c'est la catastrophe!!!

Question

Bonjour,

je possède un ordinateur portable processeur athlon 1.8ghz, windows xp sp2
depuis quelques temps, je n'ai plus accès à ccleaner, antivir et spybot... impossible d'ouvrir ces programmes!

de plus, recemment, windows m'a averti de la presence d'un trojan win32 par le rapport d'erreur (car l'ordinateur a planté, avec ecran bleu, ecriture violette et mechant bruit...)

pour couronner le tout, impossible d'aller en mode sans echec pour enlever ce trojan!!!

alors pour moi, c'est l'impasse. svp au secours!!!!

amd64 · Answer

telecharge sa ;
http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html

fait un scan  et post le raport ici

amd64 · Answer

hou  lala

amd64 · Answer

personellement quand sa me fe sa sur mon pc , je farmate et reinstal windows

samich · Answer

je crois que c pas possible car pas de cd original de windows...

il était deja dessus quand il a été acheté et le disque de reinstallation a disparu!!!

amd64 · Answer

c'est malin

amd64 · Answer

c'est koi ton message complet ??   WIN32.... ET APRES ,

dou-l · Answer

salut les gens !

Télécharge Combofix: 

Renomme le avant toute installation, par exemple, nomme le 'Killer': Pour t'aider a le renommer regarde l'aide (TRES IMPORTANT)

Sauvegarde le sur ton bureau et pas ailleurs...

Aide à l’utilisation de combofix ici 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

puis,


* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).


et ils mettront a jour elibaga dans les 48 heures ce qui permettra de virer le virus que tu as!!

amd64 · Answer

heuu     il a dit qu'il peut rien installer sur son pc

samich · Answer

le message précis est: le fichier n'est pas une application win32 valide. et c tout

merci dou-l pour ton info, je vais essayer ca tout de suite!!!

samich · Answer

ca a marché...

voici le rapport de combofix:

ComboFix 08-04-18.3 - alcacer eric 2008-04-19 14:31:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.55 [GMT 2:00]
Endroit: C:\Documents and Settings\alcacer eric\Bureau\Combo-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\102442921.exe
C:\WINDOWS\system32\drivers\downld\102461171.exe
C:\WINDOWS\system32\drivers\downld\102478156.exe
C:\WINDOWS\system32\drivers\downld\102500312.exe
C:\WINDOWS\system32\drivers\downld\102853359.exe
C:\WINDOWS\system32\drivers\downld\102873578.exe
C:\WINDOWS\system32\drivers\downld\102889750.exe
C:\WINDOWS\system32\drivers\downld\102896656.exe
C:\WINDOWS\system32\drivers\downld\109843.exe
C:\WINDOWS\system32\drivers\downld\115062.exe
C:\WINDOWS\system32\drivers\downld\117302531.exe
C:\WINDOWS\system32\drivers\downld\117316359.exe
C:\WINDOWS\system32\drivers\downld\117319593.exe
C:\WINDOWS\system32\drivers\downld\117337671.exe
C:\WINDOWS\system32\drivers\downld\117355625.exe
C:\WINDOWS\system32\drivers\downld\117388531.exe
C:\WINDOWS\system32\drivers\downld\117409109.exe
C:\WINDOWS\system32\drivers\downld\117422515.exe
C:\WINDOWS\system32\drivers\downld\117429671.exe
C:\WINDOWS\system32\drivers\downld\120406.exe
C:\WINDOWS\system32\drivers\downld\122062.exe
C:\WINDOWS\system32\drivers\downld\125468.exe
C:\WINDOWS\system32\drivers\downld\131656.exe
C:\WINDOWS\system32\drivers\downld\131850984.exe
C:\WINDOWS\system32\drivers\downld\131864234.exe
C:\WINDOWS\system32\drivers\downld\131878281.exe
C:\WINDOWS\system32\drivers\downld\132031468.exe
C:\WINDOWS\system32\drivers\downld\132049843.exe
C:\WINDOWS\system32\drivers\downld\132062171.exe
C:\WINDOWS\system32\drivers\downld\132068312.exe
C:\WINDOWS\system32\drivers\downld\137875.exe
C:\WINDOWS\system32\drivers\downld\139859.exe
C:\WINDOWS\system32\drivers\downld\141484.exe
C:\WINDOWS\system32\drivers\downld\146473906.exe
C:\WINDOWS\system32\drivers\downld\146492031.exe
C:\WINDOWS\system32\drivers\downld\146506734.exe
C:\WINDOWS\system32\drivers\downld\146551437.exe
C:\WINDOWS\system32\drivers\downld\146570140.exe
C:\WINDOWS\system32\drivers\downld\146580781.exe
C:\WINDOWS\system32\drivers\downld\146589000.exe
C:\WINDOWS\system32\drivers\downld\14821968.exe
C:\WINDOWS\system32\drivers\downld\14832281.exe
C:\WINDOWS\system32\drivers\downld\14845750.exe
C:\WINDOWS\system32\drivers\downld\14855765.exe
C:\WINDOWS\system32\drivers\downld\14890984.exe
C:\WINDOWS\system32\drivers\downld\14933953.exe
C:\WINDOWS\system32\drivers\downld\14954625.exe
C:\WINDOWS\system32\drivers\downld\14965609.exe
C:\WINDOWS\system32\drivers\downld\14971375.exe
C:\WINDOWS\system32\drivers\downld\149937.exe
C:\WINDOWS\system32\drivers\downld\15224625.exe
C:\WINDOWS\system32\drivers\downld\15245031.exe
C:\WINDOWS\system32\drivers\downld\152656.exe
C:\WINDOWS\system32\drivers\downld\15267843.exe
C:\WINDOWS\system32\drivers\downld\15277859.exe
C:\WINDOWS\system32\drivers\downld\158812.exe
C:\WINDOWS\system32\drivers\downld\159234.exe
C:\WINDOWS\system32\drivers\downld\161015671.exe
C:\WINDOWS\system32\drivers\downld\161039203.exe
C:\WINDOWS\system32\drivers\downld\161099046.exe
C:\WINDOWS\system32\drivers\downld\161115421.exe
C:\WINDOWS\system32\drivers\downld\161137343.exe
C:\WINDOWS\system32\drivers\downld\161146562.exe
C:\WINDOWS\system32\drivers\downld\168765.exe
C:\WINDOWS\system32\drivers\downld\169203.exe
C:\WINDOWS\system32\drivers\downld\171609.exe
C:\WINDOWS\system32\drivers\downld\172484.exe
C:\WINDOWS\system32\drivers\downld\176828.exe
C:\WINDOWS\system32\drivers\downld\186359.exe
C:\WINDOWS\system32\drivers\downld\191187.exe
C:\WINDOWS\system32\drivers\downld\215031.exe
C:\WINDOWS\system32\drivers\downld\220484.exe
C:\WINDOWS\system32\drivers\downld\229156.exe
C:\WINDOWS\system32\drivers\downld\235484.exe
C:\WINDOWS\system32\drivers\downld\250156.exe
C:\WINDOWS\system32\drivers\downld\259453.exe
C:\WINDOWS\system32\drivers\downld\262921.exe
C:\WINDOWS\system32\drivers\downld\285750.exe
C:\WINDOWS\system32\drivers\downld\292453.exe
C:\WINDOWS\system32\drivers\downld\29376203.exe
C:\WINDOWS\system32\drivers\downld\29389250.exe
C:\WINDOWS\system32\drivers\downld\29427515.exe
C:\WINDOWS\system32\drivers\downld\29498781.exe
C:\WINDOWS\system32\drivers\downld\29516906.exe
C:\WINDOWS\system32\drivers\downld\29528515.exe
C:\WINDOWS\system32\drivers\downld\29534843.exe
C:\WINDOWS\system32\drivers\downld\29686703.exe
C:\WINDOWS\system32\drivers\downld\29703953.exe
C:\WINDOWS\system32\drivers\downld\29733703.exe
C:\WINDOWS\system32\drivers\downld\29778515.exe
C:\WINDOWS\system32\drivers\downld\29796500.exe
C:\WINDOWS\system32\drivers\downld\29806656.exe
C:\WINDOWS\system32\drivers\downld\29812062.exe
C:\WINDOWS\system32\drivers\downld\303281.exe
C:\WINDOWS\system32\drivers\downld\312718.exe
C:\WINDOWS\system32\drivers\downld\359234.exe
C:\WINDOWS\system32\drivers\downld\360796.exe
C:\WINDOWS\system32\drivers\downld\362046.exe
C:\WINDOWS\system32\drivers\downld\376875.exe
C:\WINDOWS\system32\drivers\downld\378734.exe
C:\WINDOWS\system32\drivers\downld\382703.exe
C:\WINDOWS\system32\drivers\downld\384343.exe
C:\WINDOWS\system32\drivers\downld\384406.exe
C:\WINDOWS\system32\drivers\downld\393703.exe
C:\WINDOWS\system32\drivers\downld\398406.exe
C:\WINDOWS\system32\drivers\downld\398781.exe
C:\WINDOWS\system32\drivers\downld\399046.exe
C:\WINDOWS\system32\drivers\downld\400578.exe
C:\WINDOWS\system32\drivers\downld\405812.exe
C:\WINDOWS\system32\drivers\downld\409515.exe
C:\WINDOWS\system32\drivers\downld\411125.exe
C:\WINDOWS\system32\drivers\downld\424609.exe
C:\WINDOWS\system32\drivers\downld\43940234.exe
C:\WINDOWS\system32\drivers\downld\43952609.exe
C:\WINDOWS\system32\drivers\downld\43983171.exe
C:\WINDOWS\system32\drivers\downld\44087031.exe
C:\WINDOWS\system32\drivers\downld\44107484.exe
C:\WINDOWS\system32\drivers\downld\44120656.exe
C:\WINDOWS\system32\drivers\downld\44127765.exe
C:\WINDOWS\system32\drivers\downld\44271156.exe
C:\WINDOWS\system32\drivers\downld\44324406.exe
C:\WINDOWS\system32\drivers\downld\44344671.exe
C:\WINDOWS\system32\drivers\downld\44357046.exe
C:\WINDOWS\system32\drivers\downld\44363765.exe
C:\WINDOWS\system32\drivers\downld\4565203.exe
C:\WINDOWS\system32\drivers\downld\4590875.exe
C:\WINDOWS\system32\drivers\downld\4611812.exe
C:\WINDOWS\system32\drivers\downld\4798578.exe
C:\WINDOWS\system32\drivers\downld\4811859.exe
C:\WINDOWS\system32\drivers\downld\4817218.exe
C:\WINDOWS\system32\drivers\downld\4830296.exe
C:\WINDOWS\system32\drivers\downld\4840062.exe
C:\WINDOWS\system32\drivers\downld\58534156.exe
C:\WINDOWS\system32\drivers\downld\58544625.exe
C:\WINDOWS\system32\drivers\downld\58586890.exe
C:\WINDOWS\system32\drivers\downld\58634843.exe
C:\WINDOWS\system32\drivers\downld\58657625.exe
C:\WINDOWS\system32\drivers\downld\58671578.exe
C:\WINDOWS\system32\drivers\downld\58702125.exe
C:\WINDOWS\system32\drivers\downld\58771312.exe
C:\WINDOWS\system32\drivers\downld\58807515.exe
C:\WINDOWS\system32\drivers\downld\58856125.exe
C:\WINDOWS\system32\drivers\downld\59045000.exe
C:\WINDOWS\system32\drivers\downld\59079359.exe
C:\WINDOWS\system32\drivers\downld\59090578.exe
C:\WINDOWS\system32\drivers\downld\59100578.exe
C:\WINDOWS\system32\drivers\downld\6666359.exe
C:\WINDOWS\system32\drivers\downld\6673156.exe
C:\WINDOWS\system32\drivers\downld\6720406.exe
C:\WINDOWS\system32\drivers\downld\6922453.exe
C:\WINDOWS\system32\drivers\downld\6941000.exe
C:\WINDOWS\system32\drivers\downld\6968359.exe
C:\WINDOWS\system32\drivers\downld\6978843.exe
C:\WINDOWS\system32\drivers\downld\73108062.exe
C:\WINDOWS\system32\drivers\downld\73121156.exe
C:\WINDOWS\system32\drivers\downld\73158968.exe
C:\WINDOWS\system32\drivers\downld\73345484.exe
C:\WINDOWS\system32\drivers\downld\73364031.exe
C:\WINDOWS\system32\drivers\downld\73375109.exe
C:\WINDOWS\system32\drivers\downld\73380796.exe
C:\WINDOWS\system32\drivers\downld\73518656.exe
C:\WINDOWS\system32\drivers\downld\73548375.exe
C:\WINDOWS\system32\drivers\downld\73850015.exe
C:\WINDOWS\system32\drivers\downld\73874984.exe
C:\WINDOWS\system32\drivers\downld\73894984.exe
C:\WINDOWS\system32\drivers\downld\73901734.exe
C:\WINDOWS\system32\drivers\downld\87790343.exe
C:\WINDOWS\system32\drivers\downld\87802640.exe
C:\WINDOWS\system32\drivers\downld\87938703.exe
C:\WINDOWS\system32\drivers\downld\87995093.exe
C:\WINDOWS\system32\drivers\downld\88015406.exe
C:\WINDOWS\system32\drivers\downld\88027859.exe
C:\WINDOWS\system32\drivers\downld\88034828.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))))))))
.

2008-04-19 13:48 . 2008-04-19 13:48 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 10:12 . 2008-04-14 10:12 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-11 18:56 . 2008-04-14 09:55 <REP> d-------- C:\Documents and Settings\alcacer eric\Application Data\BitTorrent
2008-04-11 18:55 . 2008-04-11 18:55 <REP> d-------- C:\Program Files\DNA
2008-04-11 18:55 . 2008-04-11 19:04 <REP> d-------- C:\Program Files\BitTorrent
2008-04-11 18:55 . 2008-04-19 14:37 <REP> d-------- C:\Documents and Settings\alcacer eric\Application Data\DNA
2008-04-09 19:23 . 2008-04-09 19:26 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 15:46 . 2008-04-08 15:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-08 15:45 . 2008-04-08 15:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-29 15:04 . 2008-03-29 15:04 <REP> d-------- C:\Program Files\SoundinDepth.com
2008-03-29 15:04 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-03-29 15:04 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-03-29 15:04 . 2003-11-19 14:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-03-29 15:04 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-03-29 15:04 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-03-29 15:04 . 1999-01-26 20:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-03-29 15:03 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 20:26 --------- d-----w C:\Program Files\eMule
2008-04-17 17:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-17 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-14 08:12 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-14 08:12 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-07 17:38 --------- d-----w C:\Program Files\Google
2008-04-07 15:34 --------- d-----w C:\Program Files\DivX
2008-04-07 15:19 --------- d-----w C:\Program Files\Wallpaper
2008-04-04 17:51 --------- d-----w C:\Documents and Settings\alcacer eric\Application Data\LimeWire
2008-03-26 13:57 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2005-11-26 13:27 0 -c--a-w C:\Documents and Settings\alcacer eric\Application Data\wklnhst.dat
.

------- Sigcheck -------

2004-08-05 10:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2004-08-05 10:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-04-14 10:12 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-14 10:12 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS

2004-08-05 10:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe

2004-08-05 10:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-05 10:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2004-08-05 10:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-04-19 14:34 684032]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 18:55 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 22:05 344064]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 14:52 233534]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 14:34 262401]
"ZNsoft Optimizer Xp"="C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\ZNsoft Xp.exe" [2006-06-23 14:50 393216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-11-07 22:34]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-11-07 22:33]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 16:59]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2006-12-26 08:58]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-19 12:46:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 14:39:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?7?5?6??`???? ?,?B?????????????hLC? ??????

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-19 14:49:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 12:49:38

Pre-Run: 23,133,130,752 octets libres
Post-Run: 22,828,847,104 octets libres

315 --- E O F --- 2008-04-09 17:26:42

samich · Answer

genial, apparement tout est rentré dans l'ordre

je suis trop content

et pas de message avec le logiciel espagnol

je ne sais comment te remercier dou-l...

t'es un as, bravo

ps: pour comprendre comment resoudre ce problème, se reférer au post de dou-l

dou-l · Answer

tu as le rapport elibagla si tu es dans les parages ???

samich · Answer

quel rapport???

tu veux peut etre parler des 14 fichiers bagles qu'il a supprimé???

si c ca, comment faire pour y acceder??? car j'ai deja fermé le logiciel

dou-l · Answer

Il se trouve ici : C:\infosat.txt

samich · Answer

est ce que je repare les erreurs que ccleaner a trouvé????

dou-l · Answer

oui

samich · Answer

ca  c pour c:


	  Sat Apr 19 14:55:26 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Sat Apr 19 14:55:57 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Spybot - Search & Destroy\LZEKFKPVKGILCXKTGQ.SCR --> Eliminado Bagle.dldr
C:\Program Files\Spybot - Search & Destroy\TEATIMER.EXE --> Eliminado Bagle.dldr
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\109843.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\117302531.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\117316359.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\125468.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\146473906.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14832281.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29686703.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\58771312.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\6666359.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios:   4275
Nº Total de Ficheros:      37982
Nº de Ficheros Analizados: 6191
Nº de Ficheros Infectados: 11
Nº de Ficheros Limpiados:  11

	  Sat Apr 19 15:02:37 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\
E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163192.EXE --> Eliminado Bagle.dldr
E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163194.EXE --> Eliminado Bagle.dldr
E:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163195.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios:   330
Nº Total de Ficheros:      2992
Nº de Ficheros Analizados: 40
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados:  3

	  Sat Apr 19 15:03:32 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios:   0
Nº Total de Ficheros:      0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Sat Apr 19 15:03:38 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios:   330
Nº Total de Ficheros:      2989
Nº de Ficheros Analizados: 37
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Sat Apr 19 15:03:42 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   4280
Nº Total de Ficheros:      37978
Nº de Ficheros Analizados: 6180
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Sat Apr 19 16:54:41 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Sat Apr 19 16:54:46 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

dou-l · Answer

ok parfait :

Pour voir s'il traine pas autre chose :


Télécharge sur le bureau hijackthis


Fait un clic droit sur l'icone hijackthis.


/!\Renome hijackthis en skim.exe ( a le place de hijacktihs.exe) c'est important!!/!\

*Après avoir fais ca double-clic dessus.

*Clic sur Do a system scan and save the log

*A la fin de l'analyse un rapport va etre générer colle le ici.

Une démo d'hijackthis

samich · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:57, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZNsoft Optimizer Xp] C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\ZNsoft Xp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O24 - Desktop Component 0: (no name) - http://www.creatures-imaginaires.com
O24 - Desktop Component 1: (no name) - https://events.airbus.com/No-Event.php
O24 - Desktop Component 2: (no name) - http://www.showbizmusic.com/jeu-casino/images/titan_poker/titan_poker_en_ligne.gif
O24 - Desktop Component 3: (no name) - https://www.toucharger.com/img/graphiques/fonds_d_ecran/cinema/alien/alien.48601.jpg

dou-l · Answer

Enleve le post comme étant résolue stp




Pas de pare feu ? télécharge et installe zonealarm

Pour t'aider à le configurer : regarde le tuto

Met à jour Ie télécharge ie7 ici


Va sur virustotal et fais analyser ce fichier colle le rapport:

C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\ZNsoft Xp.exe

https://www.virustotal.com/gui/



Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
Inconnu
O24 - Desktop Component 0: (no name) - http://www.creatures-imaginaires.com/
O24 - Desktop Component 1: (no name) - https://events.airbus.com/No-Event.php
O24 - Desktop Component 2: (no name) - http://www.showbizmusic.com/jeu-casino/images/titan_poker/titan_poker_en_ligne.g if
O24 - Desktop Component 3: (no name) - https://www.toucharger.com/img/graphiques/fonds_d_ecran/cinema/alien/alien.48601 jpg


a+

dou-l · Answer

Je revien demain matin a+

samich · Answer

desolé j'ai pas pu m'y mettre avant

j'ai fais les fix checked avec hijack

j'ai fais analyser le fichier mais rien, meme pas de rapport...

ie7 est telecharger et a jour

mais zone alarm, t'es sur? car c compliqué comme pare feu

et dernière chose, ccleaner trouve environ 200 erreurs, je lui fais resoudre ou pas???

dou-l · Answer

Oui corrige les 

Comment ca compliquer ? Je t'ai mit le lien pour t'aider .

samich · Answer

tout d'abord merci pour l'attention que tu portes a mon problème!!! COOL

on m'a dit que zone alarm était lourd comme firewall et difficile à utiliser malgré les tutos (lol)

de plus tu me dis que je n'ai pas de pare feu, mais celui de windows est actif!!!

samich · Answer

et aussi, je voulais savoir si je peux desinstaller combo fix et le logiciel espagnol????

dou-l · Answer

Oui mais celui de windows est nul lol !!

Pour virer combo et elibagla :


* Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    * Clique sur Recherche et laisse le scan se terminer.


    * Clique, sur Suppression pour finaliser.


    * Tu peux, si tu le souhaites, te servir des Options facultatives.


    * Clique sur Quitter, pour que le rapport puisse se créer.


    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

samich · Answer

voici le rapport de toolscleaner:

-->- Recherche: 

C:\Qoobox: trouvé !
C:\Documents and Settings\alcacer eric\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\alcacer eric\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Fichiers temporaires nettoyés !
Corbeille vidée!

samich · Answer

mais bizarre, combo fix et le programme espagnol sont toujours la!!

dou-l · Answer

Ok vire les manuellement alors

samich · Answer

je les ai viré manuellement en les mettant dans la corbeille, pareil pour toolscleaner...

et je suis en train d'installer zone alarm...

problème resolu???

dou-l · Answer

Oui !

samich · Answer

ok mec 

ton aide a été précieuse...

encore une fois merci et bonne route sur les sentiers tortueux de l'informatique!!! lol

samich · Answer

OULALA

impossible d'ouvrir antivir qui n'est toujours pas actif: le fichier n'est pas une application win32 valide. c ce que me dit le pc

samich · Answer

pareil pour spybot...

samich · Answer

faut-il que je les enlève et les reinstalle???

dou-l · Answer

Ok t'avais viré ton crack ?


Télécharge Combofix: 

Renomme le avant toute installation, par exemple, nomme le 'Killer': Pour t'aider a le renommer regarde l'aide

Sauvegarde le sur ton bureau et pas ailleurs...

Aide à l’utilisation de combofix ici 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

puis,


* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).


et ils mettront a jour elibaga dans les 48 heures ce qui permettra de virer le virus que tu as!!

samich · Answer

que veux dire t'avais viré ton crack???

dou-l · Answer

Le crack t'avais téléchargé un programme ou autre sur emule .,

samich · Answer

ComboFix 08-04-18.3 - alcacer eric 2008-04-20 17:50:14.2 - NTFSx86 Endroit: C:\Documents and Settings\alcacer eric\Bureau\Combo-Fix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))))))) . 2008-04-20 17:34 . 2008-04-20 17:34 d-------- C:\WINDOWS\LastGood 2008-04-20 17:29 . 2008-04-20 17:53 149,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-20 17:29 . 2008-04-20 17:29 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-20 17:22 . 2008-04-20 17:22 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-20 17:22 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-04-20 17:22 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-04-20 17:22 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-04-20 17:22 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-04-20 17:22 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-04-20 17:22 . 2008-04-20 17:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-04-20 17:20 . 2008-04-20 17:20 d-------- C:\Program Files\Zone Labs 2008-04-20 17:19 . 2008-04-20 17:48 d-------- C:\WINDOWS\Internet Logs 2008-04-19 13:48 . 2008-04-20 17:11 d-------- C:\Program Files\Trend Micro 2008-04-14 10:12 . 2008-04-14 10:12 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-04-11 18:56 . 2008-04-14 09:55 d-------- C:\Documents and Settings\alcacer eric\Application Data\BitTorrent 2008-04-11 18:55 . 2008-04-11 18:55 d-------- C:\Program Files\DNA 2008-04-11 18:55 . 2008-04-11 19:04 d-------- C:\Program Files\BitTorrent 2008-04-11 18:55 . 2008-04-20 17:51 d-------- C:\Documents and Settings\alcacer eric\Application Data\DNA 2008-04-08 15:46 . 2008-04-08 15:48 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-29 15:04 . 2008-03-29 15:04 d-------- C:\Program Files\SoundinDepth.com 2008-03-29 15:04 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx 2008-03-29 15:04 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx 2008-03-29 15:04 . 2003-11-19 14:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll 2008-03-29 15:04 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx 2008-03-29 15:04 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx 2008-03-29 15:04 . 1999-01-26 20:36 11,012 --a------ C:\WINDOWS\system32 hreadapi.tlb 2008-03-29 15:03 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 12:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-17 20:26 --------- d-----w C:\Program Files\eMule 2008-04-17 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-14 08:12 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-04-14 08:12 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-04-07 17:38 --------- d-----w C:\Program Files\Google 2008-04-07 15:34 --------- d-----w C:\Program Files\DivX 2008-04-07 15:19 --------- d-----w C:\Program Files\Wallpaper 2008-04-04 17:51 --------- d-----w C:\Documents and Settings\alcacer eric\Application Data\LimeWire 2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-03-26 13:57 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-16 09:02 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-02-16 09:02 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-02-16 09:02 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-02-16 09:02 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll 2008-02-16 09:02 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2005-11-26 13:27 0 -c--a-w C:\Documents and Settings\alcacer eric\Application Data\wklnhst.dat . ------- Sigcheck ------- 2004-08-05 10:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe 2004-08-05 10:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll 2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE cpip.sys 2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE cpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE cpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE cpip.sys 2008-04-14 10:12 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-04-14 10:12 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-05 10:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe 2004-08-05 10:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers dis.sys 2004-08-05 10:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2004-08-05 10:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 18:55 288576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 22:05 344064] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 14:52 233534] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 14:34 262401] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\DNA\btdna.exe"= "C:\Program Files\BitTorrent\bittorrent.exe"= R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-11-07 22:34] R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS ansgt.sys [2005-11-07 22:33] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 16:59] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2006-12-26 08:58] *Newly Created Service* - CATCHME *Newly Created Service* - KLIF *Newly Created Service* - SRESCAN *Newly Created Service* - VSMON . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-20 15:56:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 17:53:33 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?7?5?6??????? ?,?B?????????????hLC? ?????? Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-20 17:56:38 ComboFix-quarantined-files.txt 2008-04-20 15:56:24 Pre-Run: 22,595,899,392 octets libres Post-Run: 22,574,714,880 octets libres 141 --- E O F --- 2008-04-20 15:39:31

samich · Answer

le crack, tu parles de se qui a causé le bug du pc??

dans ce cas c surement un fichier de musique. mais je sais pas lequel!!

samich · Answer

du moins je me souviens plus et je l'ai supprimé!!

samich · Answer

Sun Apr 20 18:15:43 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Sun Apr 20 18:15:47 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   4208
Nº Total de Ficheros:      39330
Nº de Ficheros Analizados: 6558
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Sun Apr 20 18:20:41 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Sun Apr 20 18:20:46 2008
EliBagle v11.28  (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios:   331
Nº Total de Ficheros:      3166
Nº de Ficheros Analizados: 212
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

samich · Answer

du coup, il a rien trouvé!!!!

mais que faire???

dou-l · Answer

refait combofix stp

samich · Answer

ComboFix 08-04-18.3 - alcacer eric 2008-04-20 19:04:00.3 - NTFSx86 Endroit: C:\Documents and Settings\alcacer eric\Bureau\Combo-Fix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))))))) . 2008-04-20 17:34 . 2008-04-20 17:34 d-------- C:\WINDOWS\LastGood 2008-04-20 17:29 . 2008-04-20 19:08 198,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-20 17:29 . 2008-04-20 17:29 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-20 17:22 . 2008-04-20 17:22 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-20 17:22 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-04-20 17:22 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-04-20 17:22 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-04-20 17:22 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-04-20 17:22 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-04-20 17:22 . 2008-04-20 17:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-04-20 17:20 . 2008-04-20 17:20 d-------- C:\Program Files\Zone Labs 2008-04-20 17:19 . 2008-04-20 19:02 d-------- C:\WINDOWS\Internet Logs 2008-04-19 13:48 . 2008-04-20 17:11 d-------- C:\Program Files\Trend Micro 2008-04-14 10:12 . 2008-04-14 10:12 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2008-04-11 18:56 . 2008-04-14 09:55 d-------- C:\Documents and Settings\alcacer eric\Application Data\BitTorrent 2008-04-11 18:55 . 2008-04-11 18:55 d-------- C:\Program Files\DNA 2008-04-11 18:55 . 2008-04-11 19:04 d-------- C:\Program Files\BitTorrent 2008-04-11 18:55 . 2008-04-20 19:01 d-------- C:\Documents and Settings\alcacer eric\Application Data\DNA 2008-04-08 15:46 . 2008-04-08 15:48 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-29 15:04 . 2008-03-29 15:04 d-------- C:\Program Files\SoundinDepth.com 2008-03-29 15:04 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx 2008-03-29 15:04 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx 2008-03-29 15:04 . 2003-11-19 14:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll 2008-03-29 15:04 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx 2008-03-29 15:04 . 2004-03-09 00:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx 2008-03-29 15:04 . 1999-01-26 20:36 11,012 --a------ C:\WINDOWS\system32 hreadapi.tlb 2008-03-29 15:03 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 12:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-17 20:26 --------- d-----w C:\Program Files\eMule 2008-04-17 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-14 08:12 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-04-14 08:12 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-04-07 17:38 --------- d-----w C:\Program Files\Google 2008-04-07 15:34 --------- d-----w C:\Program Files\DivX 2008-04-07 15:19 --------- d-----w C:\Program Files\Wallpaper 2008-04-04 17:51 --------- d-----w C:\Documents and Settings\alcacer eric\Application Data\LimeWire 2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-03-26 13:57 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-16 09:02 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-02-16 09:02 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-02-16 09:02 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-02-16 09:02 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll 2008-02-16 09:02 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2005-11-26 13:27 0 -c--a-w C:\Documents and Settings\alcacer eric\Application Data\wklnhst.dat . ------- Sigcheck ------- 2004-08-05 10:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe 2004-08-05 10:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll 2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE cpip.sys 2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE cpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE cpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE cpip.sys 2008-04-14 10:12 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-04-14 10:12 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-05 10:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe 2004-08-05 10:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers dis.sys 2004-08-05 10:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2004-08-05 10:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 18:55 288576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-21 22:05 344064] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 14:52 233534] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 14:34 262401] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\DNA\btdna.exe"= "C:\Program Files\BitTorrent\bittorrent.exe"= R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-11-07 22:34] R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS ansgt.sys [2005-11-07 22:33] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-06-10 16:59] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2006-12-26 08:58] *Newly Created Service* - CATCHME *Newly Created Service* - KLIF *Newly Created Service* - SRESCAN *Newly Created Service* - VSMON . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-20 17:06:01 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 19:07:09 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?7?5?6??????? ?,?B?????????????hLC? ?????? Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-20 19:10:09 ComboFix-quarantined-files.txt 2008-04-20 17:09:53 ComboFix2.txt 2008-04-20 15:56:41 Pre-Run: 22,572,732,416 octets libres Post-Run: 22,553,706,496 octets libres 142 --- E O F --- 2008-04-20 15:39:31

dou-l · Answer

hum


vire antivir et essaye de le réinstaller !!

samich · Answer

j'ai reinstalle antivir et ca marche nickel...

la je dois y aller, mais je te tiens au courant!!!

bonne soirée

dou-l · Answer

ok on en a pas finit !! a+

samich · Answer

salut dou-l

antivir et spybot sont reinstallé et marche trés bien...

alors tout va bien???

samich · Answer

AIE!!!!!!!!

je viens de faire une analyse avec antivir, il vient de trouver 73 virus... tous sont des trojans du nom de bagle!!!! je les ai mis en quarantaine...

dou-l · Answer

ok on verra poste le rapport a la fin :::!!!!!

samich · Answer

Avira AntiVir Personal Report file date: mardi 22 avril 2008 15:07 Scanning for 1227832 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PC180281974527 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 19:08:10 ANTIVIR3.VDF : 7.0.3.195 472576 Bytes 21/04/2008 18:47:32 Engineversion : 8.1.0.32 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 19:08:49 AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 19:08:46 AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44 AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 19:08:45 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 19:08:36 AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 19:08:33 AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 19:08:24 AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 19:08:23 AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43 AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 19:08:20 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 22 avril 2008 15:07 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'btdna.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 27 processes with 27 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '26' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163183.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI [NOTE] The file was moved to '483ee920.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163184.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI [NOTE] The file was moved to '483ee926.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163206.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.NI [NOTE] The file was moved to '483ee92c.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163213.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee92f.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163214.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee931.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163215.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee933.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163232.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee935.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163236.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee938.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163237.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee93a.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163291.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee93d.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163295.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee940.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163296.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee943.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP364\A0163297.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee946.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP365\A0163326.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee94e.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0163337.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee953.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0163338.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee955.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0163339.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee957.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0163343.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee95a.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164291.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee95c.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164295.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee95e.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164532.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee974.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164536.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee977.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164554.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee979.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164558.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee97d.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164610.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee981.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164614.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee983.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164631.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee985.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP366\A0164635.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee987.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP367\A0164655.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee98b.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP367\A0164659.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '483ee98d.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164674.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee991.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164675.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee996.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164682.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9a2.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164684.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9a4.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164685.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9a7.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164686.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9a9.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164693.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9ac.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164694.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9af.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164695.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9b1.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164696.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9b5.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164697.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9b9.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164707.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9bc.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164714.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9bf.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164715.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9c1.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164716.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9c4.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164723.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9c7.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164737.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9ca.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164741.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9cc.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164753.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9d0.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164754.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9d2.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164760.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9d5.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164761.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9d8.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164786.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9dc.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164787.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9df.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164806.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9e2.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164807.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9e4.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164813.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9e7.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164814.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9e9.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164820.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9ec.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164821.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9ef.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164827.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9f2.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164828.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9f4.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164834.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9f7.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164840.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483ee9fa.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164841.exe [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [NOTE] The file was moved to '483ee9fc.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164849.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483ee9ff.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164851.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B [NOTE] The file was moved to '483eea02.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164859.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483eea04.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164860.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483eea06.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164862.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '483eea09.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164863.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '483eea25.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164910.scr [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483eea2a.qua'! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP368\A0164911.exe [DETECTION] Is the Trojan horse TR/Agent.684032.3 [NOTE] The file was moved to '483eea2d.qua'! Begin scan in 'E:\' End of the scan: mardi 22 avril 2008 15:53 Used time: 46:14 min The scan has been done completely. 4712 Scanning directories 182301 Files were scanned 73 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 73 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 182228 Files not concerned 6682 Archives were scanned 1 Warnings 73 Notes

dou-l · Answer

ok vide la quarantaine d'antivir et dit tes soucis actuel !

samich · Answer

ok tout les fichiers en quarantaine ont ete supprimé;

sinon, j'ai pas l'impression d'avoir d'autres soucis, mais c peut etre une mauvaise impression!!!!

dou-l · Answer

lesquels ?

samich · Answer

ce n'est qu'une impression!!!!

je laisse passer quelques temps et je te tiens au courant...

dou-l · Answer

ok mais dit si tu veux !!

a+ et bon surf j'espere

C'est la catastrophe!!!

57 réponses

Votre réponse

Discussions similaires

Newsletters