[DETECTION]TR/SPY.KeyLogger.aui Trojan
Becks
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je suis infecté par un trojan keylogger mais le problème c'est qu'il se trouve sur un fichier système. Mon antivirus ANtivir le détecte et je le mets en quarantaine, si j'ai le malheur d'étaindre mon pc en le rallumant je ne peux pas utiliser le clavier ni le touchpad. Il pense qu'il fodrait que je supprime le fichier système et que je réinstalle le driver du clavier et du touchpad mais le problème est que je suis en étude à Glasgow et mes drivers sont en France. Je suis allé sur le site de DELL pour trouver le driver je ne l'ai pas trouver... Si quelqu'un pouvait m'aider ça serait cool. En attendant j'ai trouvé une solution, je met mon ordianteur en veille prolongée comme ça je retrouve ma session comme à la dernière connexion mais si pour une raison ou une autre mon ordinateur s'éteint je dois me taper une restauration de système à la date d'installation de mon antivirus et c'est galère après.
Je colle mon rapport d'antivir. En plus il y a 2 fichier qui ne peuvent pas être analtsés.
Merci d'avance à très bientôt j'espère.
Mon pc est un DELL Inspiron 1525.
Avira AntiVir Personal
Report file date: jeudi 25 septembre 2008 16:32
Scanning for 1643459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BECKS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 16:19:50
ANTIVIR3.VDF : 7.0.6.212 441856 Bytes 25/09/2008 14:32:00
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 20/09/2008 15:32:33
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 20/09/2008 15:32:30
AEPACK.DLL : 8.1.2.3 364918 Bytes 25/09/2008 14:32:10
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 20/09/2008 15:32:28
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 20/09/2008 15:32:27
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 20/09/2008 15:32:23
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 20/09/2008 15:32:19
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 20/09/2008 15:32:16
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 25 septembre 2008 16:32
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'dsc.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'DellWMgr.exe' - '1' Module(s) have been scanned
Scan process 'VolPanlu.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'OEM02Mon.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'US30Service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '1' Module(s) have been scanned
Scan process 'AEstSrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
74 processes with 74 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\US30Kbd2K.sys
[DETECTION] Is the TR/SPY.KeyLogger.aui Trojan
[NOTE] The file was moved to '490ea4cc.qua'!
Begin scan in 'D:\' <RECOVERY>
End of the scan: jeudi 25 septembre 2008 16:57
Used time: 24:38 Minute(s)
The scan has been done completely.
15074 Scanning directories
189451 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
189447 Files not concerned
1205 Archives were scanned
3 Warnings
1 Notes
Je suis infecté par un trojan keylogger mais le problème c'est qu'il se trouve sur un fichier système. Mon antivirus ANtivir le détecte et je le mets en quarantaine, si j'ai le malheur d'étaindre mon pc en le rallumant je ne peux pas utiliser le clavier ni le touchpad. Il pense qu'il fodrait que je supprime le fichier système et que je réinstalle le driver du clavier et du touchpad mais le problème est que je suis en étude à Glasgow et mes drivers sont en France. Je suis allé sur le site de DELL pour trouver le driver je ne l'ai pas trouver... Si quelqu'un pouvait m'aider ça serait cool. En attendant j'ai trouvé une solution, je met mon ordianteur en veille prolongée comme ça je retrouve ma session comme à la dernière connexion mais si pour une raison ou une autre mon ordinateur s'éteint je dois me taper une restauration de système à la date d'installation de mon antivirus et c'est galère après.
Je colle mon rapport d'antivir. En plus il y a 2 fichier qui ne peuvent pas être analtsés.
Merci d'avance à très bientôt j'espère.
Mon pc est un DELL Inspiron 1525.
Avira AntiVir Personal
Report file date: jeudi 25 septembre 2008 16:32
Scanning for 1643459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BECKS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 16:19:50
ANTIVIR3.VDF : 7.0.6.212 441856 Bytes 25/09/2008 14:32:00
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 20/09/2008 15:32:33
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 20/09/2008 15:32:30
AEPACK.DLL : 8.1.2.3 364918 Bytes 25/09/2008 14:32:10
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 20/09/2008 15:32:28
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 20/09/2008 15:32:27
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 20/09/2008 15:32:23
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 20/09/2008 15:32:19
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 20/09/2008 15:32:16
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 25 septembre 2008 16:32
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'dsc.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'DellWMgr.exe' - '1' Module(s) have been scanned
Scan process 'VolPanlu.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'OEM02Mon.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'US30Service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '1' Module(s) have been scanned
Scan process 'AEstSrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
74 processes with 74 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\US30Kbd2K.sys
[DETECTION] Is the TR/SPY.KeyLogger.aui Trojan
[NOTE] The file was moved to '490ea4cc.qua'!
Begin scan in 'D:\' <RECOVERY>
End of the scan: jeudi 25 septembre 2008 16:57
Used time: 24:38 Minute(s)
The scan has been done completely.
15074 Scanning directories
189451 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
189447 Files not concerned
1205 Archives were scanned
3 Warnings
1 Notes
A voir également:
- [DETECTION]TR/SPY.KeyLogger.aui Trojan
- Touslesdrivers detection - Télécharger - Pilotes & Matériel
- Detection materiel pc - Guide
- Trojan sms-par google ✓ - Forum Virus
- Détection de l'ouverture du clapet de mon étui samsung - Forum Téléphones & tablettes Android
- Trojan remover - Télécharger - Antivirus & Antimalwares
12 réponses
non laisse le en quarantaine ! cela revient au meme c'est une zone protégée ! comme cela si tu as un soucis tu peux reinstaller le fichier
_______________
1/ si le fichier est reinstaller ton ordi a des soucis?
2/ si il est en quarantaine ton ordi a des soucis?
3/ si tu peux le restaurer et l'analyser sur virus total pour voir si c'est pas un faux positif?
et nous coller le rapport
https://www.virustotal.com/gui/
C:\Windows\System32\drivers\US30Kbd2K.sys
_______________
1/ si le fichier est reinstaller ton ordi a des soucis?
2/ si il est en quarantaine ton ordi a des soucis?
3/ si tu peux le restaurer et l'analyser sur virus total pour voir si c'est pas un faux positif?
et nous coller le rapport
https://www.virustotal.com/gui/
C:\Windows\System32\drivers\US30Kbd2K.sys
apparemment que deux antivirus le trouvent néfaste ce fichier et peut être aussi antivir
regarde ici:
https://www.file.net/process/us30kbd2k.sys.html
___________
mais tu n'as pas repondu aux deux premières questions
1/ si le fichier est reinstallé : ton ordi a des soucis?
2/ si il est en quarantaine ton ordi a des soucis?
car si pas de problème on verra pour le mettre dans les exceptions d'antivir
sinon aussi pour verifier scan ton ordi avec super antispyware:
http://www.01net.com/editorial/370512/superantispyware-v4.0/
regarde ici:
https://www.file.net/process/us30kbd2k.sys.html
___________
mais tu n'as pas repondu aux deux premières questions
1/ si le fichier est reinstallé : ton ordi a des soucis?
2/ si il est en quarantaine ton ordi a des soucis?
car si pas de problème on verra pour le mettre dans les exceptions d'antivir
sinon aussi pour verifier scan ton ordi avec super antispyware:
http://www.01net.com/editorial/370512/superantispyware-v4.0/
Voilà le rapport sinon je n'ai pas essayé d'ignorer le trojan donc je l'ai toujours mis en quarantaine.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:15, on 25/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\eden\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxserv2.paisley.ac.uk:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.2\US30Service.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:15, on 25/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\eden\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxserv2.paisley.ac.uk:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.2\US30Service.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
J'ai déjà malwarebyte il ne trouve rien.
Je pense pas qu'il faille le virer car si je le vire je supprime en même temps le fichier système et je ne pourrait plus utiliser mon clavier ????
Je pense pas qu'il faille le virer car si je le vire je supprime en même temps le fichier système et je ne pourrait plus utiliser mon clavier ????
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voilà le rapport, mais sinon vous êtes sûr que je peux supprimé le virus car je pense que si je le supprime cela va supprimé le fichier système et adieu mon clavier nan ??
ComboFix 08-09-24.15 - Becks 2008-09-25 18:26:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.986 [GMT 2:00]
Lancé depuis: C:\Users\Becks\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 17:43 . 2008-09-25 17:43 <REP> d-------- C:\Program Files\Trend Micro
2008-09-25 17:31 . 2008-09-25 17:31 <REP> d-------- C:\Windows\LastGood
2008-09-24 19:27 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-24 19:27 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-24 19:05 . 2008-09-24 19:05 <REP> d-------- C:\Users\Becks\AppData\Roaming\InstallShield
2008-09-24 18:04 . 2008-09-24 18:04 <REP> d-------- C:\Users\All Users\Avira(188)
2008-09-24 18:04 . 2008-09-24 18:04 <REP> d-------- C:\ProgramData\Avira(188)
2008-09-24 16:35 . 2008-09-24 16:35 <REP> d-------- C:\Users\Becks\AppData\Roaming\Talkback
2008-09-23 14:10 . 2008-09-23 14:10 <REP> d-------- C:\Windows\Sun
2008-09-23 12:57 . 2008-09-24 19:43 <REP> d-------- C:\Users\Becks\AppData\Roaming\Azureus
2008-09-23 12:57 . 2008-09-23 12:57 <REP> d-------- C:\Users\All Users\Azureus
2008-09-23 12:57 . 2008-09-23 12:57 <REP> d-------- C:\ProgramData\Azureus
2008-09-23 12:57 . 2008-09-23 12:57 <REP> d-------- C:\Program Files\AskSBar
2008-09-23 12:55 . 2008-09-24 19:39 <REP> d-------- C:\Program Files\Vuze
2008-09-22 17:27 . 2008-09-22 17:27 <REP> d-------- C:\Program Files\Common Files\Adobe(15)
2008-09-22 17:27 . 2008-09-22 17:28 <REP> d-------- C:\Program Files\Adobe(1)
2008-09-17 00:18 . 2008-09-17 00:18 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-09-14 23:48 . 2008-09-14 23:48 86,832 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-09-11 21:12 . 2008-09-24 18:14 <REP> d-------- C:\Users\All Users\Avira(207)
2008-09-11 21:12 . 2008-09-24 19:20 <REP> d-------- C:\Users\All Users\Avira
2008-09-11 21:12 . 2008-09-24 18:14 <REP> d-------- C:\ProgramData\Avira(207)
2008-09-11 21:12 . 2008-09-24 19:20 <REP> d-------- C:\ProgramData\Avira
2008-09-11 21:12 . 2008-09-11 21:12 <REP> d-------- C:\Program Files\Avira
2008-09-11 21:11 . 2008-09-11 21:11 268 --ah-c--- C:\sqmdata01.sqm
2008-09-11 21:11 . 2008-09-11 21:11 244 --ah-c--- C:\sqmnoopt01.sqm
2008-09-11 11:04 . 2008-09-11 11:04 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-09-11 11:04 . 2008-09-11 11:04 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-09-10 20:57 . 2008-09-10 20:57 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-10 20:49 . 2008-09-25 17:33 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-10 17:50 . 2008-09-10 17:50 268 --ah-c--- C:\sqmdata00.sqm
2008-09-10 17:50 . 2008-09-10 17:50 244 --ah-c--- C:\sqmnoopt00.sqm
2008-09-10 17:02 . 2008-09-25 17:16 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-10 17:02 . 2008-09-25 17:16 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-10 17:02 . 2008-09-25 16:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-10 16:56 . 2008-09-10 16:56 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-10 16:54 . 2008-09-10 16:54 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-09-10 16:43 . 2008-09-10 16:43 <REP> d-------- C:\Users\Becks\AppData\Roaming\Malwarebytes
2008-09-10 16:42 . 2008-09-10 16:42 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-10 16:42 . 2008-09-10 16:42 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-10 16:42 . 2008-09-25 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 16:38 . 2008-09-10 16:59 <REP> d-------- C:\Program Files\Windows Live
2008-09-10 16:38 . 2008-09-25 17:23 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-10 16:37 . 2008-09-25 17:29 <REP> d-------- C:\Users\All Users\WLInstaller
2008-09-10 16:37 . 2008-09-25 17:29 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-05 11:12 . 2008-09-05 11:12 <REP> dr-h----- C:\Users\Becks\AppData\Roaming\SecuROM
2008-09-05 11:07 . 2008-09-05 11:07 <REP> d-------- C:\Program Files\EA SPORTS
2008-09-03 11:56 . 2008-09-03 11:56 <REP> d-------- C:\Users\Becks\AppData\Roaming\Samsung
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:20 --------- d-----w C:\Program Files\DellTPad
2008-09-24 17:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 15:14 --------- d-----w C:\Program Files\Dell
2008-09-24 14:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-14 21:45 --------- d-----w C:\Users\Becks\AppData\Roaming\DAEMON Tools
2008-09-11 22:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 22:18 --------- d-----w C:\Program Files\Windows Mail
2008-09-11 21:42 --------- d-----w C:\Program Files\Red Storm Entertainment
2008-08-16 22:48 --------- d-----w C:\Users\Becks\AppData\Roaming\ArcSoft
2008-08-10 22:09 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-25 00:05 --------- d-----w C:\Users\Becks\AppData\Roaming\DivX
2008-07-25 00:04 --------- d-----w C:\Users\Becks\AppData\Roaming\tmp
2008-07-25 00:04 --------- d-----w C:\Users\Becks\AppData\Roaming\Reallusion
2008-05-28 14:31 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 14:46 76 --sh--r C:\Windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-05-28 77824]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
C:\Users\Becks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-28 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-28 17:03 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{61001D32-DADC-469B-B9A1-D0732FB10B19}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{1D0BCA92-B97D-4A98-BAD1-16B66FEEE992}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A930C9E7-61A6-48FB-9468-8951F55F2C05}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D6DAE0F9-123A-450E-BA77-D94786737531}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E5A7308D-B8B4-4AEF-8AA3-1B880D982E8E}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{C7A762B3-759E-40E0-8833-47178E4FA30B}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{25C3299C-9F83-44B5-81D4-E8402C6C6C4C}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{17E572EE-831B-4425-A6DB-B72E7DAC0E11}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{2E7A56BE-3AA3-4054-894A-B5E6EEA0B178}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{3072589B-006A-4622-9556-914415D88D2F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0A21F89C-925D-4D78-ABB0-651DB68DB69F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-09 5120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a881dc67-3269-11dd-841a-001644ba2467}]
\shell\AutoRun\command - G:\Autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Becks\AppData\Roaming\Mozilla\Firefox\Profiles\h5o12g2w.default\
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 18:28:31
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-25 18:30:05
ComboFix-quarantined-files.txt 2008-09-25 16:30:01
Avant-CF: 42ÿ810ÿ900ÿ480 octets libres
Après-CF: 42,856,296,448 octets libres
169 --- E O F --- 2008-09-11 22:11:50
ComboFix 08-09-24.15 - Becks 2008-09-25 18:26:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.986 [GMT 2:00]
Lancé depuis: C:\Users\Becks\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 17:43 . 2008-09-25 17:43 <REP> d-------- C:\Program Files\Trend Micro
2008-09-25 17:31 . 2008-09-25 17:31 <REP> d-------- C:\Windows\LastGood
2008-09-24 19:27 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-24 19:27 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-24 19:05 . 2008-09-24 19:05 <REP> d-------- C:\Users\Becks\AppData\Roaming\InstallShield
2008-09-24 18:04 . 2008-09-24 18:04 <REP> d-------- C:\Users\All Users\Avira(188)
2008-09-24 18:04 . 2008-09-24 18:04 <REP> d-------- C:\ProgramData\Avira(188)
2008-09-24 16:35 . 2008-09-24 16:35 <REP> d-------- C:\Users\Becks\AppData\Roaming\Talkback
2008-09-23 14:10 . 2008-09-23 14:10 <REP> d-------- C:\Windows\Sun
2008-09-23 12:57 . 2008-09-24 19:43 <REP> d-------- C:\Users\Becks\AppData\Roaming\Azureus
2008-09-23 12:57 . 2008-09-23 12:57 <REP> d-------- C:\Users\All Users\Azureus
2008-09-23 12:57 . 2008-09-23 12:57 <REP> d-------- C:\ProgramData\Azureus
2008-09-23 12:57 . 2008-09-23 12:57 <REP> d-------- C:\Program Files\AskSBar
2008-09-23 12:55 . 2008-09-24 19:39 <REP> d-------- C:\Program Files\Vuze
2008-09-22 17:27 . 2008-09-22 17:27 <REP> d-------- C:\Program Files\Common Files\Adobe(15)
2008-09-22 17:27 . 2008-09-22 17:28 <REP> d-------- C:\Program Files\Adobe(1)
2008-09-17 00:18 . 2008-09-17 00:18 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-09-14 23:48 . 2008-09-14 23:48 86,832 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-09-11 21:12 . 2008-09-24 18:14 <REP> d-------- C:\Users\All Users\Avira(207)
2008-09-11 21:12 . 2008-09-24 19:20 <REP> d-------- C:\Users\All Users\Avira
2008-09-11 21:12 . 2008-09-24 18:14 <REP> d-------- C:\ProgramData\Avira(207)
2008-09-11 21:12 . 2008-09-24 19:20 <REP> d-------- C:\ProgramData\Avira
2008-09-11 21:12 . 2008-09-11 21:12 <REP> d-------- C:\Program Files\Avira
2008-09-11 21:11 . 2008-09-11 21:11 268 --ah-c--- C:\sqmdata01.sqm
2008-09-11 21:11 . 2008-09-11 21:11 244 --ah-c--- C:\sqmnoopt01.sqm
2008-09-11 11:04 . 2008-09-11 11:04 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-09-11 11:04 . 2008-09-11 11:04 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-09-10 20:57 . 2008-09-10 20:57 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-10 20:49 . 2008-09-25 17:33 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-10 17:50 . 2008-09-10 17:50 268 --ah-c--- C:\sqmdata00.sqm
2008-09-10 17:50 . 2008-09-10 17:50 244 --ah-c--- C:\sqmnoopt00.sqm
2008-09-10 17:02 . 2008-09-25 17:16 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-10 17:02 . 2008-09-25 17:16 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-10 17:02 . 2008-09-25 16:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-10 16:56 . 2008-09-10 16:56 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-10 16:54 . 2008-09-10 16:54 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-09-10 16:43 . 2008-09-10 16:43 <REP> d-------- C:\Users\Becks\AppData\Roaming\Malwarebytes
2008-09-10 16:42 . 2008-09-10 16:42 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-10 16:42 . 2008-09-10 16:42 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-10 16:42 . 2008-09-25 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 16:38 . 2008-09-10 16:59 <REP> d-------- C:\Program Files\Windows Live
2008-09-10 16:38 . 2008-09-25 17:23 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-10 16:37 . 2008-09-25 17:29 <REP> d-------- C:\Users\All Users\WLInstaller
2008-09-10 16:37 . 2008-09-25 17:29 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-05 11:12 . 2008-09-05 11:12 <REP> dr-h----- C:\Users\Becks\AppData\Roaming\SecuROM
2008-09-05 11:07 . 2008-09-05 11:07 <REP> d-------- C:\Program Files\EA SPORTS
2008-09-03 11:56 . 2008-09-03 11:56 <REP> d-------- C:\Users\Becks\AppData\Roaming\Samsung
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:20 --------- d-----w C:\Program Files\DellTPad
2008-09-24 17:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 15:14 --------- d-----w C:\Program Files\Dell
2008-09-24 14:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-14 21:45 --------- d-----w C:\Users\Becks\AppData\Roaming\DAEMON Tools
2008-09-11 22:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 22:18 --------- d-----w C:\Program Files\Windows Mail
2008-09-11 21:42 --------- d-----w C:\Program Files\Red Storm Entertainment
2008-08-16 22:48 --------- d-----w C:\Users\Becks\AppData\Roaming\ArcSoft
2008-08-10 22:09 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-25 00:05 --------- d-----w C:\Users\Becks\AppData\Roaming\DivX
2008-07-25 00:04 --------- d-----w C:\Users\Becks\AppData\Roaming\tmp
2008-07-25 00:04 --------- d-----w C:\Users\Becks\AppData\Roaming\Reallusion
2008-05-28 14:31 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 14:46 76 --sh--r C:\Windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-05-28 77824]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
C:\Users\Becks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-28 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-28 17:03 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{61001D32-DADC-469B-B9A1-D0732FB10B19}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{1D0BCA92-B97D-4A98-BAD1-16B66FEEE992}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A930C9E7-61A6-48FB-9468-8951F55F2C05}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D6DAE0F9-123A-450E-BA77-D94786737531}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E5A7308D-B8B4-4AEF-8AA3-1B880D982E8E}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{C7A762B3-759E-40E0-8833-47178E4FA30B}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{25C3299C-9F83-44B5-81D4-E8402C6C6C4C}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{17E572EE-831B-4425-A6DB-B72E7DAC0E11}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{2E7A56BE-3AA3-4054-894A-B5E6EEA0B178}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{3072589B-006A-4622-9556-914415D88D2F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0A21F89C-925D-4D78-ABB0-651DB68DB69F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-09 5120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a881dc67-3269-11dd-841a-001644ba2467}]
\shell\AutoRun\command - G:\Autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Becks\AppData\Roaming\Mozilla\Firefox\Profiles\h5o12g2w.default\
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 18:28:31
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-25 18:30:05
ComboFix-quarantined-files.txt 2008-09-25 16:30:01
Avant-CF: 42ÿ810ÿ900ÿ480 octets libres
Après-CF: 42,856,296,448 octets libres
169 --- E O F --- 2008-09-11 22:11:50
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.29 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.29 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.30 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.08.30 -
DrWeb 4.44.0.09170 2008.08.29 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.30 -
F-Prot 4.4.4.56 2008.08.29 -
Fortinet 3.14.0.0 2008.08.30 -
GData 19 2008.08.30 Trojan-Spy.Win32.KeyLogger.aui
Ikarus T3.1.1.34.0 2008.08.30 -
K7AntiVirus 7.10.432 2008.08.29 -
Kaspersky 7.0.0.125 2008.08.30 Trojan-Spy.Win32.KeyLogger.aui
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Panda 9.0.0.4 2008.08.30 -
PCTools 4.4.2.0 2008.08.29 -
Prevx1 V2 2008.08.30 -
Rising 20.59.51.00 2008.08.30 -
Sophos 4.33.0 2008.08.30 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.30 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.29 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.29 -
Webwasher-Gateway 6.6.2 2008.08.29 -
Information additionnelle
File size: 10752 bytes
MD5...: ddef5ec0ec3ec6ee9dbd80e06481af6f
SHA1..: d1862a22e8b3fbccce16d442f975775e7d86c29a
SHA256: ccf147ca2b9fbe69b0346397fa1a3e73a43890860e3f7414a8a4d75440934c8c
SHA512: dd9956ca20de1127902efb46d813ea56b7b7657d8392075851412c54aadb0c06
16a08f9e670bbfdf03cddb5d8ab912efb76e028bdc4818b5ab18cba22d765025
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x16073
timedatestamp.....: 0x47385d00 (Mon Nov 12 14:02:40 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x179a 0x1800 5.96 f65d810f283e3f52a145555bb1e838cf
.rdata 0x3000 0x184 0x200 3.10 3bafe87d6697ee9752e7f23eb558dfe0
.data 0x4000 0x12e4 0x200 0.86 829e0cfd67f5c3a392308e6a129c085b
INIT 0x6000 0x48a 0x600 4.58 a7af636d7c54b2ed87f3f4362d4a9cdc
.reloc 0x7000 0x2ee 0x400 4.69 d6040865dbe2179ae3be29e399f7ea8d
( 2 imports )
> ntoskrnl.exe: RtlInitUnicodeString, RtlFreeUnicodeString, IoCreateSymbolicLink, IoCreateDevice, RtlAnsiStringToUnicodeString, RtlInitAnsiString, sprintf, IofCompleteRequest, IofCallDriver, RtlAssert, MmMapLockedPagesSpecifyCache, IoAttachDeviceToDeviceStack, PoCallDriver, PoStartNextPowerIrp, ExFreePoolWithTag, ZwQueryValueKey, ExAllocatePoolWithTag, ZwOpenKey, RtlCopyUnicodeString, ZwSetValueKey, IoQueueWorkItem, IoAllocateWorkItem, InitSafeBootMode, ObfDereferenceObject, IoBuildDeviceIoControlRequest, KeInitializeEvent, IoGetDeviceObjectPointer, RtlDeleteRegistryValue, IoFreeWorkItem, _except_handler3, KeTickCount, KeBugCheckEx, IoDetachDevice, ZwClose, IoDeleteDevice
> HAL.dll: KeGetCurrentIrql
( 0 exports )
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.29 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.29 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.30 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.08.30 -
DrWeb 4.44.0.09170 2008.08.29 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.30 -
F-Prot 4.4.4.56 2008.08.29 -
Fortinet 3.14.0.0 2008.08.30 -
GData 19 2008.08.30 Trojan-Spy.Win32.KeyLogger.aui
Ikarus T3.1.1.34.0 2008.08.30 -
K7AntiVirus 7.10.432 2008.08.29 -
Kaspersky 7.0.0.125 2008.08.30 Trojan-Spy.Win32.KeyLogger.aui
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Panda 9.0.0.4 2008.08.30 -
PCTools 4.4.2.0 2008.08.29 -
Prevx1 V2 2008.08.30 -
Rising 20.59.51.00 2008.08.30 -
Sophos 4.33.0 2008.08.30 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.30 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.29 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.29 -
Webwasher-Gateway 6.6.2 2008.08.29 -
Information additionnelle
File size: 10752 bytes
MD5...: ddef5ec0ec3ec6ee9dbd80e06481af6f
SHA1..: d1862a22e8b3fbccce16d442f975775e7d86c29a
SHA256: ccf147ca2b9fbe69b0346397fa1a3e73a43890860e3f7414a8a4d75440934c8c
SHA512: dd9956ca20de1127902efb46d813ea56b7b7657d8392075851412c54aadb0c06
16a08f9e670bbfdf03cddb5d8ab912efb76e028bdc4818b5ab18cba22d765025
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x16073
timedatestamp.....: 0x47385d00 (Mon Nov 12 14:02:40 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x179a 0x1800 5.96 f65d810f283e3f52a145555bb1e838cf
.rdata 0x3000 0x184 0x200 3.10 3bafe87d6697ee9752e7f23eb558dfe0
.data 0x4000 0x12e4 0x200 0.86 829e0cfd67f5c3a392308e6a129c085b
INIT 0x6000 0x48a 0x600 4.58 a7af636d7c54b2ed87f3f4362d4a9cdc
.reloc 0x7000 0x2ee 0x400 4.69 d6040865dbe2179ae3be29e399f7ea8d
( 2 imports )
> ntoskrnl.exe: RtlInitUnicodeString, RtlFreeUnicodeString, IoCreateSymbolicLink, IoCreateDevice, RtlAnsiStringToUnicodeString, RtlInitAnsiString, sprintf, IofCompleteRequest, IofCallDriver, RtlAssert, MmMapLockedPagesSpecifyCache, IoAttachDeviceToDeviceStack, PoCallDriver, PoStartNextPowerIrp, ExFreePoolWithTag, ZwQueryValueKey, ExAllocatePoolWithTag, ZwOpenKey, RtlCopyUnicodeString, ZwSetValueKey, IoQueueWorkItem, IoAllocateWorkItem, InitSafeBootMode, ObfDereferenceObject, IoBuildDeviceIoControlRequest, KeInitializeEvent, IoGetDeviceObjectPointer, RtlDeleteRegistryValue, IoFreeWorkItem, _except_handler3, KeTickCount, KeBugCheckEx, IoDetachDevice, ZwClose, IoDeleteDevice
> HAL.dll: KeGetCurrentIrql
( 0 exports )
Je ne peux pas réinstaller le fichier je n'ai pas le cd du driver je suis en écosse. Si je le met en quarantaine quand je redémarre mon pc je ne peux plus utiliser ni le clavier ni le touch, logique car l'antivirus met le fichier en quarantaine donc il ne s'exécute plus.
slt
pour les fichiers non analysés c'est normal
___________
l'ordi plante si tu laisse l'infection? uniquement si antivir vire le fichier?
____________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
pour les fichiers non analysés c'est normal
___________
l'ordi plante si tu laisse l'infection? uniquement si antivir vire le fichier?
____________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
le mettre en quarantaine ou le virer cela revient au meme
____
si tu désactive antivir ( guard) l'ordi marche? l'ordi redemarre ? car dans ce cas comme tu n'as pas de cd c'est une solution en attendant
____
ou alors cré un cd de boot linux comme cela si problème tu pourra toujours aller sur le net ....
__________
sinon on essaye...
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
____
si tu désactive antivir ( guard) l'ordi marche? l'ordi redemarre ? car dans ce cas comme tu n'as pas de cd c'est une solution en attendant
____
ou alors cré un cd de boot linux comme cela si problème tu pourra toujours aller sur le net ....
__________
sinon on essaye...
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
qu'il soit en quarantaine ou viré c'est pareil ! il n'est plus actif et deplacé donc non trouvé si nécessaire
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
