re virus svp pas de reponse absurde merci

Question

Bonjour,
quentind, merci de ta réponse hummm insensée, si je fais tt ca c'est pour ne pas reformater pardis !! j'aimerai enlever mon virus quelqu'un peut il m'aider s'il vous plait et non reformater merci mon pc fait un bruit comme si il ouvre une fenetre mais rien ne s'affiche je ne peux repondre directement au mail aussi car aucun lien s'ouvre sous oultlook express j'ai un rapport hidjack je ne sais si on peut le laisser merci de votre réponse merci qd mme quentind mais bon j'attendais une aide pour enlever mon virus bonne journée à toi

^^Marie^^ · Accepted Answer

Salut

J'aime bien le titre du topik

Re virus svp pas de reponse absurde merci


)))

labtrust · Answer

bjr 
est-ce que le virus a été identifié par ton antivirus ? Tu as son nom ?

rimor · Answer

poste ton rapport hijckthis

Telecharge a-Squared et fait une analyse

rimor · Answer

Karine 
Colle ton rapport hijackthis a cette adresse http://www.hijackthis.fr et suis les instruction.
As tu Ccleanersi non telecharge le c'est gratuit et lance analyse et nettoyage
ok bonne chance

douchka66 · Answer

bonjour nous allons faire plus simple scan complet avec malwarebytes et affiche le rapport merci

rimor · Answer

Escuse moi le lien est http://www.hijackthis.de/fr#anl
Tu coches ce que tu veux enlever et tu lances fix checked 
As tu trouver ccleaner?Malwarebytes' Anti-Malware?A-Squared free?

rimor · Answer

Tu colles le rapport et tu fais click sur evaluer.

karine · Answer

j'ai fais cclearner l'analyse qd j'appuie sur nettoyage il me dit qu'il va supprimer definitivement les dossier trouvé mais il y a des dossiers de musique tres vieux sur mon ordi ainsi que qq films je suis sur qu ils n'ont pas de virus et je ne veux pas les jetter comment faire est ce un probleme de configuration de ccleaner j'ai rien touché ?

rimor · Answer

T'es sure que ce sont Tes fichiers musiques et videos!As tu une cle usb? mets les dedans et recommance l'analyse ccleaner

rimor · Answer

As tu fait une analyse avec a-squared Free et Malwarebytes' Anti-Malware?que te disent les rapports?

toptitbal · Answer

Bonjour

Tu as plusieurs infections mais il faut dire que tu fais tout pour....

Platform: Windows XP (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Utilisateur anonyme · Answer

Bonsoir,

je prend la suite ....


Karine ,

avec malewarebyte , as tu "supprimé la selection" ??

Utilisateur anonyme · Answer

Réouvre malewarebyte
va sur quaranatine
supprime tout 


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

karine · Answer

j'i fais ausii hijack 
Malwarebytes' Anti-Malware 1.28 
Version de la base de données: 1251 
Windows 5.1.2600 

2008-10-11 01:19:13 
mbam-log-2008-10-11 (01-19-13).txt 

Type de recherche: Examen complet (C:\|) 
Eléments examinés: 117107 
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s) 

Processus mémoire infecté(s): 2 
Module(s) mémoire infecté(s): 0 
Clé(s) du Registre infectée(s): 4 
Valeur(s) du Registre infectée(s): 3 
Elément(s) de données du Registre infecté(s): 2 
Dossier(s) infecté(s): 0 
Fichier(s) infecté(s): 65 

Processus mémoire infecté(s): 
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Unloaded process successfully. 
C:\WINDOWS\Temp\.ttF.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully. 

Module(s) mémoire infecté(s): 
(Aucun élément nuisible détecté) 

Clé(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ojamynen (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services	cpsr (Trojan.Agent) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services	cpsr (Trojan.Agent) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. 

Valeur(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7n1j0el1l (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3n1j0el1l (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. 

Elément(s) de données du Registre infecté(s): 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 

Dossier(s) infecté(s): 
(Aucun élément nuisible détecté) 

Fichier(s) infecté(s): 
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojamynen.dll.vir (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447533.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447552.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447622.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448623.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448624.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448625.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453765.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448691.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450691.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452689.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452690.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452691.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452728.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452746.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452765.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453764.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454767.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454768.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454876.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454877.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454878.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455810.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455817.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456816.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456817.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457815.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458816.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458817.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459815.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\ojamynen.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\drivers	cpsr.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttF.tmp.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. 
C:\WINDOWS\system32\blphc3n1j0el1l.scr (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
C:\WINDOWS\system32\phc3n1j0el1l.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\Documents and Settings\karine\Local Settings	emp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\Documents and Settings\karine\Local Settings	emp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttA.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. 
C:\Documents and Settings\karine\Local Settings	emp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. 


Ajout du 11-10-2008 à 01:36: 

de plus je t'ai fais un rapport trend hijack 
Malwarebytes' Anti-Malware 1.28 
Version de la base de données: 1251 
Windows 5.1.2600 

2008-10-11 01:19:13 
mbam-log-2008-10-11 (01-19-13).txt 

Type de recherche: Examen complet (C:\|) 
Eléments examinés: 117107 
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s)

karine · Answer

j'i fais ausii hijack 
Malwarebytes' Anti-Malware 1.28 
Version de la base de données: 1251 
Windows 5.1.2600 

2008-10-11 01:19:13 
mbam-log-2008-10-11 (01-19-13).txt 

Type de recherche: Examen complet (C:\|) 
Eléments examinés: 117107 
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s) 

Processus mémoire infecté(s): 2 
Module(s) mémoire infecté(s): 0 
Clé(s) du Registre infectée(s): 4 
Valeur(s) du Registre infectée(s): 3 
Elément(s) de données du Registre infecté(s): 2 
Dossier(s) infecté(s): 0 
Fichier(s) infecté(s): 65 

Processus mémoire infecté(s): 
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Unloaded process successfully. 
C:\WINDOWS\Temp\.ttF.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully. 

Module(s) mémoire infecté(s): 
(Aucun élément nuisible détecté) 

Clé(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ojamynen (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services	cpsr (Trojan.Agent) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services	cpsr (Trojan.Agent) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. 

Valeur(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7n1j0el1l (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3n1j0el1l (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. 

Elément(s) de données du Registre infecté(s): 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 

Dossier(s) infecté(s): 
(Aucun élément nuisible détecté) 

Fichier(s) infecté(s): 
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojamynen.dll.vir (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447533.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447552.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447622.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448623.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448624.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448625.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453765.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448691.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450691.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452689.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452690.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452691.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452728.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452746.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452765.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453764.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454767.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454768.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454876.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454877.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454878.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455810.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455817.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456816.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456817.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457815.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458816.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458817.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459815.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\ojamynen.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\drivers	cpsr.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttF.tmp.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. 
C:\WINDOWS\system32\blphc3n1j0el1l.scr (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
C:\WINDOWS\system32\phc3n1j0el1l.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\Documents and Settings\karine\Local Settings	emp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\Documents and Settings\karine\Local Settings	emp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttA.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. 
C:\Documents and Settings\karine\Local Settings	emp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. 


Ajout du 11-10-2008 à 01:36: 

de plus je t'ai fais un rapport trend hijack 
Malwarebytes' Anti-Malware 1.28 
Version de la base de données: 1251 
Windows 5.1.2600 

2008-10-11 01:19:13 
mbam-log-2008-10-11 (01-19-13).txt 

Type de recherche: Examen complet (C:\|) 
Eléments examinés: 117107 
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s)

karine · Answer

j'i fais ausii hijack 
Malwarebytes' Anti-Malware 1.28 
Version de la base de données: 1251 
Windows 5.1.2600 

2008-10-11 01:19:13 
mbam-log-2008-10-11 (01-19-13).txt 

Type de recherche: Examen complet (C:\|) 
Eléments examinés: 117107 
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s) 

Processus mémoire infecté(s): 2 
Module(s) mémoire infecté(s): 0 
Clé(s) du Registre infectée(s): 4 
Valeur(s) du Registre infectée(s): 3 
Elément(s) de données du Registre infecté(s): 2 
Dossier(s) infecté(s): 0 
Fichier(s) infecté(s): 65 

Processus mémoire infecté(s): 
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Unloaded process successfully. 
C:\WINDOWS\Temp\.ttF.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully. 

Module(s) mémoire infecté(s): 
(Aucun élément nuisible détecté) 

Clé(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ojamynen (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services	cpsr (Trojan.Agent) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services	cpsr (Trojan.Agent) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. 

Valeur(s) du Registre infectée(s): 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc7n1j0el1l (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3n1j0el1l (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. 

Elément(s) de données du Registre infecté(s): 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 

Dossier(s) infecté(s): 
(Aucun élément nuisible détecté) 

Fichier(s) infecté(s): 
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojamynen.dll.vir (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447533.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447552.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0447622.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448623.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448624.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448625.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453765.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0448691.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0449690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450690.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0450691.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0451689.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452689.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452690.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452691.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452728.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452746.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0452765.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0453764.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454767.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454768.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454876.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454877.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1002\A0454878.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455810.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0455817.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456816.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0456817.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457815.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0457816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458816.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458817.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459815.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0459816.sys (Rootkit.Agent) -> Quarantined and deleted successfully. 
C:\System Volume Information\_restore{E66C7989-F3F0-4018-9EF1-8915B93EA00C}\RP1007\A0458809.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\ojamynen.dll (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\drivers	cpsr.sys (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttF.tmp.exe (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. 
C:\WINDOWS\system32\blphc3n1j0el1l.scr (Trojan.FakeAlert) -> Delete on reboot. 
C:\WINDOWS\system32\lphc3n1j0el1l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
C:\WINDOWS\system32\phc3n1j0el1l.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\Documents and Settings\karine\Local Settings	emp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\Documents and Settings\karine\Local Settings	emp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. 
C:\WINDOWS\Temp\.ttA.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. 
C:\Documents and Settings\karine\Local Settings	emp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. 


Ajout du 11-10-2008 à 01:36: 

de plus je t'ai fais un rapport trend hijack 
Malwarebytes' Anti-Malware 1.28 
Version de la base de données: 1251 
Windows 5.1.2600 

2008-10-11 01:19:13 
mbam-log-2008-10-11 (01-19-13).txt 

Type de recherche: Examen complet (C:\|) 
Eléments examinés: 117107 
Temps écoulé: 1 hour(s), 43 minute(s), 21 second(s)

karine · Answer

je ne comprend pas qu'avec sa depuis il ne parte pas ce virus comment faire pour l'enlever svp merci

Utilisateur anonyme · Answer

réésai combofix

http://www.commentcamarche.net/forum/affich 8822090 re virus svp pas de reponse absurde merci?#30

karine · Answer

je vais essaier de nouveau mais combofix ma planter l'ordi et une fenetre au moment de deconexction fut un message d'erreur relatent la memoire pourtant tt va bien il n'a pas reussi a rallumer lordi manuellement j'ai du le faire 4 fois et le rapport ne venait pas apres 30 minutes d'attente est ce normal ? merci

karine · Answer

re,bonjour
j'ai enfin reussi cette nuit, avec combofix, je vous colle le rapport merci beaucoup de votre patience aussi, et votre aide
ComboFix 08-10-10.07 - karine 2008-10-11 2:37:00.3 - NTFSx86

Lancé depuis: C:\Documents and Settings\karine\Bureau\ComboFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\lphc3n1j0el1l.exe
C:\WINDOWS\system32\ojamynen.dll
C:\WINDOWS\system32\ojamynen32.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tcpsr

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.

2008-10-10 20:10 . 2008-10-10 20:10 <REP> d-------- C:\Program Files\Sun
2008-10-10 19:27 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-10-10 04:36 . 2008-10-10 04:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 04:36 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 04:36 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 22:22 . 2008-10-09 22:31 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-10-09 22:22 . 2008-10-09 22:22 <REP> d-------- C:\WINDOWS\Historique
2008-10-09 22:22 . 2008-10-09 22:26 <REP> d-------- C:\WINDOWS\Fichiers d'installation de Windows Update
2008-10-09 21:51 . 2008-10-09 21:51 <REP> d-------- C:\VundoFix Backups
2008-10-09 19:00 . 2008-10-09 19:00 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-09 12:52 . 2008-10-10 22:37 535,908,352 --a------ C:\WINDOWS\MEMORY.DMP
2008-10-09 11:59 . 2008-10-09 11:59 4,364,656 --a------ C:\upload_moi_PARAT-X7TFEBQEF.tar.gz
2008-10-09 11:20 . 2002-06-28 21:22 684,081 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-10-09 11:19 . 2002-06-28 21:22 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-10-09 11:18 . 2001-08-23 17:47 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-10-09 11:16 . 2008-10-10 19:27 <REP> d-------- C:\WINDOWS\LastGood
2008-10-09 11:11 . 2008-10-09 11:11 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-09 11:10 . 2008-10-09 11:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-09 11:06 . 2001-08-17 20:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-08 19:24 . 2008-10-08 19:23 24,576 --a------ C:\WINDOWS\system32\msader15.dll
2008-10-08 19:16 . 2008-10-08 19:16 910,336 --a------ C:\WINDOWS\system32\msoeres.dll
2008-10-08 19:13 . 2008-10-08 19:14 3,961,072 --a------ C:\WINDOWS\system32\WindowsXP-KB894391-ia64-ENU.exe
2008-10-08 19:00 . 2008-10-08 19:00 910,336 --a------ C:\WINDOWS\system32\msoeres.dll.dap
2008-10-08 18:02 . 2008-10-08 18:02 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-08 17:56 . 2002-06-28 21:20 256,512 --a------ C:\WINDOWS\system32\mstask.dll
2008-10-08 17:56 . 2002-06-28 21:20 256,512 --a--c--- C:\WINDOWS\system32\dllcache\mstask.dll
2008-10-08 17:56 . 2002-06-28 21:20 160,768 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-10-08 17:56 . 2002-06-28 21:20 160,768 --a--c--- C:\WINDOWS\system32\dllcache\schedsvc.dll
2008-10-08 17:56 . 2002-06-28 21:00 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2008-10-08 17:56 . 2002-06-28 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwphbk.dll
2008-10-08 17:56 . 2002-06-28 21:20 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2008-10-08 17:56 . 2002-06-28 21:20 9,728 --a--c--- C:\WINDOWS\system32\dllcache\mstinit.exe
2008-10-08 17:55 . 2002-06-28 21:00 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2008-10-08 17:55 . 2002-06-28 21:00 274,432 --a--c--- C:\WINDOWS\system32\dllcache\inetcfg.dll
2008-10-08 17:55 . 2002-06-28 21:01 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2008-10-08 17:55 . 2002-06-28 21:01 81,920 --a--c--- C:\WINDOWS\system32\dllcache\isign32.dll
2008-10-08 17:55 . 2002-06-28 21:00 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2008-10-08 17:55 . 2002-06-28 21:00 69,632 --a--c--- C:\WINDOWS\system32\dllcache\icwdial.dll
2008-10-08 17:54 . 2002-06-28 21:14 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-10-08 17:54 . 2002-06-28 21:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2008-10-08 17:53 . 2002-06-28 21:00 159,744 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2008-10-08 17:53 . 2002-06-28 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-10-08 17:53 . 2002-06-28 21:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-10-08 17:53 . 2002-06-28 21:00 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2008-10-08 17:53 . 2002-06-28 21:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2008-10-08 17:52 . 2002-06-28 20:58 557,128 --a--c--- C:\WINDOWS\system32\dllcache\dao360.dll
2008-10-08 17:52 . 2002-06-28 21:00 213,504 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-10-08 17:52 . 2002-06-28 21:11 213,075 --a--c--- C:\WINDOWS\system32\dllcache\sqlxmlx.dll
2008-10-08 17:51 . 2002-06-28 21:06 413,696 --a--c--- C:\WINDOWS\system32\dllcache\oledb32.dll
2008-10-08 17:51 . 2002-06-28 21:03 188,416 --a--c--- C:\WINDOWS\system32\dllcache\msdaps.dll
2008-10-08 17:51 . 2002-06-28 21:03 86,016 --a--c--- C:\WINDOWS\system32\dllcache\msdatl3.dll
2008-10-08 17:51 . 2002-06-28 21:06 77,824 --a--c--- C:\WINDOWS\system32\dllcache\oledb32r.dll
2008-10-08 17:51 . 2002-06-28 21:03 73,728 --a--c--- C:\WINDOWS\system32\dllcache\msdaosp.dll
2008-10-08 17:51 . 2002-06-28 21:04 24,576 --a--c--- C:\WINDOWS\system32\dllcache\msxactps.dll
2008-10-08 17:50 . 2002-06-28 21:03 303,104 --a--c--- C:\WINDOWS\system32\dllcache\msdasql.dll
2008-10-08 17:50 . 2002-06-28 21:03 221,184 --a--c--- C:\WINDOWS\system32\dllcache\msdaora.dll
2008-10-08 17:50 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdatt.dll
2008-10-08 17:50 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdasqlr.dll
2008-10-08 17:50 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdaorar.dll
2008-10-08 17:50 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdaurl.dll
2008-10-08 17:50 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdasc.dll
2008-10-08 17:50 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdaer.dll
2008-10-08 17:49 . 2002-06-28 21:03 81,920 --a--c--- C:\WINDOWS\system32\dllcache\msado26.tlb
2008-10-08 17:49 . 2002-06-28 21:03 81,920 --a--c--- C:\WINDOWS\system32\dllcache\msado25.tlb
2008-10-08 17:49 . 2002-06-28 21:03 53,248 --a--c--- C:\WINDOWS\system32\dllcache\msadrh15.dll
2008-10-08 17:49 . 2002-06-28 21:03 49,152 --a--c--- C:\WINDOWS\system32\dllcache\msador15.dll
2008-10-08 17:49 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdaenum.dll
2008-10-08 17:49 . 2002-06-28 21:03 4,096 --a--c--- C:\WINDOWS\system32\dllcache\msdadc.dll
2008-10-08 17:48 . 2002-06-28 21:03 61,440 --a--c--- C:\WINDOWS\system32\dllcache\msado21.tlb
2008-10-08 17:48 . 2002-06-28 21:03 61,440 --a--c--- C:\WINDOWS\system32\dllcache\msado20.tlb
2008-10-08 17:48 . 2002-06-28 21:03 28,672 --a--c--- C:\WINDOWS\system32\dllcache\msader15.dll
2008-10-08 17:47 . 2002-06-28 21:03 180,224 --a--c--- C:\WINDOWS\system32\dllcache\msdaprst.dll
2008-10-08 17:47 . 2002-06-28 21:03 110,592 --a--c--- C:\WINDOWS\system32\dllcache\msdarem.dll
2008-10-08 17:47 . 2002-06-28 21:03 32,768 --a--c--- C:\WINDOWS\system32\dllcache\msdfmap.dll
2008-10-08 17:47 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdaremr.dll
2008-10-08 17:46 . 2002-06-28 21:03 147,456 --a--c--- C:\WINDOWS\system32\dllcache\msadds.dll
2008-10-08 17:46 . 2002-06-28 21:03 57,344 --a--c--- C:\WINDOWS\system32\dllcache\msadcf.dll
2008-10-08 17:46 . 2002-06-28 21:03 53,248 --a--c--- C:\WINDOWS\system32\dllcache\msadcs.dll
2008-10-08 17:46 . 2002-06-28 21:03 24,576 --a--c--- C:\WINDOWS\system32\dllcache\msaddsr.dll
2008-10-08 17:46 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msdaprsr.dll
2008-10-08 17:46 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msadcor.dll
2008-10-08 17:46 . 2002-06-28 21:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\msadcfr.dll
2008-10-08 17:45 . 2002-06-28 21:03 307,200 --a--c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-08 17:45 . 2002-06-28 21:03 20,480 --a--c--- C:\WINDOWS\system32\dllcache\msadcer.dll
2008-10-08 17:44 . 2002-06-28 21:00 36,352 --a--c--- C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-10-08 17:43 . 2002-06-28 21:00 91,136 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-10-08 17:38 . 2001-08-17 21:50 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-10-08 17:38 . 2002-06-28 20:58 180,736 --a--c--- C:\WINDOWS\system32\dllcache\cmprops.dll
2008-10-08 17:38 . 2002-06-28 20:58 180,736 --a------ C:\WINDOWS\system32\cmprops.dll
2008-10-08 17:36 . 2001-08-17 21:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-10-08 17:35 . 2001-10-03 08:12 56,960 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-08 17:34 . 2001-08-18 06:38 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-10-08 17:32 . 2002-06-28 21:08 696,320 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2008-10-08 17:32 . 2002-06-28 21:08 151,552 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl
2008-10-08 17:31 . 2002-06-28 21:06 1,085,938 -ra------ C:\WINDOWS\SETB9.tmp
2008-10-08 17:31 . 2002-06-28 21:20 192,116 -ra------ C:\WINDOWS\SETE7.tmp
2008-10-08 17:31 . 2002-06-28 21:17 132,096 --a------ C:\WINDOWS\system\WINSPOOL.DRV
2008-10-08 17:31 . 2001-08-23 17:47 72,704 --a------ C:\WINDOWS\system32\storprop.dll
2008-10-08 17:31 . 2002-06-28 21:00 13,923 -ra------ C:\WINDOWS\SETC5.tmp
2008-10-08 17:31 . 2002-06-28 21:01 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008-10-08 17:31 . 2002-06-28 21:01 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2008-10-08 17:31 . 2002-06-28 21:20 7,046 -ra------ C:\WINDOWS\SETD7.tmp
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-08 01:51 . 2005-04-22 15:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-08 01:51 . 2005-04-22 16:13 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-08 01:51 . 2005-04-22 16:13 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-08 01:51 . 2006-06-17 17:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-08 01:51 . 2008-10-08 01:51 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-04 23:57 . 2008-10-04 23:57 <REP> d-------- C:\Documents and Settings\karine\Application Data\Mostick
2008-09-24 17:00 . 2008-09-24 17:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 17:00 . 2008-09-24 17:00 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 00:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-10 18:08 --------- d-----w C:\Program Files\Java
2008-10-09 20:36 12,800 ----a-w C:\WINDOWS\system32\svchost.exe.tmp
2008-10-06 20:59 --------- d-----w C:\Documents and Settings\karine\Application Data\LimeWire
2008-10-05 14:20 --------- d-----w C:\Program Files\Masta
2008-10-04 21:50 --------- d-----w C:\Program Files\eMule
2008-06-20 13:47 42,192 ----a-w C:\Documents and Settings\karine\Application Data\GDIPFONTCACHEV1.DAT
2008-01-26 01:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-09-04 15:53 17,536 ----a-w C:\Documents and Settings\guitarine\Application Data\GDIPFONTCACHEV1.DAT
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

------- Sigcheck -------

2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-10_18.47.49.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-06-28 18:58:14 9,728 ----a-w C:\WINDOWS\LastGood\System32\cdm.dll
+ 2007-07-30 17:19:20 92,504 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\cdm.dll
- 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2002-06-28 18:58:14 9,728 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2008-10-10 16:18:20 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-11 00:35:46 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-10 16:31:37 1,982,464 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-10-11 00:35:46 2,326,528 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-10 16:15:39 2,064,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101020081011\index.dat
+ 2008-10-10 20:30:43 2,179,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101020081011\index.dat
+ 2008-10-11 00:35:45 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
- 2008-10-10 16:19:08 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-10-11 00:36:49 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2002-06-28 18:58:14 9,728 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-10-11 00:45:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-06-28 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-23 68856]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2002-06-28 208949]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2007-06-30 3364616]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 607232]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 185632]
"ioCentre"="C:\Genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-06-28 147968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-06-28 13312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" [2007-09-13 335872]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe" [2006-11-09 190072]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-12 593920]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KfJNdYrMuJyfWB"= {A80A8161-02A0-2BCB-6576-E3929D9B4382} - C:\WINDOWS\System32\mpps.dll [2002-06-28 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6ejxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
--a------ 2005-10-30 02:56 606208 C:\Program Files\pspvideo9\pspVideo9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11a8bc93-9258-11dd-a9e2-00c0a88eafed}]
\Shell\AutoRun\command - E:\start.exe
\Shell\iledefrance\command - E:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86800aa7-946f-11db-a8e0-00c0a88eafed}]
\Shell\AutoRun\command - 6x8be16.cmd
\Shell\explore\Command - 6x8be16.cmd
\Shell\open\Command - 6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ece03036-acaf-11db-a8ec-00c0a88eafed}]
\Shell\AutoRun\command - E:\8ng8w.com
\Shell\explore\Command - E:\8ng8w.com
\Shell\open\Command - E:\8ng8w.com
.
Contenu du dossier 'Tâches planifiées'

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Notify-ojamynen - ojamynen.dll

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Fichiers communs\mpDRM\NPMPDRM.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 02:46:29
Windows 5.1.2600 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

C:\WINDOWS\system32\svchost.exe.tmp:ext.exe 25088 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-11 2:59:30 - La machine a redémarré [karine]
ComboFix-quarantined-files.txt 2008-10-11 00:59:04
ComboFix2.txt 2008-10-10 08:32:13

Avant-CF: 10,053,857,280 octets libres
Après-CF: 10,285,465,600 octets libres

318 --- E O F --- 2008-03-28 02:08:04

Utilisateur anonyme · Answer

Bonjour,

- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix

karine · Answer

voilà mon rapport 
SmitFraudFix v2.358

Rapport fait à  9:39:02,98, 11/10/2008
Executé à partir de C:\Documents and Settings\karine\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\spywarevanisher-free\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\karine


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\karine\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\karine\MENUDM~1\PROGRA~1\Registry Cleaner PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\karine\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Redémarre en mode sans echec (F8 au démarrage), choisi ton compte et lance SmitFraudFix et choisi l'option 2 et poste le rapport

karine · Answer

sur mon bureau en mode sans echec je ne voit pas l'icone, je l'avais mise au cas ou dans mes documents, j'ai fait le scan avec touche 2 il comence et me fait un debut de nettoyage de disque, il me demande sur l'ecran bleu si je veut nettoyer je fais o puis entré parce qu'il il a (o/n) mais là rien ne fonctione mme si j'ecris oui puis entrée il remet la ligne pareil que faire s'il te plait?

karine · Answer

s'il vous plait ne m'oublié pas merci

karine · Answer

je crois que vous m'avez oublié s il vous plait de l'aide merci

Utilisateur anonyme · Answer

Non non, recommence l'option 2 en mode sans echec et si sa fonctionne pas en mode normal

Si je désinfecte votre machine, c'est pour au moins un bout de temps, je vous désinfecterais pas si vous bousiller votre machine toutes les 5 minutes !

Utilisateur anonyme · Answer

RE

karine , passe l option 2 de smithfraud en mode normal et post le rapport stp

Utilisateur anonyme · Answer

Ça me concerne hein ?....

karine · Answer

chers tous, j'etais pati pour le job, j'ai enfin presque tt reussi sur mon ordi à enlever mes virus et ca grace mais je dis bien grace à vous !!! oh mes dieux je m'incline je ne sais comment vous remercier mais sans vous je ni serais jamais arrivee merci de votre patience votre gentillesseet aussi vis à vis de mon et mon ignirance en informatique de votre intelligence, je n'en fais pas trop je vous assure mais oui heureusement que vous etes là tt et oui faut pas revé n'est pas reglé mais bon c déjà super bien je voulais dire que mon nettoyage de disque ne fonctionne plus et que pour celà il fallait un cle de registre on peut telecharger deux fichiers qui vont permettre de resoudre cà ca se nome compress_desactif.reg et ensuite compress_ actif.reg  c tres efficace bon il me reste un probleme c que je ne peux creer de point de restauration maintenant c tt alors si qqun serait merci 
un dernier et gros merci à tt ce qui mon aidé leurs patience j'y tiens et leur gentilesse parce que là il y avait de quoi s'arracher les cheveux avec moi. Ah oui ds mes peripetie j'ai trouve un lien GENIAL j'avais donc qq probleme d'ordi hihi comme vs avez pu le voir, et a un moment un problem de WMI deplacé ou manquant j'ai trouvé sur lenet ds ....ok je verifie pour vz donner l'adrresse et bien me croyez vs ou pas c le votre puff toujours aussi tete en l'ai cette karine !! merci ca aussi ma sauve mon ordi c trois ligne a taper dans cmd vous etes des petits genies!! 
donc mon seul probleme aujourd'hui creer un point de restauration je rentre dedans il me dis dans crrer un de lui donner un nom et qd c fait il me dit on ne peut oas creer un point de restauration merci si vous avez une idee bisous

Re virus svp pas de reponse absurde merci

30 réponses

Votre réponse

Discussions similaires

Newsletters