A voir également:
- Virus msn
- Telecharger msn - Télécharger - Messagerie
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Msn actu - Télécharger - Médias et Actualité
- Faux message virus ordinateur - Accueil - Arnaque
10 réponses
Utilisateur anonyme
15 mai 2008 à 19:56
15 mai 2008 à 19:56
salut
pour ton prob telecharge antivir mes le a jour puis fait un scan en mode normale et sans echec puis en mode normale et supprime tous se qu'il trouve
reglages pour antivir :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
pour ton prob telecharge antivir mes le a jour puis fait un scan en mode normale et sans echec puis en mode normale et supprime tous se qu'il trouve
reglages pour antivir :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
LilK972
Messages postés
79
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
4 décembre 2008
11
15 mai 2008 à 17:10
15 mai 2008 à 17:10
Une ptite précision ne serait pas du luxe, il fait quoi ton virus ?
Je précise que j'ai pas d'anti virus parceque je vennais de formatter mon ordinateur...et oui pas de chance.
Merci d'avance.
july
Merci d'avance.
july
LilK972
Messages postés
79
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
4 décembre 2008
11
15 mai 2008 à 17:12
15 mai 2008 à 17:12
d'accord mais ton virus il fait quoi ? il te change ton pseudo, envois des liens à tes contacts ? il fait quoi ?
july
>
LilK972
Messages postés
79
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
4 décembre 2008
15 mai 2008 à 19:53
15 mai 2008 à 19:53
B1 ouai il envoi des lien a mes contacts et si ils l'ouvre il attrape le virus...enfete c le truc ou il y a marqué :"c qoi cet tof de toi sur ce site"...
Utilisateur anonyme
15 mai 2008 à 20:04
15 mai 2008 à 20:04
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
15 mai 2008 à 20:39
15 mai 2008 à 20:39
c'est pas grave laisse tomber l'etape la mais fait la suite:
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Utilisateur anonyme
17 mai 2008 à 09:50
17 mai 2008 à 09:50
delete et ok
fais vite un scan avec antivir!!
aide antivir:
https://www.malekal.com/avira-free-security-antivirus-gratuit/
fais vite un scan avec antivir!!
aide antivir:
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Utilisateur anonyme
18 mai 2008 à 12:41
18 mai 2008 à 12:41
oui le fichier qui est infecter
Voila le rapport:
Est-ce-que c'est bon??
Avira AntiVir Personal
Report file date: samedi 17 mai 2008 09:00
Scanning for 1276115 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MAISON-CC391841
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 01:08:39
ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 01:08:40
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 01:09:52
AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 01:09:47
AERDL.DLL : 8.1.0.20 418165 Bytes 17/05/2008 01:09:45
AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 01:09:35
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 17/05/2008 01:09:25
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 01:09:21
AEHELP.DLL : 8.1.0.14 115063 Bytes 17/05/2008 01:08:58
AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 01:08:56
AEEMU.DLL : 8.1.0.6 430451 Bytes 17/05/2008 01:08:48
AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 01:08:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 17 mai 2008 09:00
Starting search for hidden objects.
'38032' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'YzToolBar.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'ѕvchost.exe' - '1' Module(s) have been scanned
Scan process 'JavaCore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\bureau\Local Settings\Temporary Internet Files\Content.IE5\EKA8T4X3\SW2007SDK[2].exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004183.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004185.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004186.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004193.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0005193.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0005194.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0005203.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0005210.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0006216.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0006217.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP26\A0006293.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP26\A0006294.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP26\A0006302.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP27\A0006326.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP29\A0006477.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP29\A0006478.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP29\A0006485.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006550.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006551.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006552.exe
[DETECTION] Is the Trojan horse TR/Proxy.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006553.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ndt
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006554.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006558.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006559.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006560.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006561.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006562.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006563.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006564.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006565.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006566.exe
[DETECTION] Is the Trojan horse TR/BHO.blh.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006567.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006568.exe
[DETECTION] Is the Trojan horse TR/Agent.CZF
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006569.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006570.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006571.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006572.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006573.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\' <Archivage>
Begin scan in 'E:\' <Bureau>
E:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006574.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
E:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006575.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.96
[NOTE] The file was deleted!
E:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006576.exe
[DETECTION] Contains detection pattern of the dropper DR/Gator.3202.12
[NOTE] The file was deleted!
Begin scan in 'F:\'
Begin scan in 'G:\'
End of the scan: samedi 17 mai 2008 09:47
Used time: 47:14 min
The scan has been done completely.
5429 Scanning directories
236276 Files were scanned
42 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
41 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
236234 Files not concerned
1400 Archives were scanned
3 Warnings
41 Notes
38032 Objects were scanned with rootkit scan
0 Hidden objects were found
Est-ce-que c'est bon??
Avira AntiVir Personal
Report file date: samedi 17 mai 2008 09:00
Scanning for 1276115 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MAISON-CC391841
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 01:08:39
ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 01:08:40
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 01:09:52
AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 01:09:47
AERDL.DLL : 8.1.0.20 418165 Bytes 17/05/2008 01:09:45
AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 01:09:35
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 17/05/2008 01:09:25
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 01:09:21
AEHELP.DLL : 8.1.0.14 115063 Bytes 17/05/2008 01:08:58
AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 01:08:56
AEEMU.DLL : 8.1.0.6 430451 Bytes 17/05/2008 01:08:48
AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 01:08:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 17 mai 2008 09:00
Starting search for hidden objects.
'38032' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'YzToolBar.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'ѕvchost.exe' - '1' Module(s) have been scanned
Scan process 'JavaCore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\bureau\Local Settings\Temporary Internet Files\Content.IE5\EKA8T4X3\SW2007SDK[2].exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004183.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004185.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004186.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0004193.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0005193.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP23\A0005194.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0005203.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0005210.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0006216.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP24\A0006217.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP26\A0006293.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP26\A0006294.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP26\A0006302.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP27\A0006326.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP29\A0006477.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP29\A0006478.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP29\A0006485.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006550.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006551.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006552.exe
[DETECTION] Is the Trojan horse TR/Proxy.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006553.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ndt
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006554.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006558.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006559.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006560.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006561.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006562.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006563.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006564.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006565.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006566.exe
[DETECTION] Is the Trojan horse TR/BHO.blh.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006567.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006568.exe
[DETECTION] Is the Trojan horse TR/Agent.CZF
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006569.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006570.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006571.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006572.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006573.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\' <Archivage>
Begin scan in 'E:\' <Bureau>
E:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006574.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
E:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006575.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.96
[NOTE] The file was deleted!
E:\System Volume Information\_restore{748AAFB5-BBDB-4E50-91CF-A346582E7087}\RP31\A0006576.exe
[DETECTION] Contains detection pattern of the dropper DR/Gator.3202.12
[NOTE] The file was deleted!
Begin scan in 'F:\'
Begin scan in 'G:\'
End of the scan: samedi 17 mai 2008 09:47
Used time: 47:14 min
The scan has been done completely.
5429 Scanning directories
236276 Files were scanned
42 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
41 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
236234 Files not concerned
1400 Archives were scanned
3 Warnings
41 Notes
38032 Objects were scanned with rootkit scan
0 Hidden objects were found
Utilisateur anonyme
18 mai 2008 à 19:46
18 mai 2008 à 19:46
non pas encore maintenant tu fais ca :
* Télécharger Combifix (by Subs) sur cette page :
* http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Enregistrez le sur le bureau
* Déconnectez vous d'internet et fermez toutes tes applications et programmes
* Double-cliquez sur combo-fix.exe
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée sous la racine: C:\Combofix.txt
Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
(vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)
vous me poster le rapport
* Télécharger Combifix (by Subs) sur cette page :
* http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Enregistrez le sur le bureau
* Déconnectez vous d'internet et fermez toutes tes applications et programmes
* Double-cliquez sur combo-fix.exe
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée sous la racine: C:\Combofix.txt
Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
(vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)
vous me poster le rapport
ComboFix 08-05-15.3 - jeux 2008-05-17 10:46:01.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.214 [GMT 2:00]
Endroit: E:\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\bureau\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\bureau\real.txt
C:\Documents and Settings\jeux\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\jeux\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\jeux\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\jeux\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\jeux\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\jeux\real.txt
C:\Program Files\CPV
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\WINDOWS\b149.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~1\?vchost.exe
C:\WINDOWS\system32\hbgrti.dll
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\s?stem32\
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-16 06:41 . 2008-05-16 06:41 244 --ah----- C:\sqmnoopt09.sqm
2008-05-16 06:41 . 2008-05-16 06:41 232 --ah----- C:\sqmdata09.sqm
2008-05-16 01:40 . 2008-05-16 01:40 268 --ah----- C:\sqmdata08.sqm
2008-05-16 01:40 . 2008-05-16 01:40 244 --ah----- C:\sqmnoopt08.sqm
2008-05-16 01:00 . 2008-05-16 01:00 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-05-15 14:23 . 2008-05-15 14:23 <REP> d-------- C:\Program Files\Avira
2008-05-15 14:23 . 2008-05-17 03:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-13 22:22 . 2008-05-13 22:22 244 --ah----- C:\sqmnoopt07.sqm
2008-05-13 22:22 . 2008-05-13 22:22 232 --ah----- C:\sqmdata07.sqm
2008-05-13 11:55 . 2008-05-13 11:55 244 --ah----- C:\sqmnoopt06.sqm
2008-05-13 11:55 . 2008-05-13 11:55 232 --ah----- C:\sqmdata06.sqm
2008-05-12 22:29 . 2008-05-12 22:29 268 --ah----- C:\sqmdata04.sqm
2008-05-12 22:29 . 2008-05-12 22:29 244 --ah----- C:\sqmnoopt05.sqm
2008-05-12 22:29 . 2008-05-12 22:29 244 --ah----- C:\sqmnoopt04.sqm
2008-05-12 22:29 . 2008-05-12 22:29 232 --ah----- C:\sqmdata05.sqm
2008-05-12 20:36 . 2008-05-12 20:36 <REP> d---s---- C:\Documents and Settings\bureau\UserData
2008-05-12 13:03 . 2008-05-12 13:03 244 --ah----- C:\sqmnoopt03.sqm
2008-05-12 13:03 . 2008-05-12 13:03 232 --ah----- C:\sqmdata03.sqm
2008-05-11 23:08 . 2008-05-11 23:08 244 --ah----- C:\sqmnoopt02.sqm
2008-05-11 23:08 . 2008-05-11 23:08 232 --ah----- C:\sqmdata02.sqm
2008-05-11 20:11 . 2008-05-14 13:46 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-05-11 20:11 . 2008-05-11 20:11 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-05-11 19:40 . 2008-05-11 19:40 <REP> d-------- C:\Program Files\Spcron
2008-05-10 22:14 . 2008-05-10 22:14 244 --ah----- C:\sqmnoopt01.sqm
2008-05-10 22:14 . 2008-05-10 22:14 232 --ah----- C:\sqmdata01.sqm
2008-05-09 14:31 . 2008-05-09 14:31 244 --ah----- C:\sqmnoopt00.sqm
2008-05-09 14:31 . 2008-05-09 14:31 232 --ah----- C:\sqmdata00.sqm
2008-05-07 07:52 . 2008-05-07 07:53 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-28 14:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-28 14:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-28 14:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-27 18:45 . 2008-04-28 06:31 <REP> d-------- C:\Documents and Settings\jeux\Contacts
2008-04-27 17:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-27 17:53 . 2008-04-27 17:53 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-27 17:42 . 2008-04-27 17:42 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-27 17:20 . 2008-04-27 17:30 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-27 17:19 . 2008-04-28 15:39 <REP> d-------- C:\Program Files\Windows Live
2008-04-27 17:19 . 2008-04-27 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-25 22:50 . 2008-04-25 22:51 2,184 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-25 20:36 . 2008-04-25 22:51 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-25 20:36 . 2008-04-25 22:51 43,052 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-25 20:35 . 2008-04-25 22:50 <REP> d-------- C:\WINDOWS\BricoPacks
2008-04-24 14:06 . 2008-04-24 14:06 <REP> d---s---- C:\Documents and Settings\jeux\UserData
2008-04-24 00:03 . 2008-05-14 13:42 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-24 00:03 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-23 22:25 . 2008-04-25 10:12 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-23 22:22 . 2008-04-23 22:24 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-23 22:14 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\bureau\Voisinage réseau
2008-04-23 22:14 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\bureau\Voisinage d'impression
2008-04-23 22:14 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\bureau\Modèles
2008-04-23 22:14 . 2008-05-09 14:27 <REP> dr------- C:\Documents and Settings\bureau\Mes documents
2008-04-23 22:14 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\bureau\Menu Démarrer
2008-04-23 22:14 . 2008-05-12 20:36 <REP> dr------- C:\Documents and Settings\bureau\Favoris
2008-04-23 22:14 . 2008-04-23 22:15 <REP> d-------- C:\Documents and Settings\bureau\Bureau
2008-04-23 22:14 . 2008-05-17 10:47 <REP> d-------- C:\Documents and Settings\bureau
2008-04-23 22:14 . 2008-05-17 10:48 1,024 --ah----- C:\Documents and Settings\bureau\ntuser.dat.LOG
2008-04-23 21:47 . 2008-04-23 21:47 <REP> d---s---- C:\Documents and Settings\asy\UserData
2008-04-23 21:41 . 2002-12-05 06:01 820,864 -ra------ C:\WINDOWS\system32\drivers\nvmcp.sys
2008-04-23 21:41 . 2002-12-05 06:01 241,664 -ra------ C:\WINDOWS\system32\drivers\nvapu.sys
2008-04-23 21:41 . 2002-12-05 06:01 62,336 -ra------ C:\WINDOWS\system32\drivers\nvarm.sys
2008-04-23 21:41 . 2002-12-05 06:01 44,032 -ra------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-23 21:41 . 2002-12-05 06:01 44,032 -ra------ C:\WINDOWS\system32\nvopenal.dll
2008-04-23 21:41 . 2002-12-05 06:01 30,720 -ra------ C:\WINDOWS\system32\nvasio.dll
2008-04-23 21:41 . 2002-12-05 06:01 13,056 -ra------ C:\WINDOWS\system32\drivers\nvax.sys
2008-04-23 21:41 . 2002-12-05 06:01 5,120 -ra------ C:\WINDOWS\system32\ALut.dll
2008-04-23 21:41 . 2002-12-05 06:01 4,096 -ra------ C:\WINDOWS\system32\nvack.dll
2008-04-23 21:39 . 2002-09-23 04:37 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-04-23 21:39 . 2002-09-23 04:37 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-04-23 21:39 . 2002-09-23 04:37 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-04-23 21:39 . 2002-09-23 04:37 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-04-23 11:47 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-23 11:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-23 11:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-23 11:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-23 11:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-23 11:32 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\jeux\Voisinage réseau
2008-04-23 11:32 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\jeux\Voisinage d'impression
2008-04-23 11:32 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\jeux\Modèles
2008-04-23 11:32 . 2008-05-14 21:16 <REP> dr------- C:\Documents and Settings\jeux\Mes documents
2008-04-23 11:32 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\jeux\Menu Démarrer
2008-04-23 11:32 . 2008-05-14 17:11 <REP> dr------- C:\Documents and Settings\jeux\Favoris
2008-04-23 11:32 . 2008-05-17 06:11 <REP> d-------- C:\Documents and Settings\jeux\Bureau
2008-04-23 11:32 . 2008-05-17 10:47 <REP> d-------- C:\Documents and Settings\jeux
2008-04-23 11:32 . 2008-05-17 10:47 520,192 --ah----- C:\Documents and Settings\jeux\ntuser.dat.LOG
2008-04-23 09:10 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\asy\Voisinage réseau
2008-04-23 09:10 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\asy\Voisinage d'impression
2008-04-23 09:10 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\asy\Modèles
2008-04-23 09:10 . 2008-04-23 09:10 <REP> dr------- C:\Documents and Settings\asy\Mes documents
2008-04-23 09:10 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\asy\Menu Démarrer
2008-04-23 09:10 . 2008-04-23 21:48 <REP> dr------- C:\Documents and Settings\asy\Favoris
2008-04-23 09:10 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\asy\Bureau
2008-04-23 09:10 . 2008-04-23 21:47 <REP> d-------- C:\Documents and Settings\asy
2008-04-23 09:10 . 2008-05-17 10:45 1,024 --ah----- C:\Documents and Settings\asy\ntuser.dat.LOG
2008-04-22 14:10 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-22 14:08 . 2004-08-19 18:09 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-04-22 14:06 . 2008-05-14 17:15 <REP> d--hs---- C:\WINDOWS\Installer
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-04-22 14:06 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-04-22 14:06 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-04-22 14:06 . 2008-04-23 22:24 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-04-22 14:06 . 2008-04-23 08:50 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-04-22 14:06 . 2008-05-09 14:33 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-04-22 14:05 . 2008-05-17 09:06 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-04-22 14:05 . 2008-04-22 14:05 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-04-22 14:05 . 2004-08-19 20:07 1,013,912 -ra------ C:\WINDOWS\SET3.tmp
2008-04-22 14:04 . 2008-04-23 08:53 <REP> d--h----- C:\Documents and Settings\Default User
2008-04-22 14:04 . 2008-04-23 08:52 <REP> d-------- C:\Documents and Settings\All Users
2008-04-22 14:04 . 2008-04-23 22:14 <REP> d-------- C:\Documents and Settings
2008-04-22 14:03 . 2008-04-23 08:56 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 18:36 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-23 06:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-23 06:51 --------- d-----w C:\Program Files\Services en ligne
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 01:07 217,088 ----a-w C:\Program Files\pyroxyju821058.dll
.
------- Sigcheck -------
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2004-08-19 18:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 11:02 812032 a0e92e45767aec2c42ea7fb13b05a04c C:\WINDOWS\system32\wininet.dll
2008-02-16 11:02 812032 a0e92e45767aec2c42ea7fb13b05a04c C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 2119168 f2baf212ff37c741cb1269f4574f8ed3 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 2119168 f2baf212ff37c741cb1269f4574f8ed3 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1682181D-C022-4D8B-B712-ADE817015D96}]
2008-02-08 03:07 217088 --a------ C:\Program Files\.\pyroxyju821058.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36136DF6-D1AB-40A4-8E8D-2E1BBF82A898}]
C:\Program Files\Online Services\lavukacy870.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Aulo"="C:\WINDOWS\system32\SSTEM3~1\scanregw.exe" [ ]
"Ygtcr"="C:\WINDOWS\system32\F?nts\?vchost.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\jeux\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - F:\Quentin\Longhorn Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 15:56:00 1826885]
Y'z Toolbar.lnk - F:\Quentin\Longhorn Inspirat\YzToolBar\YzToolBar.exe [2002-09-29 15:41:00 90112]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\Program Files\Online Services\profsyxyvi.html
FriendlyName=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 10:47:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 10:48:27
ComboFix-quarantined-files.txt 2008-05-17 08:48:25
Pre-Run: 15,408,631,808 octets libres
Post-Run: 16,585,654,272 octets libres
230 --- E O F --- 2008-05-16 01:01:19
Alors qu'est ce que je dois faire??
merci
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.214 [GMT 2:00]
Endroit: E:\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\bureau\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\bureau\real.txt
C:\Documents and Settings\jeux\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\jeux\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\jeux\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\jeux\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\jeux\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\jeux\real.txt
C:\Program Files\CPV
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\WINDOWS\b149.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~1\?vchost.exe
C:\WINDOWS\system32\hbgrti.dll
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\s?stem32\
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
.
2008-05-16 06:41 . 2008-05-16 06:41 244 --ah----- C:\sqmnoopt09.sqm
2008-05-16 06:41 . 2008-05-16 06:41 232 --ah----- C:\sqmdata09.sqm
2008-05-16 01:40 . 2008-05-16 01:40 268 --ah----- C:\sqmdata08.sqm
2008-05-16 01:40 . 2008-05-16 01:40 244 --ah----- C:\sqmnoopt08.sqm
2008-05-16 01:00 . 2008-05-16 01:00 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-05-15 14:23 . 2008-05-15 14:23 <REP> d-------- C:\Program Files\Avira
2008-05-15 14:23 . 2008-05-17 03:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-13 22:22 . 2008-05-13 22:22 244 --ah----- C:\sqmnoopt07.sqm
2008-05-13 22:22 . 2008-05-13 22:22 232 --ah----- C:\sqmdata07.sqm
2008-05-13 11:55 . 2008-05-13 11:55 244 --ah----- C:\sqmnoopt06.sqm
2008-05-13 11:55 . 2008-05-13 11:55 232 --ah----- C:\sqmdata06.sqm
2008-05-12 22:29 . 2008-05-12 22:29 268 --ah----- C:\sqmdata04.sqm
2008-05-12 22:29 . 2008-05-12 22:29 244 --ah----- C:\sqmnoopt05.sqm
2008-05-12 22:29 . 2008-05-12 22:29 244 --ah----- C:\sqmnoopt04.sqm
2008-05-12 22:29 . 2008-05-12 22:29 232 --ah----- C:\sqmdata05.sqm
2008-05-12 20:36 . 2008-05-12 20:36 <REP> d---s---- C:\Documents and Settings\bureau\UserData
2008-05-12 13:03 . 2008-05-12 13:03 244 --ah----- C:\sqmnoopt03.sqm
2008-05-12 13:03 . 2008-05-12 13:03 232 --ah----- C:\sqmdata03.sqm
2008-05-11 23:08 . 2008-05-11 23:08 244 --ah----- C:\sqmnoopt02.sqm
2008-05-11 23:08 . 2008-05-11 23:08 232 --ah----- C:\sqmdata02.sqm
2008-05-11 20:11 . 2008-05-14 13:46 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-05-11 20:11 . 2008-05-11 20:11 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-05-11 19:40 . 2008-05-11 19:40 <REP> d-------- C:\Program Files\Spcron
2008-05-10 22:14 . 2008-05-10 22:14 244 --ah----- C:\sqmnoopt01.sqm
2008-05-10 22:14 . 2008-05-10 22:14 232 --ah----- C:\sqmdata01.sqm
2008-05-09 14:31 . 2008-05-09 14:31 244 --ah----- C:\sqmnoopt00.sqm
2008-05-09 14:31 . 2008-05-09 14:31 232 --ah----- C:\sqmdata00.sqm
2008-05-07 07:52 . 2008-05-07 07:53 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-28 14:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-28 14:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-28 14:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-27 18:45 . 2008-04-28 06:31 <REP> d-------- C:\Documents and Settings\jeux\Contacts
2008-04-27 17:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-27 17:53 . 2008-04-27 17:53 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-27 17:42 . 2008-04-27 17:42 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-27 17:20 . 2008-04-27 17:30 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-27 17:19 . 2008-04-28 15:39 <REP> d-------- C:\Program Files\Windows Live
2008-04-27 17:19 . 2008-04-27 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-25 22:50 . 2008-04-25 22:51 2,184 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-25 20:36 . 2008-04-25 22:51 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-25 20:36 . 2008-04-25 22:51 43,052 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-25 20:35 . 2008-04-25 22:50 <REP> d-------- C:\WINDOWS\BricoPacks
2008-04-24 14:06 . 2008-04-24 14:06 <REP> d---s---- C:\Documents and Settings\jeux\UserData
2008-04-24 00:03 . 2008-05-14 13:42 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-24 00:03 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-23 22:25 . 2008-04-25 10:12 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-23 22:22 . 2008-04-23 22:24 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-23 22:14 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\bureau\Voisinage réseau
2008-04-23 22:14 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\bureau\Voisinage d'impression
2008-04-23 22:14 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\bureau\Modèles
2008-04-23 22:14 . 2008-05-09 14:27 <REP> dr------- C:\Documents and Settings\bureau\Mes documents
2008-04-23 22:14 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\bureau\Menu Démarrer
2008-04-23 22:14 . 2008-05-12 20:36 <REP> dr------- C:\Documents and Settings\bureau\Favoris
2008-04-23 22:14 . 2008-04-23 22:15 <REP> d-------- C:\Documents and Settings\bureau\Bureau
2008-04-23 22:14 . 2008-05-17 10:47 <REP> d-------- C:\Documents and Settings\bureau
2008-04-23 22:14 . 2008-05-17 10:48 1,024 --ah----- C:\Documents and Settings\bureau\ntuser.dat.LOG
2008-04-23 21:47 . 2008-04-23 21:47 <REP> d---s---- C:\Documents and Settings\asy\UserData
2008-04-23 21:41 . 2002-12-05 06:01 820,864 -ra------ C:\WINDOWS\system32\drivers\nvmcp.sys
2008-04-23 21:41 . 2002-12-05 06:01 241,664 -ra------ C:\WINDOWS\system32\drivers\nvapu.sys
2008-04-23 21:41 . 2002-12-05 06:01 62,336 -ra------ C:\WINDOWS\system32\drivers\nvarm.sys
2008-04-23 21:41 . 2002-12-05 06:01 44,032 -ra------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-23 21:41 . 2002-12-05 06:01 44,032 -ra------ C:\WINDOWS\system32\nvopenal.dll
2008-04-23 21:41 . 2002-12-05 06:01 30,720 -ra------ C:\WINDOWS\system32\nvasio.dll
2008-04-23 21:41 . 2002-12-05 06:01 13,056 -ra------ C:\WINDOWS\system32\drivers\nvax.sys
2008-04-23 21:41 . 2002-12-05 06:01 5,120 -ra------ C:\WINDOWS\system32\ALut.dll
2008-04-23 21:41 . 2002-12-05 06:01 4,096 -ra------ C:\WINDOWS\system32\nvack.dll
2008-04-23 21:39 . 2002-09-23 04:37 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2008-04-23 21:39 . 2002-09-23 04:37 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2008-04-23 21:39 . 2002-09-23 04:37 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2008-04-23 21:39 . 2002-09-23 04:37 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat
2008-04-23 11:47 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-23 11:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-23 11:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-23 11:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-23 11:46 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-23 11:32 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\jeux\Voisinage réseau
2008-04-23 11:32 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\jeux\Voisinage d'impression
2008-04-23 11:32 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\jeux\Modèles
2008-04-23 11:32 . 2008-05-14 21:16 <REP> dr------- C:\Documents and Settings\jeux\Mes documents
2008-04-23 11:32 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\jeux\Menu Démarrer
2008-04-23 11:32 . 2008-05-14 17:11 <REP> dr------- C:\Documents and Settings\jeux\Favoris
2008-04-23 11:32 . 2008-05-17 06:11 <REP> d-------- C:\Documents and Settings\jeux\Bureau
2008-04-23 11:32 . 2008-05-17 10:47 <REP> d-------- C:\Documents and Settings\jeux
2008-04-23 11:32 . 2008-05-17 10:47 520,192 --ah----- C:\Documents and Settings\jeux\ntuser.dat.LOG
2008-04-23 09:10 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\asy\Voisinage réseau
2008-04-23 09:10 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\asy\Voisinage d'impression
2008-04-23 09:10 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\asy\Modèles
2008-04-23 09:10 . 2008-04-23 09:10 <REP> dr------- C:\Documents and Settings\asy\Mes documents
2008-04-23 09:10 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\asy\Menu Démarrer
2008-04-23 09:10 . 2008-04-23 21:48 <REP> dr------- C:\Documents and Settings\asy\Favoris
2008-04-23 09:10 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\asy\Bureau
2008-04-23 09:10 . 2008-04-23 21:47 <REP> d-------- C:\Documents and Settings\asy
2008-04-23 09:10 . 2008-05-17 10:45 1,024 --ah----- C:\Documents and Settings\asy\ntuser.dat.LOG
2008-04-22 14:10 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-22 14:08 . 2004-08-19 18:09 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-04-22 14:06 . 2008-05-14 17:15 <REP> d--hs---- C:\WINDOWS\Installer
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-04-22 14:06 . 2008-04-23 08:48 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-04-22 14:06 . 2008-04-22 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-04-22 14:06 . 2008-04-23 22:24 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-04-22 14:06 . 2008-04-22 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-04-22 14:06 . 2008-04-23 08:50 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-04-22 14:06 . 2008-05-09 14:33 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-04-22 14:05 . 2008-05-17 09:06 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-04-22 14:05 . 2008-04-22 14:05 <REP> d-------- C:\WINDOWS\system32\CatRoot
2008-04-22 14:05 . 2004-08-19 20:07 1,013,912 -ra------ C:\WINDOWS\SET3.tmp
2008-04-22 14:04 . 2008-04-23 08:53 <REP> d--h----- C:\Documents and Settings\Default User
2008-04-22 14:04 . 2008-04-23 08:52 <REP> d-------- C:\Documents and Settings\All Users
2008-04-22 14:04 . 2008-04-23 22:14 <REP> d-------- C:\Documents and Settings
2008-04-22 14:03 . 2008-04-23 08:56 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 18:36 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-23 06:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-23 06:51 --------- d-----w C:\Program Files\Services en ligne
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 01:07 217,088 ----a-w C:\Program Files\pyroxyju821058.dll
.
------- Sigcheck -------
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2004-08-19 18:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 11:02 812032 a0e92e45767aec2c42ea7fb13b05a04c C:\WINDOWS\system32\wininet.dll
2008-02-16 11:02 812032 a0e92e45767aec2c42ea7fb13b05a04c C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 2119168 f2baf212ff37c741cb1269f4574f8ed3 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 2119168 f2baf212ff37c741cb1269f4574f8ed3 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1682181D-C022-4D8B-B712-ADE817015D96}]
2008-02-08 03:07 217088 --a------ C:\Program Files\.\pyroxyju821058.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36136DF6-D1AB-40A4-8E8D-2E1BBF82A898}]
C:\Program Files\Online Services\lavukacy870.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Aulo"="C:\WINDOWS\system32\SSTEM3~1\scanregw.exe" [ ]
"Ygtcr"="C:\WINDOWS\system32\F?nts\?vchost.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\jeux\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - F:\Quentin\Longhorn Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 15:56:00 1826885]
Y'z Toolbar.lnk - F:\Quentin\Longhorn Inspirat\YzToolBar\YzToolBar.exe [2002-09-29 15:41:00 90112]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\Program Files\Online Services\profsyxyvi.html
FriendlyName=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
*Newly Created Service* - APPMGMT
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 10:47:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-17 10:48:27
ComboFix-quarantined-files.txt 2008-05-17 08:48:25
Pre-Run: 15,408,631,808 octets libres
Post-Run: 16,585,654,272 octets libres
230 --- E O F --- 2008-05-16 01:01:19
Alors qu'est ce que je dois faire??
merci
Utilisateur anonyme
18 mai 2008 à 20:50
18 mai 2008 à 20:50
ok
télécharge hijackthis fais un scan et colle moi le log ici
télécharge hijackthis fais un scan et colle moi le log ici
Utilisateur anonyme
18 mai 2008 à 20:58
18 mai 2008 à 20:58
de voir si tu a encore quelque chose !! avec combofix t'en avais encore il te les a supprimer maintenant on regarde s'il t'en reste
15 mai 2008 à 20:03