !
merci merci !!!
Que dois-je faire ?
* Rapport Combofix :
ComboFix 08-04-13.3 - SOFTPLUS 2008-04-14 21:26:03.1 - NTFSx86
Endroit: C:\Documents and Settings\SOFTPLUS\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\system32\kernel32.sys
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.
2008-04-14 18:21 . 2008-04-14 18:21 0 --a------ C:\LOG17.tmp
2008-04-14 15:00 . 2008-04-14 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 14:59 . 2008-04-14 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-14 13:30 . 2008-04-14 14:58 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-14 11:02 . 2008-04-14 14:58 <REP> d-------- C:\Program Files\PhotoFiltre
2008-04-14 10:48 . 2008-04-14 10:48 0 --a------ C:\LOG3.tmp
2008-04-13 21:30 . 2008-04-14 15:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-04-12 19:14 . 2008-04-12 19:14 0 --a------ C:\LOGC3.tmp
2008-04-11 22:49 . 2008-04-11 22:49 0 --a------ C:\LOG266.tmp
2008-04-11 19:56 . 2008-04-11 19:56 0 --a------ C:\LOG25F.tmp
2008-04-11 15:42 . 2008-04-11 15:42 0 --a------ C:\LOG208.tmp
2008-04-11 15:37 . 2008-04-11 15:37 0 --a------ C:\LOG206.tmp
2008-04-11 14:29 . 2008-04-11 14:29 268 --ah----- C:\sqmdata00.sqm
2008-04-11 14:29 . 2008-04-11 14:29 244 --ah----- C:\sqmnoopt00.sqm
2008-04-11 14:27 . 2008-04-14 14:59 <REP> d-------- C:\Program Files\MSN Messenger
2008-04-11 12:02 . 2008-04-14 14:59 <REP> d-------- C:\Program Files\PConPoint
2008-04-11 11:42 . 2008-04-11 11:42 <REP> d-------- C:\Documents and Settings\SOFTPLUS\Application Data\Grisoft
2008-04-11 11:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 01:45 . 2008-07-19 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 01:45 . 2007-11-11 12:31 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-11 01:45 . 2007-11-11 11:41 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 01:45 . 2007-11-11 12:31 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 01:45 . 2008-04-11 01:45 <REP> d-------- C:\Documents and Settings\Administrateur
2008-04-11 01:28 . 2008-04-12 01:42 3,471,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-11 01:28 . 2008-04-12 01:42 42,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-11 01:28 . 2008-04-12 01:42 29,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-11 01:28 . 2008-04-12 01:42 4,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-11 01:17 . 2008-04-11 01:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 01:17 . 2008-04-11 01:17 <REP> d-------- C:\Documents and Settings\SOFTPLUS\Application Data\Malwarebytes
2008-04-11 01:17 . 2008-04-11 01:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 00:04 . 2008-04-11 01:18 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-10 23:52 . 2008-04-10 23:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-10 23:42 . 2008-04-10 23:43 <REP> d-------- C:\Program Files\CCleaner
2008-04-10 23:15 . 2008-04-14 18:21 <REP> d-------- C:\Documents and Settings\SOFTPLUS\Application Data\U3
2008-04-10 23:15 . 2008-04-10 23:15 0 --a------ C:\LOGA1.tmp
2008-04-04 10:56 . 2008-04-11 01:41 48,546 --a------ C:\WINDOWS\system32\%MS%HCopy.tmp
2008-04-04 10:56 . 2008-04-04 10:56 72 ---hs---- C:\desktop.ini
2008-04-03 22:58 . 2008-04-03 22:58 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-04-03 19:56 . 2008-04-04 15:53 42,501 --a------ C:\WINDOWS\system32\%MS%UCopy.tmp
2008-04-03 19:40 . 2008-04-03 19:40 1,179 --a------ C:\WINDOWS\system32\~%MS%HCopy.tmp
2008-04-03 19:40 . 2008-04-03 19:40 0 --a------ C:\WINDOWS\system32\~%MS%UCopy.tmp
2008-03-29 21:01 . 2008-04-12 15:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-27 15:25 . 2008-03-27 15:25 <REP> d-------- C:\Program Files\MSECache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 09:14 --------- d-----w C:\Program Files\ooVoo
2008-07-19 21:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-19 19:57 --------- d-----w C:\Program Files\Google
2008-07-19 19:53 --------- d-----w C:\Program Files\Trend Micro
2008-07-18 22:32 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-18 10:53 --------- d-----w C:\Program Files\Common Files
2008-07-16 17:14 --------- d-----w C:\Program Files\Application Compatibility Toolkit
2008-07-16 17:13 --------- d-----w C:\Program Files\Support Tools
2008-07-15 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-13 22:25 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\Skype
2008-04-13 19:05 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\skypePM
2008-04-13 13:43 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\LimeWire
2008-04-13 13:07 --------- d-----w C:\Program Files\eMule
2008-04-11 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 21:43 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 23:11 --------- d-----w C:\Documents and Settings\SOFTPLUS\Application Data\Samsung
2008-04-03 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 20:58 --------- d-----w C:\Program Files\Samsung
2008-02-20 20:28 --------- d-----w C:\Program Files\Services en ligne
2008-02-20 16:18 --------- d-----w C:\Program Files\LimeWire
2007-11-21 12:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720]
[HKLM\~\startupfolder\C:^Documents and Settings^SOFTPLUS^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:54 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2005-04-25 14:45 36040 C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\TribalWeb\\tribalweb.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:TCP port 443 ooVoo
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:UDP port 37675 ooVoo
R3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 00:31]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 08:00]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-01-05 14:45]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064f305a-06dd-11dd-a6c7-0050fce8e86c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064f305b-06dd-11dd-a6c7-0050fce8e86c}]
\Shell\AutoRun\command - H:\b.com
\Shell\explore\Command - H:\b.com
\Shell\open\Command - H:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0755cd30-a1ad-11dc-af09-00e0e402fe45}]
\Shell\Auto\command - F:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - F:\[u]0[/u]hct8ybw.bat
\Shell\open\Command - F:\[u]0[/u]hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077ffa25-a8ee-11dc-b997-00e0e402fe45}]
\Shell\AutoRun\command - cayfq2.cmd
\Shell\explore\Command - cayfq2.cmd
\Shell\open\Command - cayfq2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1110e3cf-c4e4-11db-ba39-00e0e402fe45}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31db59e4-cf01-11db-ba5d-0050fce8e86c}]
\Shell\AutoRun\command - G:\v.com
\Shell\explore\Command - G:\v.com
\Shell\open\Command - G:\v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{411bad22-b534-11dc-b9be-00e0e402fe45}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b844d8-d95d-11dc-ba1c-00e0e402fe45}]
\Shell\AutoRun\command - G:\h.cmd
\Shell\explore\Command - G:\h.cmd
\Shell\open\Command - G:\h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{572f6402-aa2a-11dc-b99d-00e0e402fe45}]
\Shell\AutoRun\command - E:\stw1ojde.bat
\Shell\explore\Command - E:\stw1ojde.bat
\Shell\open\Command - E:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9448033b-c31a-11db-ba36-00e0e402fe45}]
\Shell\AutoRun\command - G:\[u]0[/u]hct8ybw.bat
\Shell\explore\Command - G:\[u]0[/u]hct8ybw.bat
\Shell\open\Command - G:\[u]0[/u]hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974331f0-cdb9-11db-ba5a-00e0e402fe45}]
\Shell\AutoRun\command - F:\stw1ojde.bat
\Shell\explore\Command - F:\stw1ojde.bat
\Shell\open\Command - F:\stw1ojde.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5c5930c-db45-11dc-ba20-00e0e402fe45}]
\Shell\AutoRun\command - F:\cayfq2.cmd
\Shell\explore\Command - F:\cayfq2.cmd
\Shell\open\Command - F:\cayfq2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab80696c-ca2e-11db-ba4f-00e0e402fe45}]
\Shell\AutoRun\command - F:\x6.bat
\Shell\explore\Command - F:\x6.bat
\Shell\open\Command - F:\x6.bat
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 21:36:08
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-14 21:42:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 19:42:14
Pre-Run: 23,568,031,744 octets libres
Post-Run: 23,507,415,040 octets libres
.
2008-04-14 10:00:46 --- E O F ---
* Rapport antivir
AntiVir PersonalEdition Classic
Report file date: lundi 14 avril 2008 22:00
Scanning for 740715 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SOFTPLUS
Computer name: FAMILLE
Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 14 avril 2008 22:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ccleaner.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '6' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: lundi 14 avril 2008 22:36
Used time: 35:40 min
The scan has been done completely.
2866 Scanning directories
120110 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
120110 Files not concerned
819 Archives were scanned
1 Warnings
0 Notes
0 Hidden objects were found
* REMARQUE : Je n'est plus de message d'erreur !! Quel soulagement , merci !
merci merci !!!
Que dois-je faire ?
PS : demain je ne serai plus là, hélas je ne pourrais donc plus m'occupé des virus ! Cela dit combofix a marché a merveilles puisque les message d'erreurs ne sont plus là. Antivi n'a constaté aucun virus, je suppose que tout est réglé !!! merci !!
Mais reste juste le problème des mise a jour d'antivir !!!!! COMMENT JE FAIS ?
Mais reste juste le problème des mise a jour d'antivir !!!!! COMMENT JE FAIS ?
