Pb Virus nombreux Résolu/Fermé

Question

Bonjour, a tous


J'ai mon cousin qui ma laissé son ordi 
j'ai antivir qui n'arrete pas de trouver des virus
Ces virus sont apparus a la suite du virus qui se balader sur msn photo.zip  que j'ai déjà réglé mis ceux là je n'y arrive pas 

TR/Zapchast.GB.5
TR/CRYPT.XPACK.GEN
TR/PrivacySet.A
TR/Agent.3648.1
PHISH/FraudTool.DrAntispy.BP


J'ai déà fait un rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:00, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32
tvdm.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [48c53323] rundll32.exe "C:\WINDOWS\system32	pixxjtn.dll",b
O4 - HKLM\..\Run: [BM4bf600bf] Rundll32.exe "C:\WINDOWS\system32
weiilgq.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.stylist4all.com/IE20020716/save/makeover.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE55A1F-0656-4D25-83DA-F68DB0125369}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

sasukedu91 · Answer

suis le guide http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam et poste ton rapport sa peut durer longtemps mais sa en vaut la peine oublie pas de mettre scan municieux

Utilisateur anonyme · Answer

bonjour

- Télécharge MalwareByte's Anti-Malware :
- Installe le programme puis lance le stp.
- Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme.
NB : Si tu as besoin : Tuto 

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Utilisateur anonyme · Answer

fais ca avec antivir:

reglages pour antivir :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level


aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok

puis fais un scan en mode normale et mode sans échec fais un scan et supprime tous se qu'il trouve

atchoum83440 · Answer

Voila le rapport de Antivir celui de Malwarebytes's arrive dans quelque second Avira AntiVir Personal Report file date: dimanche 18 mai 2008 16:48 Scanning for 1276115 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PINCHAULT Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 24/04/2008 19:40:46 AVSCAN.DLL : 8.1.1.0 53505 Bytes 24/04/2008 19:40:46 LUKE.DLL : 8.1.2.9 151809 Bytes 24/04/2008 19:40:46 LUKERES.DLL : 8.1.2.1 12033 Bytes 24/04/2008 19:40:46 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:25 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 15:17:11 ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 15:17:11 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 24/04/2008 19:40:53 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 15:18:22 AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 15:18:17 AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 17:31:15 AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 15:18:12 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 24/04/2008 19:40:53 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 15:18:00 AEHELP.DLL : 8.1.0.14 115063 Bytes 24/04/2008 19:40:53 AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 15:17:25 AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 17:09:28 AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 15:17:16 AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/04/2008 19:40:46 AVPREF.DLL : 8.0.0.1 25857 Bytes 24/04/2008 19:40:46 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 24/04/2008 19:40:46 AVARKT.DLL : 1.0.0.23 307457 Bytes 24/04/2008 19:40:46 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 24/04/2008 19:40:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 24/04/2008 19:40:46 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/04/2008 19:40:46 NETNT.DLL : 8.0.0.1 7937 Bytes 24/04/2008 19:40:46 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 24/04/2008 19:40:42 RCTEXT.DLL : 8.0.32.0 86273 Bytes 24/04/2008 19:40:42 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Start of the scan: dimanche 18 mai 2008 16:48 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned Scan process 'LogiTray.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned Scan process 'eRAgent.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '40' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\BOB FAMILY\gbo.MSNFix [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '489f42c3.qua'! C:\Documents and Settings\BOB FAMILY\Local Settings\Temporary Internet Files\Content.IE5\5MDDFSKO\yaypalassamosvala[1] [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '48a943f4.qua'! C:\Documents and Settings\BOB FAMILY\Local Settings\Temporary Internet Files\Content.IE5\W1WM4872\moorate[1] [DETECTION] Is the Trojan horse TR/Agent.3648.1 [NOTE] The file was moved to '489f4491.qua'! C:\Program Files\MalwareAlarm\pv.exe [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.DrAntispy.BP [NOTE] The file was moved to '485e47ff.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054666.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '486049aa.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054689.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '486049ab.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054691.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.gze Backdoor server programs [NOTE] The file was moved to '49cbd224.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP406\A0054699.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '486049ad.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054989.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '486049c2.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054990.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '49cbd24b.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054991.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '486049c4.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054992.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '486049c3.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054993.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '49cbd24c.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0054994.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '486049c5.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055000.dll [DETECTION] Is the Trojan horse TR/Agent.3648.1 [NOTE] The file was moved to '49cbd24d.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055001.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '486049c6.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055002.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '49cbd24f.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055003.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '49cbd24e.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055004.dll [DETECTION] Is the Trojan horse TR/Vundo.GH [NOTE] The file was moved to '486049c7.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055005.dll [DETECTION] Is the Trojan horse TR/Agent.3648.1 [NOTE] The file was moved to '486049d8.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055006.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '49cbd251.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055007.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '486049da.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055959.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '49cbd240.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP409\A0055960.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '486049c9.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058240.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.104448 [NOTE] The file was moved to '486049dd.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP411\A0059242.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.96256.1 [NOTE] The file was moved to '486049e2.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP415\A0059626.dll [DETECTION] Is the Trojan horse TR/Monder.106560 [NOTE] The file was moved to '486049f6.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP415\A0059647.dll [DETECTION] Is the Trojan horse TR/Monder.96832 [NOTE] The file was moved to '486049f7.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP417\A0059890.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48604a06.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP417\A0060866.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48604a07.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP418\A0060914.dll [DETECTION] Is the Trojan horse TR/Monder.DJ [NOTE] The file was moved to '48604a0d.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP419\A0060958.dll [DETECTION] Is the Trojan horse TR/Monder.DO [NOTE] The file was moved to '48604a14.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP420\A0061005.dll [DETECTION] Is the Trojan horse TR/Monder.EO [NOTE] The file was moved to '48604a1b.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP423\A0062098.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48604a2e.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP423\A0062141.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48604a31.qua'! C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP425\A0062272.exe [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.DrAntispy.BP [NOTE] The file was moved to '48604a3e.qua'! C:\WINDOWS\xpupdate.exe [DETECTION] Is the Trojan horse TR/Peed.A.280 [NOTE] The file was moved to '48a54a9d.qua'! C:\WINDOWS\system32\cibvxohs.exe [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '48924fdc.qua'! C:\WINDOWS\system32\hggdayvw.dll [DETECTION] Is the Trojan horse TR/Zapchast.GB.5 [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\hggdedee.dll [DETECTION] Is the Trojan horse TR/Vundo.GL.1 [NOTE] The file was moved to '48975048.qua'! C:\WINDOWS\system32\hicekmst.exe [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '4893504a.qua'! C:\WINDOWS\system32\ihjthgea.exe [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '489a504f.qua'! C:\WINDOWS\system32\jcbvojjc.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48925051.qua'! C:\WINDOWS\system32\kkwxblkk.exe [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '48a75062.qua'! C:\WINDOWS\system32\ljdlvddx.dll [DETECTION] Is the Trojan horse TR/Agent.3648.1 [NOTE] The file was moved to '48945067.qua'! C:\WINDOWS\system32\mroqhwlg.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489f5084.qua'! C:\WINDOWS\system32\mvwnksil.dll [DETECTION] Is the Trojan horse TR/Agent.3648.1 [NOTE] The file was moved to '48a75095.qua'! C:\WINDOWS\system32\mxydnimo.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.96320.1 [NOTE] The file was moved to '48a95097.qua'! C:\WINDOWS\system32 gggnfvi.dll [DETECTION] Is the Trojan horse TR/Monder.EO [NOTE] The file was moved to '4897508a.qua'! C:\WINDOWS\system32\shikspfi.exe [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '489950c9.qua'! C:\WINDOWS\system32\smeykwkf.exe [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '489550d0.qua'! Begin scan in 'D:\' End of the scan: dimanche 18 mai 2008 17:53 Used time: 1:05:50 min The scan has been done completely. 6173 Scanning directories 405182 Files were scanned 51 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 50 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 405131 Files not concerned 8423 Archives were scanned 7 Warnings 50 Notes

Utilisateur anonyme · Answer

ok

atchoum83440 · Answer

C'est fait mais il revienne en permanence

Utilisateur anonyme · Answer

oui tu supprime tous se qui est dans la quarantaine d'antivir!

atchoum83440 · Answer

fais aussi même en  si général je choisi direct de del

sasukedu91 · Answer

suis le guide http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam et poste ton rapport sa peut durer longtemps mais sa en vaut la peine oublie pas de mettre scan municieux

Utilisateur anonyme · Answer

alors le rapport de malwarebytes?

Utilisateur anonyme · Answer

autrement fais ca:

* Télécharger Combifix (by Subs) sur cette page :
    * http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Enregistrez le sur le bureau
    * Déconnectez vous d'internet et fermez toutes tes applications et programmes
    * Double-cliquez sur combo-fix.exe
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée sous la racine: C:\Combofix.txt 

Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
 Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
(vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)

vous me poster le rapport

atchoum83440 · Answer

Voila le rapport de Malwarebytes'



Malwarebytes' Anti-Malware 1.12
Version de la base de données: 762

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 128082
Temps écoulé: 24 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 37

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\hggdayvw.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447c8d02-7f35-42f7-8da5-c4d0a8c876b7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{447c8d02-7f35-42f7-8da5-c4d0a8c876b7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5e87b2e0-66d7-4256-a14f-10a21af45b2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e87b2e0-66d7-4256-a14f-10a21af45b2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5e87b2e0-66d7-4256-a14f-10a21af45b2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4bf600bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggdayvw -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggdayvw  -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOB FAMILY\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\djjowpdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32dpwojjd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hggdayvw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvyadggh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvyadggh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
fdgevyr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32yvegdfn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xhwynplu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulpnywhx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOB FAMILY\Local Settings\Temp\prfjtjfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOB FAMILY\Local Settings\Temporary Internet Files\Content.IE5\F2T6F01A\query[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058243.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058244.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP410\A0058245.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065353.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065386.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065395.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP426\A0065396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxrchprh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KCMDNIns.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
fqpolie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scbsicuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebyvts.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbxvusq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljjklki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtusrpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywuts.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



Je dois redemarrermon ordi et je re

Utilisateur anonyme · Answer

ok reposte moi un log hijackthis

Utilisateur anonyme · Answer

il les a supprimer !!

Quarantined and deleted successfully.

veut dire il les a mis en quarantaine et il les a supprimer avec succer!!

Utilisateur anonyme · Answer

pas grave

atchoum83440 · Answer

Voila le rapport de ComboFix ComboFix 08-05-15.3 - BOB FAMILY 2008-05-18 18:22:26.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.597 [GMT 2:00] Endroit: C:\Documents and Settings\BOB FAMILY\Bureau\killer.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\anilhkbd.ini C:\WINDOWS\system32\ckwkregg.dll C:\WINDOWS\system32\csxxgkpl.dll C:\WINDOWS\system32\esqiusgi.ini C:\WINDOWS\system32\ffqnqutq.dll C:\WINDOWS\system32\gnihmgfs.ini C:\WINDOWS\system32\hakbapet.dll C:\WINDOWS\system32\hggdayvw.dll C:\WINDOWS\system32\jkxnakak.ini C:\WINDOWS\system32\lfdeqcsf.dll C:\WINDOWS\system32\mjfvxkhn.dll C:\WINDOWS\system32 fbducjk.ini C:\WINDOWS\system32 jwgtmqx.dll C:\WINDOWS\system32 kuybyoc.dll C:\WINDOWS\system32 tjxxipt.ini C:\WINDOWS\system32\outeqddk.dll C:\WINDOWS\system32\pfbxdvyu.ini C:\WINDOWS\system32\prodpxtl.ini C:\WINDOWS\system32\qnnncmof.dll C:\WINDOWS\system32\qnpblatk.dll C:\WINDOWS\system32\qprkjpmr.ini C:\WINDOWS\system32 rqss.ini C:\WINDOWS\system32 rqss.ini2 C:\WINDOWS\system32\uxhmbpqc.ini C:\WINDOWS\system32\vvjyqidt.dll C:\WINDOWS\system32\vxkqbjae.dll C:\WINDOWS\system32\wexsossi.dll C:\WINDOWS\system32\wvyadggh.ini C:\WINDOWS\system32\wvyadggh.ini2 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))))))) . 2008-05-18 17:51 . 2008-05-18 17:52 3,240 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-05-18 17:45 . 2008-05-18 17:45 d-------- C:\WINDOWS\system32\fr 2008-05-18 17:45 . 2008-05-18 17:45 d-------- C:\WINDOWS\system32\bits 2008-05-18 17:45 . 2008-05-18 17:45 d-------- C:\WINDOWS\l2schemas 2008-05-18 17:42 . 2008-05-18 17:46 d-------- C:\WINDOWS\ServicePackFiles 2008-05-18 17:25 . 2008-05-18 17:25 d-------- C:\Documents and Settings\BOB FAMILY\Application Data\Malwarebytes 2008-05-18 17:24 . 2008-05-18 17:24 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-18 17:24 . 2008-05-18 17:24 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-18 17:24 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-18 17:24 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-18 17:04 . 2008-05-18 17:04 d-------- C:\Program Files\Trend Micro 2008-05-18 16:51 . 2008-05-18 16:51 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-05-18 16:50 . 2008-05-18 16:50 d-------- C:\Program Files\Hercules 2008-05-18 16:50 . 2006-03-09 11:33 366,080 --a------ C:\WINDOWS\system32\drivers t61.sys 2008-05-18 16:50 . 2006-03-09 11:33 365,440 --a------ C:\WINDOWS\system32\drivers\RT619x.sys 2008-05-18 16:50 . 2006-01-12 19:47 255,616 --a------ C:\WINDOWS\system32\drivers t73u98.sys 2008-05-18 16:50 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers t73.sys 2008-05-18 16:50 . 2005-10-17 19:50 247,808 --a------ C:\WINDOWS\system32\drivers t25u98.sys 2008-05-18 16:50 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers t2500usb.sys 2008-05-18 16:50 . 2005-10-20 15:00 244,608 --a------ C:\WINDOWS\system32\drivers t25009x.sys 2008-05-18 16:50 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\drivers t2500.sys 2008-05-18 16:49 . 2008-05-18 16:49 d-------- C:\Documents and Settings\BOB FAMILY\Application Data\InstallShield 2008-05-06 19:46 . 2008-04-14 04:33 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-05-06 19:45 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-05-01 19:11 . 2008-05-01 19:11 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-04-27 19:32 . 2008-04-27 19:32 0 --a------ C:\WINDOWS\BM4bf600bf.xml . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-14 14:05 --------- d-----w C:\Program Files\Avira 2008-04-14 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-04-14 14:00 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-04-14 13:41 --------- d-----w C:\Program Files\PowerArchiver 2008-04-14 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ConeXware 2008-04-14 02:34 70,656 ----a-w C:\WINDOWS otepad.exe 2008-04-14 02:34 40,840 ----a-w C:\WINDOWS\system32\drivers ermdd.sys 2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 02:34 21,896 ----a-w C:\WINDOWS\system32\drivers dtcp.sys 2008-04-14 02:34 153,088 ----a-w C:\WINDOWS egedit.exe 2008-04-14 02:34 139,656 ----a-w C:\WINDOWS\system32\drivers dpwd.sys 2008-04-14 02:34 12,040 ----a-w C:\WINDOWS\system32\drivers dpipe.sys 2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe 2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers edbook.sys 2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers dbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers etbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers diswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers dis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers asl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers aspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers tfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers di.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers aspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers dproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers distapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers wlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers etbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers ndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers ndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers unmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers mcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers disuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers mnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers ic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys 2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys 2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys 2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys 2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys 2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-11-15 22:02 190024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 20:52 68856] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 00:19 7626752] "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7 tiMUI.exe" [2005-05-11 17:15 45056] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 22:00 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 22:00 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 22:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 00:19 86016] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 06:30 188416] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-11-15 22:02 190024] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-24 21:40 262401] "48c53323"="C:\WINDOWS\system32 pixxjtn.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\awtsqrp] awtsqrp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\byxuuuuv] byxuuuuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\iifgfeb] iifgfeb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "msacm.imc"= imc32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_SZ msv1_0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48c53323] C:\WINDOWS\system32\igsuiqse.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 04:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM4bf600bf] C:\WINDOWS\system32\pxydeilr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg wiz] --a------ 2006-07-12 00:19 1519616 C:\WINDOWS\system32 wiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-06-01 02:48 16208384 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7561:TCP"= 7561:TCP:emule tcp "7571:UDP"= 7571:UDP:emule udp R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34] R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46] S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [] S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - EHRECVR *Newly Created Service* - EHSCHED . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-16 15:18:07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 18:27:49 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\WINDOWS\system32\spupdwxp.log 90 bytes Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32 undll32.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-18 18:33:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-18 16:33:01 Pre-Run: 102,861,774,848 octets libres Post-Run: 102,836,424,704 octets libres 317 --- E O F --- 2008-05-16 17:05:56 Je relance antivir

Utilisateur anonyme · Answer

oui tu relance antivir

d'après combofix il  a supprimer beaucoup de chose!!
tu peut me remettre un log hijackthis stp

Utilisateur anonyme · Answer

coche la case :

O4 - HKLM\..\Run: [48c53323] rundll32.exe "C:\WINDOWS\system32	pixxjtn.dll",b
	


et clic sur fixcheked

atchoum83440 · Answer

et voici le dernier rapport de Malwarebyte's


Malwarebytes' Anti-Malware 1.12
Version de la base de données: 767

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 122857
Temps écoulé: 54 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Utilisateur anonyme · Answer

tous est clean

Pb Virus nombreux

20 réponses

Discussions similaires