Ordi très très lent, virus ou autre ?

Réponse 21 / 50

tommy042 Messages postés 34 Statut Membre

Re !

Donc je n'ai pas trouvé de rapport msnfix, dsl !

Pour l'antivirus, j'avais avast, j'ai viré il y a peu, je vais mettre antivir, je te tiens au courant

a+

Réponse 22 / 50

tommy042 Messages postés 34 Statut Membre

j'ai coupé le rapport en 2

Avira AntiVir Personal
Report file date: mardi 28 octobre 2008 20:03

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ST-604E174AC125

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 14:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 13:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 13:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 13:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 07:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 14:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 13:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 15:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 09:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 09:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 13:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 28 octobre 2008 20:03

The scan of running processes will be started
Scan process 'LiveUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'hposts08.exe' - '1' Module(s) have been scanned
Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleil.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497062a4.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962a7.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962aa.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc10.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962ae.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc11.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962b1.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962b3.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc13.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962b6.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc14.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962b8.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc15.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962bb.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc16.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962bd.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc17.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962bf.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc18.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962c2.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc19.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962c4.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962c6.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc20.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d1.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc21.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d2.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc22.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4815cdf3.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d3.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc24.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4815cdf4.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc25.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d5.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc26.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d4.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4815cdf5.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4815cdf6.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d7.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d6.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4815cdf7.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc8.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4815cdf8.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc9.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '497962d9.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196277.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a48.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196278.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a49.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196279.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5aa.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196280.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a4a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196281.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5ab.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196282.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a4c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196283.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a4b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196284.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5ac.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196285.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5ad.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196286.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a4e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196287.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5af.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196288.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a50.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196289.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a4d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196290.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5ae.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196291.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196292.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a52.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196293.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b3.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196294.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a4f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196295.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b0.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196296.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a51.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196297.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a54.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196298.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b5.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196299.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a56.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196300.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b2.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196301.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a53.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196302.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b4.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196303.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b7.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196304.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a58.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196305.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b9.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196306.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a55.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196307.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b6.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196308.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '49387a57.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196309.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a5a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196310.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5bb.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196311.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '49387a5c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196312.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5b8.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196313.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a59.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196314.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5ba.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196315.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5bd.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196316.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a5e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196317.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5bf.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196318.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a5b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196319.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5bc.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196320.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a5d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196321.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a20.qua'!

Réponse 23 / 50

tommy042 Messages postés 34 Statut Membre

C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196322.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5c1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196323.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a22.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196324.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5be.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196325.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a5f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196326.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e580.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196327.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5c3.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196328.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a24.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196329.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5c5.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196330.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a61.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196331.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e582.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196332.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a63.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196333.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e584.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196334.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a26.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196335.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5c7.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196336.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a28.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196337.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a65.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196338.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e586.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196339.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a67.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196340.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5c9.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196341.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a2a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196342.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5cb.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196343.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a2c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196344.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b0.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196345.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b2.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196346.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '49387a60.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196347.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196348.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a62.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196349.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b4.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196350.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b6.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196351.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b8.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196352.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a69.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196353.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b3.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196354.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a64.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196355.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b5.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196356.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151ba.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196357.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a6b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196358.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151bc.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196359.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a66.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196360.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b7.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196361.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a68.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196362.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a6d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196363.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151be.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196364.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a6f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196365.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151b9.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196366.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a6a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196367.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151bb.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196368.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a6c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196369.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151a0.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196370.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a71.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196371.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151a2.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196372.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151bd.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196373.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a6e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196374.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151bf.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196375.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a10.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196376.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a73.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196377.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151a4.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196378.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a75.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196379.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151c1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196380.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a12.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196381.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '485151a6.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196382.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a77.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196383.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151a8.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196384.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151c3.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196385.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a14.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196386.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151c5.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196387.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a16.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196388.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a79.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196389.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151aa.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196390.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a7b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196391.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151c7.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196392.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a18.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196393.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151c9.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196394.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151ac.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196395.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a7d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196396.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151ae.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196397.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a70.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196398.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151a1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196399.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a72.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196400.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151a3.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196401.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a7f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196402.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515150.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196403.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a74.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196404.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '485151a5.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196405.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a76.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196406.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a81.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196407.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515152.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196408.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e594.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196409.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e595.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196410.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e597.qua'!

Réponse 24 / 50

tommy042 Messages postés 34 Statut Membre

C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196411.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a78.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196412.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e596.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196413.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e598.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196414.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e59a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196415.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e599.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196416.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a7a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196417.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e59b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196418.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e59c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196419.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e59e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196420.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e560.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196421.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e562.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196422.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a7c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196423.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e59d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196424.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a7e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196425.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a83.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196426.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e564.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196427.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a85.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196428.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e59f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196429.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a40.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196430.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5a1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196431.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e566.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196432.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a87.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196433.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a42.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196434.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5a3.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196435.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e568.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196437.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a89.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196438.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a44.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196439.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e5a5.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196440.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e56a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196441.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a8b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196442.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a80.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196443.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e561.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196444.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a82.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196445.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e56c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196446.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '49387a8d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196447.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515153.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196448.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a84.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196449.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '48515155.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196450.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a86.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196451.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515154.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196452.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515156.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196453.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515157.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196454.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a88.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196455.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '48515159.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196456.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515158.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196457.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851515a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196458.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851515c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196459.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a8a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196460.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851515b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196461.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851515e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196462.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a8f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196463.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515140.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196464.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a8c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196465.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851515d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196466.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a8e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196467.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a91.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196468.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515142.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196469.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851515f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196470.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387ab0.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196471.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a93.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196472.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515144.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196473.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a95.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196474.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e56d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196475.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e56f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196476.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e56e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196477.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e570.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196478.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e572.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196479.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a90.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196480.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '4852e571.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196481.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e574.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196482.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e576.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196483.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a92.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196484.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e573.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196485.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a94.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196486.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a97.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196487.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e578.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196488.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a99.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196489.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e57a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196490.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e575.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196491.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a96.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196492.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a9b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196493.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e57c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196494.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a9d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196495.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e577.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196496.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a98.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196497.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e579.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196498.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e57e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196499.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a9f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196500.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e540.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196501.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '49387a9a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196502.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.LO back-door program
[NOTE] The file was moved to '4852e57b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196503.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196504.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4852e542.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196505.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515148.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196506.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515149.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196507.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851514b.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196508.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a9c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196509.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851514a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196510.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851514c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196511.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851514e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196512.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851514d.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196513.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387a9e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196514.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851514f.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196515.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515170.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196516.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515172.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196517.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa3.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196518.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515151.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196519.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515161.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196520.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515174.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196521.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa5.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196522.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515176.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196523.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa7.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196524.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387ab2.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196525.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515163.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196526.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387ab4.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196527.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515178.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196528.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa9.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196529.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851517a.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196530.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa0.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196531.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515171.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196532.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa2.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196533.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aab.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196534.exe
[DETECTION] Is the TR/Dldr.DNSChanger.Gen Trojan
[NOTE] The file was moved to '4851517c.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196535.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aad.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196536.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515173.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196537.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aa4.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196538.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515175.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196539.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '4851517e.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196540.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387aaf.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196541.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48515160.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196542.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49387ab1.qua'!
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196543.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[WARNING] The file was ignored!

End of the scan: mardi 28 octobre 2008 21:47
Used time: 1:44:20 Hour(s)

The scan has been canceled!

3941 Scanning directories
176838 Files were scanned
266 viruses and/or unwanted programs were found
28 Files were classified as suspicious:
0 files were deleted
0 files were repaired
293 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
176542 Files not concerned
1045 Archives were scanned
7 Warnings
293 Notes

Réponse 25 / 50

tommy042 Messages postés 34 Statut Membre

Logfile of HijackThis v1.99.1
Scan saved at 00:48:33, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Nom supprimé Modération CCM as\Mes documents\nicole.fratan\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveUpdate] "C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" -R
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Documents and Settings\Nom supprimé Modération CCM s\Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Et voilà ! Le probleme demeure =/ meme si apparemment antivir a trouvé des trucs

Réponse 26 / 50

Utilisateur anonyme

Bonsoir,
Oui, beaucoup de trouvailles d'Antivir mais surtout dans la restauration système et dans la quarantaine de spybot.
Tu peux d'ailleurs vider la quarantaine de spybot.

Ta version de HiJackT est obselette. Je préfèrerai qu tu m'en vois des rapport de l'autre version. (tu peux supprimer la tienne).

Ensuite,
bon on va regarder plus en profondeur :
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par CCM.net. Dans ce cas utilise ce service http://www.cijoint.fr pour me l'envoyer (dépose le fichier puis poste le lien sur le forum).

Bon courage.

A+

Réponse 27 / 50

tommy042 Messages postés 34 Statut Membre

up . .. svp

Utilisateur anonyme

Coucou,

je t'ai pourtant répondu ;)

Réponse 28 / 50

tommy042 Messages postés 34 Statut Membre

Re ! dsl j'avais pas vu ta réponse ! Donc j'ai fait ocmbofix. voilà le rapport
Pour hijackthis, ou trouver la nouvelle version ??
Sinon, le probleme continue =/.
Merci en tout cas. a+

ComboFix 08-11-04.02 -Nom supprimé Modération CCM 2008-11-06 1:53:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.279 [GMT 1:00]
Lancé depuis: c:\documents and settings\xxxxxx\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\windows\system32\aavufppp.ini
c:\windows\system32\akhsuuag.ini
c:\windows\system32\atllvnwh.ini
c:\windows\system32\axckragv.ini
c:\windows\system32\ayvusroh.ini
c:\windows\system32\bfggtgvk.ini
c:\windows\system32\bhtovgnq.ini
c:\windows\system32\bjfbiomj.ini
c:\windows\system32\bknjigvj.ini
c:\windows\system32\blycgrco.ini
c:\windows\system32\bnbnadox.ini
c:\windows\system32\bpaugysg.ini
c:\windows\system32\bscfhgti.ini
c:\windows\system32\btqvhurp.ini
c:\windows\system32\bxclmfvv.ini
c:\windows\system32\bxqtphii.ini
c:\windows\system32\bxrcdlfk.ini
c:\windows\system32\cakeovwt.ini
c:\windows\system32\ccdvlfei.ini
c:\windows\system32\cchwmhsx.ini
c:\windows\system32\cmqqprdf.ini
c:\windows\system32\culorkrl.ini
c:\windows\system32\cumqkinv.ini
c:\windows\system32\ddsinngc.ini
c:\windows\system32\dljqfooe.ini
c:\windows\system32\dwxhpgbw.ini
c:\windows\system32\dwxtapsp.ini
c:\windows\system32\ecwvmjbg.ini
c:\windows\system32\eerwmhgl.ini
c:\windows\system32\elbtihfh.ini
c:\windows\system32\eutnycse.ini
c:\windows\system32\ewsikiwb.ini2
c:\windows\system32\ewsikiwb.tmp
c:\windows\system32\exdgjayv.ini
c:\windows\system32\expudpql.ini
c:\windows\system32\frorucem.ini
c:\windows\system32\fttnxdvk.ini
c:\windows\system32\fuspfahr.ini
c:\windows\system32\fyxmhuke.ini
c:\windows\system32\gcxdnkii.ini
c:\windows\system32\ghkmp.bak1
c:\windows\system32\ghkmp.bak2
c:\windows\system32\ghkmp.ini
c:\windows\system32\ghkmp.ini2
c:\windows\system32\ghkmp.tmp
c:\windows\system32\gjjrqmgo.ini
c:\windows\system32\gthdqsku.ini
c:\windows\system32\gyidesdf.ini
c:\windows\system32\hbmkccnl.ini
c:\windows\system32\hboafkxb.ini
c:\windows\system32\hbrjofki.ini
c:\windows\system32\hdwvkjkt.ini
c:\windows\system32\hlgsajig.ini
c:\windows\system32\hqwuqikl.ini
c:\windows\system32\hrbhfgiy.ini
c:\windows\system32\huytdhqh.ini
c:\windows\system32\hyntarvt.ini
c:\windows\system32\hyqpaggq.ini
c:\windows\system32\icnjxppl.ini
c:\windows\system32\iicxnyjs.ini
c:\windows\system32\ikclsvmj.ini
c:\windows\system32\iuftwtrn.ini
c:\windows\system32\iwjwwpfv.ini
c:\windows\system32\jbmwshnb.ini
c:\windows\system32\jmuagorh.ini
c:\windows\system32\jtfgclle.ini
c:\windows\system32\jtrxwicl.ini
c:\windows\system32\kgqexxjv.ini
c:\windows\system32\klbwrvfi.ini
c:\windows\system32\kocmuudw.ini
c:\windows\system32\kpwdycqc.ini
c:\windows\system32\ksmjppip.ini
c:\windows\system32\kvcaqlqs.ini
c:\windows\system32\lakiasif.ini
c:\windows\system32\ldewgcpy.ini
c:\windows\system32\liadpjmd.ini
c:\windows\system32\llggcnog.ini
c:\windows\system32\lmnmmavn.ini
c:\windows\system32\lspkbsjp.ini
c:\windows\system32\luyhcqkb.ini
c:\windows\system32\lwhbqpxv.ini
c:\windows\system32\mahgmtnd.ini
c:\windows\system32\mapqsbeu.ini
c:\windows\system32\mayldtia.ini
c:\windows\system32\mcypubvw.ini
c:\windows\system32\mjvtwkbi.ini
c:\windows\system32\mllxporx.ini
c:\windows\system32\mprsrbcx.ini
c:\windows\system32\nhwqporb.ini
c:\windows\system32\nikpomxp.ini
c:\windows\system32\nlcaktng.ini
c:\windows\system32\nwpaxgeh.ini
c:\windows\system32\obfmwkih.ini
c:\windows\system32\onkylhhp.ini
c:\windows\system32\ootsrugw.ini
c:\windows\system32\orlgvysu.ini
c:\windows\system32\outjmaiy.ini
c:\windows\system32\pentfgcw.ini
c:\windows\system32\pfjptdax.ini
c:\windows\system32\pjdrwyjg.ini
c:\windows\system32\pjhyoepo.ini
c:\windows\system32\pjksiovv.ini
c:\windows\system32\pkaalmyd.ini
c:\windows\system32\pojlgghf.ini
c:\windows\system32\pualvrxu.ini
c:\windows\system32\qaanfhfw.ini
c:\windows\system32\qejbopsg.ini
c:\windows\system32\qhtltrlm.ini
c:\windows\system32\qpobdihe.ini
c:\windows\system32\quroirbv.ini
c:\windows\system32\qxglofyw.ini
c:\windows\system32\rhcncexa.ini
c:\windows\system32\rmbkhokl.ini
c:\windows\system32\rounmewj.ini
c:\windows\system32\royravba.ini
c:\windows\system32\rpgujmqc.ini
c:\windows\system32\rxifuqrd.ini
c:\windows\system32\sdryuelu.ini
c:\windows\system32\sifdbbvh.ini
c:\windows\system32\tciffpri.ini
c:\windows\system32\telinefw.ini
c:\windows\system32\tgkxcqvg.ini
c:\windows\system32\tmqxkldi.ini
c:\windows\system32\tmxdwlqh.ini
c:\windows\system32\tngiiqxq.ini
c:\windows\system32\tngxqavl.ini
c:\windows\system32\trjlewgs.ini
c:\windows\system32\tsratluh.ini
c:\windows\system32\twefsatt.ini
c:\windows\system32\uahpwwdi.ini
c:\windows\system32\uaujvmdx.ini
c:\windows\system32\ufjwitgq.ini
c:\windows\system32\ulbwpjkx.ini
c:\windows\system32\uulftyto.ini
c:\windows\system32\vcyrdwll.ini
c:\windows\system32\vohfjxtt.ini
c:\windows\system32\vrutvvml.ini
c:\windows\system32\vtljbahd.ini
c:\windows\system32\vvlxxxdk.ini
c:\windows\system32\wlmhdkks.ini
c:\windows\system32\wnstscc.exe
c:\windows\system32\wslfxfom.ini
c:\windows\system32\wvafoovq.ini
c:\windows\system32\xcflctlt.ini
c:\windows\system32\xfhyiuam.ini
c:\windows\system32\xgcghhqe.ini
c:\windows\system32\xgvwjjts.ini
c:\windows\system32\xgythomw.ini
c:\windows\system32\xoohslmr.ini
c:\windows\system32\xuuprlip.ini
c:\windows\system32\xysmwmab.ini
c:\windows\system32\ykdcsnuj.ini
c:\windows\system32\ytlugeko.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_MANAGEMENT_SERVICE

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-06 au 2008-11-06 ))))))))))))))))))))))))))))))))))))
.

2008-10-28 20:00 . 2008-10-28 20:00 <REP> d-------- c:\program files\Avira
2008-10-28 20:00 . 2008-10-28 20:00 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2008-10-28 06:28 . 2008-10-28 06:28 <REP> d---s---- c:\documents and settings\xxxxxxx\UserData
2008-10-22 13:23 . 2008-10-22 13:23 <REP> d-------- C:\_OTMoveIt
2008-10-22 13:19 . 2008-10-22 13:19 <REP> d-------- C:\autorun.MSNFix
2008-10-21 09:44 . 2008-10-21 11:30 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-10-20 23:50 . 2008-10-20 23:50 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-10-20 18:37 . 2008-10-20 18:37 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-10-20 18:24 . 2008-10-20 18:24 <REP> d-------- C:\rsit
2008-10-20 18:24 . 2008-10-22 13:51 <REP> d-------- c:\program files\trend micro
2008-10-19 15:28 . 2008-10-19 16:38 112 --a------ c:\documents and settings\xxxxx\Application Data\wklnhst.dat
2008-10-17 17:24 . 2008-10-17 17:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-17 17:24 . 2008-10-17 17:24 <REP> d-------- c:\documents and settings\xxxxx\Application Data\Malwarebytes
2008-10-17 17:24 . 2008-10-17 17:24 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-17 17:24 . 2008-10-16 19:25 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 17:24 . 2008-10-16 19:25 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-17 16:39 . 2008-10-17 16:39 <REP> d-------- C:\!KillBox
2008-10-17 15:58 . 2008-10-17 15:58 <REP> d-------- c:\windows\ERUNT
2008-10-17 15:52 . 2008-10-17 15:52 <REP> d-------- c:\program files\MSXML 4.0
2008-10-17 15:47 . 2008-10-16 11:17 <REP> d-------- C:\SDFix
2008-10-17 14:02 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-10-17 14:02 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-17 13:59 . 2008-08-14 14:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 13:59 . 2008-08-14 14:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 13:59 . 2008-08-14 14:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 13:59 . 2008-08-14 14:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-17 13:47 . 2008-10-27 08:13 <REP> d--h----- c:\windows\$hf_mig$
2008-10-17 05:06 . 2007-07-30 18:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui
2008-10-17 05:06 . 2007-07-30 18:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-10-17 05:06 . 2007-07-30 18:19 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-10-17 05:06 . 2007-07-30 18:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui
2008-10-17 04:56 . 2008-10-17 04:56 <REP> d-------- c:\program files\Alwil Software
2008-10-17 04:52 . 2008-10-17 04:52 <REP> d-------- c:\documents and settings\xxxxxx\Application Data\TrojanHunter
2008-10-17 04:47 . 2008-10-17 04:52 <REP> d-------- c:\program files\TrojanHunter 5.0
2008-10-17 04:30 . 2008-10-17 04:30 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avg8
2008-10-17 03:13 . 2008-10-17 03:13 <REP> d-------- c:\documents and settings\xxxxxx\Application Data\Grisoft
2008-10-17 03:12 . 2008-10-17 03:12 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Grisoft
2008-10-17 03:03 . 2008-10-17 03:03 <REP> d-------- c:\program files\AVG
2008-10-17 02:52 . 2008-10-17 02:52 <REP> d-------- c:\program files\CCleaner
2008-10-14 02:32 . 2008-10-14 02:32 <REP> d-------- c:\program files\DIFX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 01:06 --------- d-----w c:\program files\Wanadoo
2008-11-05 02:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2008-10-17 03:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 03:39 --------- d-----w c:\program files\Wanadoo Messager
2008-10-17 03:34 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-10-17 03:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-17 03:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-09 14:35 --------- d-----w c:\documents and settings\xxxxxx\Application Data\TransRender
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-11 02:00 --------- d-----w c:\documents and settings\xxxxx\Application Data\DivX
2008-08-20 05:37 663,552 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:44 2,182,400 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:44 2,059,776 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-16 98304]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-18 185784]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LiveUpdate"="c:\program files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" [2007-09-05 270336]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users.WINDOWS\Menu D'marrer\Programmes\D'marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 1200128]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Utilitaire r'seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2006-09-16 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\xxxxxxx\\Bureau\\Extra\\eMule\\emule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tâches planifiées'

2007-04-15 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1165239207.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-NWEReboot - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.google.fr
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.search.msn.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 02:04:10
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\progra~1\Wanadoo\EspaceWanadoo.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
c:\program files\Samsung\Samsung PC Studio 3\Update\LiveUpdate.exe
.
**************************************************************************
.
Heure de fin: 2008-11-06 2:12:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-06 01:12:37

Avant-CF: 37 137 260 544 octets libres
Après-CF: 37,907,972,096 octets libres

320 --- E O F --- 2008-10-27 07:14:00

Réponse 29 / 50

Utilisateur anonyme

Bonjour Nom supprimé Modération CCM ,

Et bien, une belle brochette de fichiers Vundo de supprimée. Il faut dire que depuis le temps que tu trainais Virtumonde.
Le reste du rapport est clean.

Bon,
peux tu refaire un scanne en ligne Kasper. Le dernier parlait de près de 380 infections. Je ne suis pas sûr qu'il n'en reste pas quelques unes.

Je te remets la manip. :
> Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
N.B. : Le scan ne marche que sous Internet Explorer.
- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...). Allume les si nécessaire.
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.
- On va te demander de télécharger un contrôle active x, accepte .
- Dans le menu < Choisissez la cible de l'analyse >, sélectionne < Poste de travail >. Le scan va commencer.
- Poste le rapport qui sera généré stp. (clique sur <enregistrer le rapport> puis sauvegarde-le sur ton bureau en choisissant "fichier texte (*.txt)" pour l'extension).
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3
Rappel : le scan est à faire sous Internet Explorer
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Pour le rapport Kaspersky il faut que tu choisisses "Afficher le rapport" puis que tu l'enregistres sur ton bureau sous forme de fichier texte (type de fichier "tous les fichiers").

Bon courage,
à chaque fois on supprime une couche de saleté.

A+

Formatage en cours...3% Veuillez patienter. Merci.

Réponse 30 / 50

tommy042 Messages postés 34 Statut Membre

Re !! dsl du délai !

Donc j'ai fais le scan kaspersky, voilà le rapport :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 18, 2008 7:18:12 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 18/11/2008
Enregistrements dans la base antivirus Kaspersky : 1248288
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Statistiques de l'analyse:
Total d'objets analysés: 139785
Nombre de virus trouvés: 1
Nombre d'objets infectés: 46 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 04:39:17

Nom de l'objet infecté / Nom du virus / Dernière action
C:\autorun.MSNFix\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\db\CD.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\CD.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\db\CDTRAX.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\db\CDTRAX.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\PLAYGRPS.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\db\PLAYGRPS.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\db\PLAYLIST.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\PLAYLIST.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\PLAYLIST.FPT L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\PLAYTRAX.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\PLAYTRAX.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\TRACKS.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\TRACKS.FPT L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\TRACKS2.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\TRAKINFO.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\db\TRAKINFO.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\ErrorLogs\GenDevices.log L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Application Data\Real\RealOne Player\ErrorLogs\pdgenctnomad.log L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\ErrorLogs\pdgenwmdm.log L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Application Data\Real\RealOne Player\skins\data\normal\imgcache.dat L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Working\database_ACE4_253D_E425_AE2\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Working\database_ACE4_253D_E425_AE2\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Working\database_ACE4_253D_E425_AE2\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Working\database_ACE4_253D_E425_AE2\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Application Data\Microsoft\Windows Live Contacts\teqsunrise_448@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Application Data\Microsoft\Windows Live Contacts\teqsunrise_448@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Local Settings\Historique\History.IE5\MSHist012008111820081119\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\Local Settings\temp\~DF22D9.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Local Settings\temp\~DF2370.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxxx\Local Settings\temp\~DF6344.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\Local Settings\temp\~DF67DC.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxxx\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxxx\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\xxxxx\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-11-18.14-22-29.log L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196544.dll L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196545.dll L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196555.dll L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196569.dll L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP577\A0196574.exe L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP597\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd5149.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\updatelinkmsn\193902\urlmsnlink-193902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\195902\urlmsnlink-195902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\200310\urlmsnlink-200310.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\200902\urlmsnlink-200902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\202308\urlmsnlink-202308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\202538\urlmsnlink-202538.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\203308\urlmsnlink-203308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\204538\urlmsnlink-204538.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\205213\urlmsnlink-205213.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\210233\urlmsnlink-210233.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\210308\urlmsnlink-210308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\211902\urlmsnlink-211902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\212308\urlmsnlink-212308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\212755\urlmsnlink-212755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\213308\urlmsnlink-213308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\214902\urlmsnlink-214902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\215902\urlmsnlink-215902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\220940\urlmsnlink-220940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\221213\urlmsnlink-221213.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\221329\urlmsnlink-221329.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\221940\urlmsnlink-221940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222308\urlmsnlink-222308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222329\urlmsnlink-222329.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222645\urlmsnlink-222645.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222940\urlmsnlink-222940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\223329\urlmsnlink-223329.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\223445\urlmsnlink-223445.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\224902\urlmsnlink-224902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225308\urlmsnlink-225308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225755\urlmsnlink-225755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225902\urlmsnlink-225902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225940\urlmsnlink-225940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\230308\urlmsnlink-230308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\230755\urlmsnlink-230755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\230902\urlmsnlink-230902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\231308\urlmsnlink-231308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\231755\urlmsnlink-231755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\231939\urlmsnlink-231939.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\232308\urlmsnlink-232308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\232939\urlmsnlink-232939.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\233143\urlmsnlink-233143.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\233308\urlmsnlink-233308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\234308\urlmsnlink-234308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\234902\urlmsnlink-234902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\234939\urlmsnlink-234939.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\235308\urlmsnlink-235308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.

Réponse 31 / 50

Utilisateur anonyme

Bonsoir,

Ok, alors on continue :

> Télécharge OTMoveIT_3 (de Old_Timer) : http://oldtimer.geekstogo.com/OTMoveIt3.exe sur ton bureau...
- Double-clique sur OTMoveIt3.exe pour le lancer.
- Copie le texte qui se trouve ci-dessous et colle-le dans le cadre de gauche de OTMoveIt nommé < Paste standard List of Files/Folders to be moved > ( Image ).

:processes
explorer.exe

:files
C:\WINDOWS\system32\updatelinkmsn\193902\urlmsnlink-193902.dat 
C:\WINDOWS\system32\updatelinkmsn\195902\urlmsnlink-195902.dat 
C:\WINDOWS\system32\updatelinkmsn\200310\urlmsnlink-200310.dat 
C:\WINDOWS\system32\updatelinkmsn\200902\urlmsnlink-200902.dat 
C:\WINDOWS\system32\updatelinkmsn\202308\urlmsnlink-202308.dat 
C:\WINDOWS\system32\updatelinkmsn\202538\urlmsnlink-202538.dat 
C:\WINDOWS\system32\updatelinkmsn\203308\urlmsnlink-203308.dat
C:\WINDOWS\system32\updatelinkmsn\204538\urlmsnlink-204538.dat 
C:\WINDOWS\system32\updatelinkmsn\205213\urlmsnlink-205213.dat 
C:\WINDOWS\system32\updatelinkmsn\210233\urlmsnlink-210233.dat 
C:\WINDOWS\system32\updatelinkmsn\210308\urlmsnlink-210308.dat 
C:\WINDOWS\system32\updatelinkmsn\211902\urlmsnlink-211902.dat
C:\WINDOWS\system32\updatelinkmsn\212308\urlmsnlink-212308.dat 
C:\WINDOWS\system32\updatelinkmsn\212755\urlmsnlink-212755.dat 
C:\WINDOWS\system32\updatelinkmsn\213308\urlmsnlink-213308.dat 
C:\WINDOWS\system32\updatelinkmsn\214902\urlmsnlink-214902.dat 
C:\WINDOWS\system32\updatelinkmsn\215902\urlmsnlink-215902.dat 
C:\WINDOWS\system32\updatelinkmsn\220940\urlmsnlink-220940.dat 
C:\WINDOWS\system32\updatelinkmsn\221213\urlmsnlink-221213.dat 
C:\WINDOWS\system32\updatelinkmsn\221329\urlmsnlink-221329.dat 
C:\WINDOWS\system32\updatelinkmsn\221940\urlmsnlink-221940.dat 
C:\WINDOWS\system32\updatelinkmsn\222308\urlmsnlink-222308.dat 
C:\WINDOWS\system32\updatelinkmsn\222329\urlmsnlink-222329.dat
C:\WINDOWS\system32\updatelinkmsn\222645\urlmsnlink-222645.dat 
C:\WINDOWS\system32\updatelinkmsn\222940\urlmsnlink-222940.dat 
C:\WINDOWS\system32\updatelinkmsn\223329\urlmsnlink-223329.dat 
C:\WINDOWS\system32\updatelinkmsn\223445\urlmsnlink-223445.dat 
C:\WINDOWS\system32\updatelinkmsn\224902\urlmsnlink-224902.dat 
C:\WINDOWS\system32\updatelinkmsn\225308\urlmsnlink-225308.dat 
C:\WINDOWS\system32\updatelinkmsn\225755\urlmsnlink-225755.dat 
C:\WINDOWS\system32\updatelinkmsn\225902\urlmsnlink-225902.dat 
C:\WINDOWS\system32\updatelinkmsn\225940\urlmsnlink-225940.dat 
C:\WINDOWS\system32\updatelinkmsn\230308\urlmsnlink-230308.dat 
C:\WINDOWS\system32\updatelinkmsn\230755\urlmsnlink-230755.dat 
C:\WINDOWS\system32\updatelinkmsn\230902\urlmsnlink-230902.dat 
C:\WINDOWS\system32\updatelinkmsn\231308\urlmsnlink-231308.dat
C:\WINDOWS\system32\updatelinkmsn\231755\urlmsnlink-231755.dat 
C:\WINDOWS\system32\updatelinkmsn\231939\urlmsnlink-231939.dat 
C:\WINDOWS\system32\updatelinkmsn\232308\urlmsnlink-232308.dat 
C:\WINDOWS\system32\updatelinkmsn\232939\urlmsnlink-232939.dat 
C:\WINDOWS\system32\updatelinkmsn\233143\urlmsnlink-233143.dat 
C:\WINDOWS\system32\updatelinkmsn\233308\urlmsnlink-233308.dat 
C:\WINDOWS\system32\updatelinkmsn\234308\urlmsnlink-234308.dat 
C:\WINDOWS\system32\updatelinkmsn\234902\urlmsnlink-234902.dat
C:\WINDOWS\system32\updatelinkmsn\234939\urlmsnlink-234939.dat 
C:\WINDOWS\system32\updatelinkmsn\235308\urlmsnlink-235308.dat 

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

- Clique sur < MoveIt! > pour lancer la suppression.
N.B :Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
Un rapport est créé dans %SYSTEMDRIVE%\_OTMoveIt\MovedFiles\date du jour (souvent C:\_OTMoveIt\MovedFiles\), copie-colle-le dans ta réponse suivante.

Puis,
refais un scanne Kaspersky puis poste son rapport stp.

Comment va le PC ?
Si tout baigne je t'envoie la fini.

A+

Réponse 32 / 50

tommy042 Messages postés 34 Statut Membre

Bonsoir, j'ai donc fait OldTimer. Je vais poster le rapport, ensuite j'irais re-faire un kaspersky. Par contre, le probleme reste toujours le même, l'ordi rame beaucoup, j'ai toujours en permanence le petit chandelier a coté du pointeur de la souris et csrss.exe me bouffe toujours toute l'UC (qui est toujours à 100 % à cause de cela...). a+

Error: Unable to interpret <processes> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== FILES ==========
File/Folder C:\WINDOWS\system32\updatelinkmsn\193902\urlmsnlink-193902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\195902\urlmsnlink-195902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\200310\urlmsnlink-200310.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\200902\urlmsnlink-200902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\202308\urlmsnlink-202308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\202538\urlmsnlink-202538.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\203308\urlmsnlink-203308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\204538\urlmsnlink-204538.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\205213\urlmsnlink-205213.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\210233\urlmsnlink-210233.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\210308\urlmsnlink-210308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\211902\urlmsnlink-211902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\212308\urlmsnlink-212308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\212755\urlmsnlink-212755.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\213308\urlmsnlink-213308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\214902\urlmsnlink-214902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\215902\urlmsnlink-215902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\220940\urlmsnlink-220940.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\221213\urlmsnlink-221213.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\221329\urlmsnlink-221329.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\221940\urlmsnlink-221940.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\222308\urlmsnlink-222308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\222329\urlmsnlink-222329.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\222645\urlmsnlink-222645.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\222940\urlmsnlink-222940.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\223329\urlmsnlink-223329.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\223445\urlmsnlink-223445.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\224902\urlmsnlink-224902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\225308\urlmsnlink-225308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\225755\urlmsnlink-225755.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\225902\urlmsnlink-225902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\225940\urlmsnlink-225940.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\230308\urlmsnlink-230308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\230755\urlmsnlink-230755.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\230902\urlmsnlink-230902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\231308\urlmsnlink-231308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\231755\urlmsnlink-231755.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\231939\urlmsnlink-231939.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\232308\urlmsnlink-232308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\232939\urlmsnlink-232939.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\233143\urlmsnlink-233143.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\233308\urlmsnlink-233308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\234308\urlmsnlink-234308.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\234902\urlmsnlink-234902.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\234939\urlmsnlink-234939.dat not found.
File/Folder C:\WINDOWS\system32\updatelinkmsn\235308\urlmsnlink-235308.dat not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\xxxxxx\LOCALS~1\Temp\~DF5AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\xxxxxx\LOCALS~1\Temp\~DF88CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\xxxxxx\LOCALS~1\Temp\~DF9259.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\xxxxx\LOCALS~1\Temp\~DFB5D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 11202008_040400

Files moved on Reboot...
File C:\DOCUME~1\xxxxx\LOCALS~1\Temp\~DF5AE.tmp not found!
File C:\DOCUME~1\xxxxx\LOCALS~1\Temp\~DF88CE.tmp not found!
File C:\DOCUME~1\xxxxxx\LOCALS~1\Temp\~DF9259.tmp not found!
File C:\DOCUME~1\xxxxxx\LOCALS~1\Temp\~DFB5D.tmp not found!

Réponse 33 / 50

Utilisateur anonyme

Salut,
alors ?

Où en sont tes souci ?

As-tu le rapport Kasper please ?

Puis,
> Télécharge DiagHelp.zip (de Malekal_morte) sur ton bureau : http://www.malekal.com/download/DiagHelp.zip
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier DiagHelp va être créé.
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve aussi ici C:\resultat.txt
- Copie/colle le contenu du rapport obtenu et poste le sur le forum
Tuto si besoin est : http://www.malekal.com/DiagHelp/DiagHelp.php

A+

Réponse 34 / 50

tommy042 Messages postés 34 Statut Membre

Slt ! Merci de ne pas m'avoir laché ! Comme je te le disais + haut, aucune amélioration notable ! Ca devient même de pire en pire ! Le probleme reste toujours le même, l'ordi rame beaucoup, j'ai toujours en permanence le petit chandelier a coté du pointeur de la souris et csrss.exe me bouffe toujours toute l'UC (qui est toujours à 100 % à cause de cela...)

Je vais faire kaspersky et l'autre truc. a+

Réponse 35 / 50

Utilisateur anonyme

Salut Tommy,
Ok,
c'est bien dommage car dans les rapports actuels je ne vois plus rien. Avec un peu de chance dans le Kapser ou le DiagHelp il y a aura du nouveau.

Sinon, as-tu le CD WIndows ou as-tu moyen qu'on t'en prête un (même version) ?

Bon courage.
Je cherche....

A+

Réponse 36 / 50

tommy042 Messages postés 34 Statut Membre

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, November 22, 2008 12:32:35 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 21/11/2008
Enregistrements dans la base antivirus Kaspersky : 1255863
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Statistiques de l'analyse:
Total d'objets analysés: 136554
Nombre de virus trouvés: 1
Nombre d'objets infectés: 46 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:52:13

Nom de l'objet infecté / Nom du virus / Dernière action
C:\autorun.MSNFix\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\CD.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\CD.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\CDTRAX.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\CDTRAX.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\PLAYGRPS.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\PLAYGRPS.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\PLAYLIST.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\PLAYLIST.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\PLAYLIST.FPT L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\PLAYTRAX.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\PLAYTRAX.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\TRACKS.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\TRACKS.FPT L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\TRACKS2.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\TRAKINFO.CDX L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\db\TRAKINFO.DBF L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\ErrorLogs\GenDevices.log L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\ErrorLogs\pdgenctnomad.log L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\ErrorLogs\pdgenwmdm.log L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Application Data\Real\RealOne Player\skins\data\normal\imgcache.dat L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Adobe\Updater5\aumLib.log L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Working\database_ACE4_253D_E425_AE2\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Working\database_ACE4_253D_E425_AE2\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Messenger\teqsunrise_448@hotmail.com\SharingMetadata\Working\database_ACE4_253D_E425_AE2\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Application Data\Microsoft\Windows Live Contacts\teqsunrise_448@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Historique\History.IE5\MSHist012008112120081122\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\temp\~DF7FCD.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\temp\~DF8238.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\thomas\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-11-21.11-13-51.log L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{5793EC20-0F0E-4CE7-BC3A-059047890A11}\RP597\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd5149.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\updatelinkmsn\193902\urlmsnlink-193902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\195902\urlmsnlink-195902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\200310\urlmsnlink-200310.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\200902\urlmsnlink-200902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\202308\urlmsnlink-202308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\202538\urlmsnlink-202538.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\203308\urlmsnlink-203308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\204538\urlmsnlink-204538.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\205213\urlmsnlink-205213.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\210233\urlmsnlink-210233.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\210308\urlmsnlink-210308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\211902\urlmsnlink-211902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\212308\urlmsnlink-212308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\212755\urlmsnlink-212755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\213308\urlmsnlink-213308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\214902\urlmsnlink-214902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\215902\urlmsnlink-215902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\220940\urlmsnlink-220940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\221213\urlmsnlink-221213.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\221329\urlmsnlink-221329.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\221940\urlmsnlink-221940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222308\urlmsnlink-222308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222329\urlmsnlink-222329.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222645\urlmsnlink-222645.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\222940\urlmsnlink-222940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\223329\urlmsnlink-223329.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\223445\urlmsnlink-223445.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\224902\urlmsnlink-224902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225308\urlmsnlink-225308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225755\urlmsnlink-225755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225902\urlmsnlink-225902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\225940\urlmsnlink-225940.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\230308\urlmsnlink-230308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\230755\urlmsnlink-230755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\230902\urlmsnlink-230902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\231308\urlmsnlink-231308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\231755\urlmsnlink-231755.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\231939\urlmsnlink-231939.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\232308\urlmsnlink-232308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\232939\urlmsnlink-232939.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\233143\urlmsnlink-233143.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\233308\urlmsnlink-233308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\234308\urlmsnlink-234308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\234902\urlmsnlink-234902.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\234939\urlmsnlink-234939.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\updatelinkmsn\235308\urlmsnlink-235308.dat Infecté : Trojan-Clicker.HTML.IFrame.uu ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.

Réponse 37 / 50

tommy042 Messages postés 34 Statut Membre

Bonsoir ! donc voilà le rapport kaspersky plus haut. Peut-être faut-il formater ?.. Je ne sais plus quoi faire, en tout cas encore merci

Réponse 38 / 50

tommy042 Messages postés 34 Statut Membre

DiagHelp version v1.4 - http://www.malekal.com
excute le 22/11/2008 à 0:38:38,39

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->22/11/2008 00:38:36
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->22/11/2008 00:38:19
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->22/11/2008 00:37:54
C:\WINDOWS\prefetch\LIVEUPDATE.EXE-25C82012.pf -->22/11/2008 00:37:50
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->22/11/2008 00:37:46
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->22/11/2008 00:34:24
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->22/11/2008 00:32:54
C:\WINDOWS\prefetch\DRWTSN32.EXE-2B4B52AC.pf -->21/11/2008 21:38:52
C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf -->21/11/2008 21:28:09
C:\WINDOWS\prefetch\UPDATE.EXE-264167D5.pf -->21/11/2008 21:22:33

C:\WINDOWS\System32\drivers\avipbb.sys -->18/11/2008 17:07:57
C:\WINDOWS\System32\drivers\mrxsmb.sys -->24/10/2008 12:10:42
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->16/10/2008 19:25:46
C:\WINDOWS\System32\drivers\mbam.sys -->16/10/2008 19:25:34
C:\WINDOWS\System32\drivers\srv.sys -->28/08/2008 11:04:17
C:\WINDOWS\System32\drivers\afd.sys -->14/08/2008 10:51:43
C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 11:45:13

C:\WINDOWS\System32\wpa.dbl -->10/11/2008 15:14:44
C:\WINDOWS\System32\perfh00C.dat -->26/10/2008 14:30:01
C:\WINDOWS\System32\perfh009.dat -->26/10/2008 14:30:01
C:\WINDOWS\System32\perfc00C.dat -->26/10/2008 14:30:01
C:\WINDOWS\System32\perfc009.dat -->26/10/2008 14:30:01
C:\WINDOWS\System32\PerfStringBackup.INI -->26/10/2008 14:30:00
C:\WINDOWS\System32\CONFIG.NT -->21/10/2008 00:53:44
C:\WINDOWS\System32\FNTCACHE.DAT -->17/10/2008 15:56:14
C:\WINDOWS\System32\TZLog.log -->17/10/2008 15:53:40
C:\WINDOWS\System32\streamhlp.dll -->17/10/2008 04:48:01
C:\WINDOWS\System32\wuweb.dll -->16/10/2008 14:13:40
C:\WINDOWS\System32\wuaueng.dll -->16/10/2008 14:13:40
C:\WINDOWS\System32\wucltui.dll -->16/10/2008 14:12:22
C:\WINDOWS\System32\wuaucpl.cpl -->16/10/2008 14:12:20
C:\WINDOWS\System32\wuapi.dll -->16/10/2008 14:12:20
C:\WINDOWS\System32\wups2.dll -->16/10/2008 14:09:44
C:\WINDOWS\System32\wucltui.dll.mui -->16/10/2008 14:09:44
C:\WINDOWS\System32\wuauclt.exe -->16/10/2008 14:09:44
C:\WINDOWS\System32\cdm.dll -->16/10/2008 14:09:44
C:\WINDOWS\System32\wups.dll -->16/10/2008 14:08:58
C:\WINDOWS\System32\wuapi.dll.mui -->16/10/2008 14:08:06
C:\WINDOWS\System32\wuaucpl.cpl.mui -->16/10/2008 14:08:04
C:\WINDOWS\System32\wuaueng.dll.mui -->16/10/2008 14:07:32
C:\WINDOWS\System32\netapi32.dll -->15/10/2008 17:59:28
C:\WINDOWS\System32\msxml4.dll -->30/09/2008 16:43:34

C:\WINDOWS\WindowsUpdate.log -->21/11/2008 11:15:45
C:\WINDOWS\setupapi.log -->21/11/2008 11:14:06
C:\WINDOWS\0.log -->21/11/2008 11:14:01
C:\WINDOWS\wiadebug.log -->21/11/2008 11:13:55
C:\WINDOWS\wiaservc.log -->21/11/2008 11:13:51
C:\WINDOWS\bootstat.dat -->21/11/2008 11:13:47
C:\WINDOWS\SchedLgU.Txt -->21/11/2008 01:45:44
C:\WINDOWS\cdplayer.ini -->18/11/2008 10:36:46
C:\WINDOWS\tsoc.log -->13/11/2008 04:11:08
C:\WINDOWS\ocmsn.log -->13/11/2008 04:11:08
C:\WINDOWS\ocgen.log -->13/11/2008 04:11:08
C:\WINDOWS\ntdtcsetup.log -->13/11/2008 04:11:08
C:\WINDOWS\msgsocm.log -->13/11/2008 04:11:08
C:\WINDOWS\KB957097.log -->13/11/2008 04:11:08
C:\WINDOWS\imsins.log -->13/11/2008 04:11:08

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1712
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01810000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x10000000 0x7000 1.00.0000.0001 C:\PROGRA~1\Wanadoo\Inactivity.dll
0x013e0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x014a0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x01250000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x7d7b0000 0x20a000 9.00.0000.3250 C:\WINDOWS\system32\wmvcore.dll
0x4b410000 0x29000 9.00.0000.3250 C:\WINDOWS\system32\wmidx.dll
0x59d10000 0x3c000 9.00.0000.3250 C:\WINDOWS\system32\WMASF.DLL
0x02d10000 0x4f000 9.00.0000.3250 C:\WINDOWS\system32\DRMClien.DLL
0x02af0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x037a0000 0x3c000 1.07.0006.0062 C:\Program Files\Droppix\Droppix Recorder\ShImgFile.dll
0x03c30000 0x78000 1.07.0006.0144 C:\Program Files\Droppix\Droppix Recorder\Languages\French.dll
0x02bc0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x037e0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 816
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E425-0AE2

Répertoire de C:\WINDOWS\system

17/02/2004 03:51 1 458 176 SmWizard.exe
1 fichier(s) 1 458 176 octets
0 Rép(s) 37 477 748 736 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E425-0AE2

Répertoire de C:\WINDOWS\system32

05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 37 477 748 736 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E425-0AE2

Répertoire de C:\WINDOWS\Downloaded Program Files

18/11/2008 19:03 <REP> .
18/11/2008 19:03 <REP> ..
06/03/2006 00:12 65 desktop.ini
11/04/2007 13:55 1 292 erma.inf
13/08/2008 14:03 575 kavwebscan.inf
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
10/10/2008 15:43 335 PhotoUploader5.inf
10/10/2008 15:44 3 536 384 PhotoUploader5.ocx
27/03/2006 12:00 5 019 swflash.inf
7 fichier(s) 3 848 214 octets

Total des fichiers listés :
7 fichier(s) 3 848 214 octets
2 Rép(s) 37 477 748 736 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\thomas\\Bureau\\Extra\\eMule\\emule.exe"="C:\\Documents and Settings\\thomas\\Bureau\\Extra\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 00:39:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:a924f7d2
"s1"=dword:b0d7894c
"s2"=dword:b086d34b
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:27,32,61,c7,83,68,cc,b6,9c,96,3e,d3,ea,84,aa,fc,8b,f7,79,e9,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:27,32,61,c7,83,68,cc,b6,9c,96,3e,d3,ea,84,aa,fc,8b,f7,79,e9,fd,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000069e

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
220 - avguard.exe
232 - BTNtService.exe
236 - msnmsgr.exe
288 - GoogleUpdaterSe
792 - csrss.exe
816 - winlogon.exe
864 - services.exe
876 - lsass.exe
960 - svchost.exe
1028 - svchost.exe
1088 - IEXPLORE.EXE
1092 - svchost.exe
1232 - svchost.exe
1284 - svchost.exe
1384 - qttask.exe
1456 - realsched.exe
1492 - svchost.exe
1712 - explorer.exe
1732 - IEXPLORE.EXE
1776 - avgnt.exe
1784 - GoogleToolbarNo
1856 - alg.exe
2104 - BlueSoleil.exe
2116 - EspaceWanadoo.e
2132 - hpohmr08.exe
2156 - hpotdd01.exe
2256 - WLANUTL.exe
2320 - hpoevm08.exe
2388 - ComComp.exe
2488 - Toaster.exe
2504 - Inactivity.exe
2524 - PollingModule.e
2580 - hposts08.exe
2592 - ALERTM~1.EXE
3044 - usnsvc.exe
3472 - AcroRd32.exe
3700 - Watch.exe
3808 - cmd.exe
4028 - realplay.exe

Total number of processes = 40
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F8A37000 - \WINDOWS\system32\KDCOM.DLL
F8947000 - \WINDOWS\system32\BOOTVID.dll
F8446000 - sptd.sys
F8A39000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F842E000 - \WINDOWS\System32\Drivers\SPTD5149.SYS
F83FF000 - ACPI.sys
F83EE000 - pci.sys
F8537000 - isapnp.sys
F8547000 - ohci1394.sys
F8557000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F8AFF000 - PCIIde.sys
F87B7000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS
F8A3B000 - intelide.sys
F8567000 - MountMgr.sys
F83CF000 - ftdisk.sys
F87BF000 - PartMgr.sys
F8577000 - VolSnap.sys
F83B7000 - atapi.sys
F8587000 - disk.sys
F8597000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F8398000 - fltMgr.sys
F8386000 - sr.sys
F85A7000 - PxHelp20.sys
F836F000 - KSecDD.sys
F82E2000 - Ntfs.sys
F82B5000 - NDIS.sys
F829A000 - Mup.sys
F87C7000 - BTHidMgr.sys
F85B7000 - agp440.sys
F8677000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F749C000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F7488000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F8867000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F7465000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F886F000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F742F000 - \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
F740C000 - \SystemRoot\system32\DRIVERS\ks.sys
F730D000 - \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
F7265000 - \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
F8877000 - \SystemRoot\System32\Drivers\Modem.SYS
F887F000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS
F8887000 - \SystemRoot\system32\DRIVERS\fdc.sys
F7251000 - \SystemRoot\system32\DRIVERS\parport.sys
F8687000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F888F000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F8897000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7240000 - \SystemRoot\system32\DRIVERS\serial.sys
F826A000 - \SystemRoot\system32\DRIVERS\serenum.sys
F8697000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F86A7000 - \SystemRoot\system32\DRIVERS\redbook.sys
F86B7000 - \SystemRoot\system32\DRIVERS\imapi.sys
F70FA000 - \SystemRoot\system32\drivers\cmuda.sys
F70D6000 - \SystemRoot\system32\drivers\portcls.sys
F86C7000 - \SystemRoot\system32\drivers\drmk.sys
F708C000 - \SystemRoot\System32\Drivers\vaxscsi.sys
F6F22000 - \SystemRoot\System32\Drivers\SCSIPORT.SYS
F86E7000 - \SystemRoot\System32\Drivers\VcommMgr.sys
F824E000 - \SystemRoot\system32\DRIVERS\vbtenum.sys
F88A7000 - \SystemRoot\system32\DRIVERS\blueletaudio.sys
F88AF000 - \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
F8BFF000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8A61000 - \SystemRoot\System32\Drivers\RootMdm.sys
F86F7000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F824A000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6F0B000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8707000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F8717000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F88B7000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6EFA000 - \SystemRoot\system32\DRIVERS\psched.sys
F8727000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F88C7000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F88CF000 - \SystemRoot\system32\DRIVERS\raspti.sys
F823A000 - \SystemRoot\system32\DRIVERS\btnetdrv.sys
F88D7000 - \SystemRoot\system32\DRIVERS\VComm.sys
F8737000 - \SystemRoot\system32\DRIVERS\termdd.sys
F8A69000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6E91000 - \SystemRoot\system32\DRIVERS\update.sys
F8236000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F8747000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8757000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8A6F000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F88EF000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F8A75000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8BC5000 - \SystemRoot\System32\Drivers\Null.SYS
F8A77000 - \SystemRoot\System32\Drivers\Beep.SYS
F88FF000 - \SystemRoot\System32\drivers\vga.sys
F8A79000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8A7B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F8907000 - \SystemRoot\System32\Drivers\Msfs.SYS
F890F000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8A17000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F5BE5000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F5B8D000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F5B65000 - \SystemRoot\system32\DRIVERS\netbt.sys
F5B43000 - \SystemRoot\System32\drivers\afd.sys
F8797000 - \SystemRoot\system32\DRIVERS\netbios.sys
F8917000 - \SystemRoot\System32\Drivers\StarOpen.SYS
F891F000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
F5B18000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F5AA9000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F87A7000 - \SystemRoot\System32\Drivers\Fips.SYS
F5A88000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F8627000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F8272000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F7AC9000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F8927000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F892F000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F5A0A000 - \SystemRoot\system32\DRIVERS\WlanUZXP.sys
F59A9000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F826E000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F8A7F000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F7A79000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F5991000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8AA3000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F5D61000 - \SystemRoot\System32\drivers\Dxapi.sys
F8807000 - \SystemRoot\System32\watchdog.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
F8BEE000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\nv4_disp.dll
F47D3000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F3C8E000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F8A59000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F3AFC000 - \SystemRoot\system32\DRIVERS\srv.sys
F3C6E000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
F3AC0000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
F3A83000 - \SystemRoot\system32\drivers\wdmaud.sys
F3D4B000 - \SystemRoot\system32\drivers\sysaudio.sys
F3655000 - \SystemRoot\System32\Drivers\HTTP.sys
F3605000 - \??\C:\WINDOWS\system32\ZDPNDIS5.SYS
F109D000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F8B8B000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 134

Liste des programmes installes

Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Français
Archiveur WinRAR
AutoUpdate
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
BlueSoleil
C-Media 3D Audio
CCleaner (remove only)
Complément Microsoft Word pour Microsoft Works Suite
Correctif pour Windows XP (KB952287)
Correctif Windows XP - KB885884
DeepBurner v1.7.1.213
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
Droppix Recorder
eMule
Encyclopédie Microsoft Encarta 2004
FFWorld Triple Triad
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp psc 1200 series
ImTOO PSP Video Converter
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
LightScribe 1.4.105.1
Livebox
Malwarebytes' Anti-Malware
Media Player Classic fr
Microsoft AutoRoute v11.0
Microsoft Picture It! Photo Premium 9
Microsoft Picture It! Photo Premium 9
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB944338-v2)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950749)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956390)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour pour Windows XP (KB951072-v2)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
oggcodecs
Outil de connexion Wanadoo
Outil de mise à jour Google
Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
Photo et imagerie HP 2.0 - hp psc 1200 series
QuickTime
RealPlayer
Realtek AC'97 Audio
Ri4m v5.0.1d
Roxio RecordNow!
SAGEM Wi-Fi 11g USB adapter (Driver)
SAGEM Wi-Fi 11g USB adapter (Tool)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3
Samsung PC Studio 3
Samsung Samples Installer
Shockwave
Sony Ericsson Themes Creator 2.31
SpeedTouch USB Software
Sélecteur d'installation de Microsoft Works 2004
WebFldrs XP
Windows Live Messenger
WinMPG VideoConvert 6.8.0.3
Xilisoft MP4 Converter

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E425-0AE2

Répertoire de C:\Program Files

28/10/2008 20:00 <REP> .
28/10/2008 20:00 <REP> ..
03/04/2008 16:07 <REP> Adobe
18/04/2006 20:12 <REP> Alcohol Soft
17/10/2008 04:56 <REP> Alwil Software
04/02/2006 00:44 <REP> Astonsoft
17/10/2008 03:03 <REP> AVG
28/10/2008 20:00 <REP> Avira
29/10/2007 00:02 <REP> AviSynth 2.5
28/10/2007 23:01 <REP> AVS4YOU
17/10/2008 02:52 <REP> CCleaner
29/01/2006 15:08 <REP> CDBurnerXP Pro 3
16/09/2006 17:11 <REP> C-Media 3D Audio
14/10/2008 02:32 <REP> DIFX
06/04/2006 18:52 <REP> Disc2Phone
18/12/2007 15:16 <REP> DivX
24/09/2006 22:17 <REP> Droppix
01/08/2008 01:15 <REP> Eidos Interactive
01/10/2007 23:10 <REP> FFWorld Triple Triad
17/09/2007 19:06 <REP> FFWorld Triple Triad v3.1
06/11/2008 01:54 <REP> Fichiers communs
11/10/2007 01:43 <REP> Google
17/10/2008 03:12 <REP> Grisoft
04/12/2006 14:29 <REP> Hewlett-Packard
28/01/2006 23:30 <REP> HP
24/09/2006 22:17 <REP> illiminable
07/06/2007 20:44 <REP> ImTOO
17/10/2008 15:52 <REP> Internet Explorer
07/03/2006 00:14 <REP> IrfanView
11/10/2006 23:08 <REP> IVT Corporation
06/03/2006 01:18 <REP> Java
20/11/2006 03:11 <REP> Magicbit
17/10/2008 17:26 <REP> Malwarebytes' Anti-Malware
18/09/2006 00:23 <REP> Media Player Classic
17/10/2008 15:54 <REP> Messenger
23/10/2006 16:12 <REP> Microsoft AutoRoute
23/10/2006 16:17 <REP> Microsoft Encarta
28/01/2006 20:33 <REP> microsoft frontpage
23/10/2006 16:08 <REP> Microsoft Office
23/10/2006 16:16 <REP> Microsoft Picture It! 9
23/10/2006 16:08 <REP> Microsoft Works
23/10/2006 16:03 <REP> Microsoft Works Suite 2004
28/01/2006 20:30 <REP> Movie Maker
21/01/2007 16:13 <REP> MSN
28/01/2006 20:29 <REP> MSN Gaming Zone
14/09/2007 15:47 <REP> MSN Messenger
17/10/2008 15:52 <REP> MSXML 4.0
01/12/2006 22:07 <REP> NetMeeting
16/04/2006 14:44 <REP> Outlook Express
16/09/2006 18:13 <REP> QuickTime
31/01/2006 03:10 <REP> Real
29/01/2006 14:46 <REP> Realtek AC97
28/10/2007 21:07 <REP> Ripp-it_AM
12/04/2006 00:54 <REP> Roxio
16/09/2006 22:39 <REP> SAGEM
16/09/2006 22:39 <REP> SAGEM Wi-Fi USB 802.11g
14/06/2007 20:04 <REP> Samsung
28/01/2006 20:31 <REP> Services en ligne
05/11/2006 15:49 <REP> Sony Ericsson
17/10/2008 04:33 <REP> Spybot - Search & Destroy
28/04/2006 15:57 <REP> SpyBro
06/07/2007 21:12 <REP> SpyVampire
06/03/2006 00:24 <REP> Thomson
22/10/2008 13:51 <REP> trend micro
17/10/2008 04:52 <REP> TrojanHunter 5.0
22/11/2008 00:33 <REP> Wanadoo
17/10/2008 04:39 <REP> Wanadoo Messager
21/09/2007 20:52 <REP> Wgqhg
11/04/2006 02:38 <REP> Winamp
07/06/2007 20:34 <REP> WinAVI MP4 Converter
17/03/2006 01:54 <REP> Windows Media Player
23/04/2006 22:07 <REP> Windows NT
29/10/2007 00:16 <REP> WinMPG VideoConvert
14/03/2006 23:11 <REP> WinRAR
29/01/2006 20:04 <REP> WinZip
28/01/2006 20:33 <REP> xerox
29/10/2007 00:55 <REP> Xilisoft
0 fichier(s) 0 octets
77 Rép(s) 37 453 926 400 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E425-0AE2

Répertoire de C:\Program Files\fichiers communs

06/11/2008 01:54 <REP> .
06/11/2008 01:54 <REP> ..
03/04/2008 16:08 <REP> Adobe
29/10/2007 05:53 <REP> AVSMedia
23/10/2006 16:08 <REP> Designer
24/09/2006 22:17 <REP> Droppix
04/12/2006 14:31 <REP> Hewlett-Packard
01/08/2008 01:15 <REP> InstallShield
30/01/2006 02:41 <REP> Java
24/09/2006 22:17 <REP> LightScribe
28/10/2007 21:47 <REP> Microsoft Shared
28/01/2006 20:30 <REP> MSSoap
28/01/2006 21:20 <REP> ODBC
18/09/2006 00:07 <REP> Real
20/04/2006 15:52 <REP> rzuu
28/01/2006 20:30 <REP> Services
28/01/2006 21:19 <REP> SpeechEngines
16/04/2006 14:44 <REP> System
31/01/2006 03:11 <REP> xing shared
0 fichier(s) 0 octets
19 Rép(s) 37 453 926 400 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E425-0AE2

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

23/10/2006 16:08 <REP> .
23/10/2006 16:08 <REP> ..
23/10/2006 16:08 <REP> 1033
23/10/2006 16:08 <REP> 1036
15/02/2001 04:45 1 318 912 MSONSEXT.DLL
13/02/2001 07:23 58 784 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
06/08/2000 08:04 401 462 MSVCP60.DLL
22/01/2001 02:25 69 632 PKMAXCTL.DLL
22/01/2001 02:25 872 448 PKMCDO.DLL
22/01/2001 02:25 159 744 PKMCORE.DLL
07/02/2001 08:59 106 496 PKMFORMS.DLL
12/02/2001 03:03 684 032 PKMRES.DLL
22/01/2001 02:25 28 672 PKMSSTLB.DLL
22/01/2001 02:25 40 960 PKMTEMPL.DLL
22/01/2001 02:25 24 576 PKMTRACE.DLL
22/01/2001 02:25 86 016 PKMWS.DLL
22/01/2001 02:25 237 568 PROMDEMO.DLL
22/01/2001 02:25 184 320 SECMGR.DLL
22/01/2001 02:25 323 584 VAIDDMGR.DLL
22/01/2001 02:25 32 768 VAIMEM.DLL
18 fichier(s) 4 879 944 octets
4 Rép(s) 37 453 922 304 octets libres

c:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\french\setup.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\Nom supprimé Modération CCM s\Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
c:\Documents and Settings\Nom supprimé Modération CCM s\Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\sandra.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\unins000.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\eMule\emule.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\eMule\LinkCreator.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\eMule\Uninstall.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\msnsearch.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\Patch_MSN_Messenger.EXE
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\RstApp.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\SP26412.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft10~tmp\setup.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft12E.tmp\AFUWIN.EXE
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft12E.tmp\Installer.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Install.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\alcchkid.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\alcrmv.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\alcrmv9x.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\alcupd.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\ALCXDEV.EXE
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\ChCfg.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\GETDXVER.EXE
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\SetCDfmt.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\Setup.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\WDM\Alcxmntr.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\WDM\RTLCPL.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temp\pft5.tmp\Source\WDM\SoundMan.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temporary Internet Files\Content.IE5\E8M1V5WC\RealPlayer10-5GOLD_fr[1].exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temporary Internet Files\Content.IE5\EZU383EP\SP26381[1].exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temporary Internet Files\Content.IE5\GTSTQZKL\hbtools[1].exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temporary Internet Files\Content.IE5\IVONF0H0\RealPlayer10-5GOLD_fr[1].exe
c:\Documents and Settings\Nom supprimé Modération CCM \Local Settings\Temporary Internet Files\Content.IE5\KT6N01IN\iview398[1].exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\20061115134548296_Samsung_PC_Studio_31_Installer.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\3gp-converter-setup.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\aawsepersonal.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\alcohol-120_alcohol_120_1.9.5_build_3823_francais_11016.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\antivir-personal-edition_avira_antivir_personal_free_8.1.0.367_anglais_10821.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\BMP2PNG.EXE
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\ccsetup212.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\DeepBurner1.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\DivXPlay.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\dMC-r11.5.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\eMule0.47a-Installer.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\ewido-setup.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\ffwtt-v3.2.3.6049-full.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\ffwttv31.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\Flash_Disinfector.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\french398.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\Google Updater.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\GoogleEarthWin_EARW.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\HijackThis.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\HotzicBurner.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\Install_MSN_Messenger.EXE
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\installSansEspions71.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\ireal16.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\iview398.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\KillBox.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\malwarebytes-anti-malware_malwarebytes_anti-malware_1.27_francais_215092.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\mpc_install_xp_6.4.8.7_fr.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\mpc_install_xp_6.4.9.0b_fr.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\QuickTimeFullInstaller.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\RealONE_Player_2.0.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\rw2_021_w02_fra.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\setupfre.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SP26381.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SP26412.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\spybotsd14.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\spybotsd160.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\super_super_v2007_build_23_anglais_19891.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\TrojanHunterSetup.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\UltimateUserbar140.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\videoconvertersetup.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\wace26i.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\WDM_A382.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\winzip100.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\wrar351fr.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MP4Cam2AVI_v2.71\Mp4Cam2AVI.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MSNFix\incl\catchme.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MSNFix\incl\Hostsclean.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MSNFix\incl\MD5File.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MSNFix\incl\Process.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MSNFix\incl\setpath.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MSNFix\incl\swreg.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\MSNFix\incl\zip.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\exit.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\o4Patch.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\Policies.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\Process.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\restart.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\swreg.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\swsc.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\unzip.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\thomas\Application Data\MSNInstaller\msnauins.exe
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\schedule.exe
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\setup.exe
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\ff\firefoxgoogletoolbarsetup.exe
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdssetup.exe
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\rp\RealPlayer11GOLD_fr.exe
c:\Documents and Settings\thomas\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\thomas\Bureau\ComboFix.exe
c:\Documents and Settings\thomas\Bureau\Internet Explorer.EXE
c:\Documents and Settings\thomas\Bureau\kis8.0.0.454fr.exe
c:\Documents and Settings\thomas\Bureau\OTMoveIt3.exe
c:\Documents and Settings\thomas\Bureau\RSIT.exe
c:\Documents and Settings\thomas\Bureau\SDFix.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\thomas\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\thomas\Bureau\Extra\eMule\emule.exe
c:\Documents and Settings\thomas\Bureau\Extra\eMule\LinkCreator.exe
c:\Documents and Settings\thomas\Bureau\Extra\eMule\Uninstall.exe
c:\Documents and Settings\thomas\Bureau\SDFix\catchme.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\Cghtme.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\cliptext.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\download.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\ERUNT.EXE
c:\Documents and Settings\thomas\Bureau\SDFix\apps\FixPath.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\grep.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\isadmin.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\LS.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\MD5File.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\moveex.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\Process.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\procs.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\psservice.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\RestartIt!.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\sc.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\sed.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\SF.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\shutdown.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\Swreg.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\swsc.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\UnRAR.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\unzip.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\vfind.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\WINMSG.EXE
c:\Documents and Settings\thomas\Bureau\SDFix\apps\zip.exe
c:\Documents and Settings\thomas\Bureau\SDFix\apps\Replace\regedit.exe
c:\Documents and Settings\thomas\Bureau\Upload_Me\winchat.exe
c:\Documents and Settings\thomas\Bureau\Upload_Me\winhlp32.exe
c:\Documents and Settings\thomas\Bureau\Upload_Me\winlogon.exe
c:\Documents and Settings\thomas\Bureau\Upload_Me\winmine.exe
c:\Documents and Settings\thomas\Bureau\Upload_Me\winmsd.exe
c:\Documents and Settings\thomas\Bureau\Upload_Me\winspool.exe
c:\Documents and Settings\thomas\Bureau\Upload_Me\winver.exe
c:\Documents and Settings\thomas\Mes documents\iview398.exe
c:\Documents and Settings\thomas\Mes documents\jre-1_5_0_06-windows-i586-p-iftw.exe
c:\Documents and Settings\thomas\Mes documents\My Downloads\AVSVideoConverter.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aerdl.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Nom supprimé Modération CCM \Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\mfc71loc.dll
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\mfc71u.dll
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\msvcr71.dll
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\WCe300arm\SanPda.dll
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\WCe420arm\SanPda.dll
c:\Documents and Settings\Nom supprimé Modération CCM \Bureau\Extra\Applications\SiSoftware\SiSoftware Sandra Lite 2005.SR3\WCe421arm\SanPda.dll
c:\Documents and Settings\thomas\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\thomas\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\barcontrol.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdsapi.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\spcping.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\barcontrol.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\spcping.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\barcontrol.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\spcping.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\RUP\control.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\RUP\inst_config\compat.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\RUP\inst_config\fftbapi.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\RUP\inst_config\gdsapi.dll
c:\Documents and Settings\thomas\Application Data\Real\Update\setup\data\RUP\inst_config\gtapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_ST-604E174AC125.tar.gz a l'adresse http://upload.malekal.com

Réponse 39 / 50

Utilisateur anonyme

Salut Thomas,
Comment vas-tu ?

Bon,
ce logiciel me semble être un logiciel cracké, non ? https://www.01net.com/telecharger/windows/Utilitaire/gravure/fiches/50106.html

Merci de ta franchise.

Ok,
je vois déjà un souci :
> Rends toi sur le site Virus Total : https://www.virustotal.com/gui/ et fais analyser le/les fichier(s) suivant(s) : (Clique sur <parcourir> puis copie/colle la/les ligne(s) dans le cadre "Nom du Fichier", ensuite valide par <Ouvrir>. Clique alors sur <Envoyer un fichier>)

C:\WINDOWS\System32\Drivers\SPTD5149.SYS

et poste le/les résultat(s) par copier/coller (ou le/les lien(s) http, c'est plus rapide et préférable).
N.B. : Les fichiers doivent être analysés un par un. Ouvrir plusieurs fenêtres sur Virus Total peut bloquer les envois.

Ensuite,
SpyVampire est un rogue, donc :
> Télecharge et installe A-Squared : http://www.commentcamarche.net/telecharger/telecharger 224 a squared
- Lance le programme et fait le mise à jour
- Clique sur scanner l'ordinateur (à gauche) puis choisi <scan détail> puis cliquette sur <Scan> (en bas à droite). Le scan débute et peut être long.
- A la fin du scan coche toutes les cases et choisis <Supprimer les fichiers choisis>
- Ensuite clique sur <Générer un rapport> puis poste le stp.
Tuto : https://kerio.probb.fr/t223-tuto-pour-a-squared-free
PS : Il se peut que le rapport soit trop long pour le forum. Utilise alors ce service pour me l'envoyer http://www.cijoint.fr/ (poste le lien).

Ensuite,
> Télécharge DirLook (de jpshortstuff) : http://jpshortstuff.247fixes.com/DirLook.exe
- Double-clique sur DirLook.exe pour le lancer.
- Assure-toi que "Show Hidden Files" et "BBCode Ouput" soient bien cochés.
- Copie le contenu suivant dans le champ texte principal :

C:\Program Files\Wgqhg

- Clique sur le bouton <DirLook> pour lancer l'examen. Quand il est terminé, une fenêtre du Bloc-notes va s'ouvrir avec le résultat du scan.
- Poste le contenu ce rapport dans ta prochaine réponse. (Le rapport se trouve aussi ici C:\dl_log.txt).
Note : Il se peut que l'examen prenne plus de temps pour de gros répertoires.

Refais la même chose avec :

C:\Program Files\fichiers communs\rzuu

Puis,
> Télécharge ATF Cleaner par Atribune sur ton bureau.
- Démarre ATF-Cleaner et coche les valeurs suivantes :

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle Bin

- Clique sur <Empty Selected> et au message "Done Cleaning" sur <Ok>

NB : Si tu utilises Firefox ou Opera :
- Clique sur Firefox ou Opera en haut puis choisis <Select All>.
- Clique sur le bouton <Empty Selected> (NB : Si tu veux conserver tes mots de passe sauvegardés alors clique sur <No> à l'invite).
- Clique sur <Main> pour revenir à menu principal
- Clique sur <Exit>, du menu prinicipal, pour quitter ATFcleaner.
NB : Si le prefetch est nettoyé le redémarrage du PC sera plus lent.

A partir de là ton PC devrait être plus rapide.

Maintenant,
dans ce répertoire :
c:\Documents and Settings\Nom supprimé Modération CCM \Mes documents\nicole.fratan
tu as pleins de programmes dont je doute de leur légalité. Fais moi le plaisir de supprimer tout ce qui provient de e-mule stp. (notamment ta version Kaspersky ; je doute de son authenticité).

Conclusion : comme 90% des internautes ton infection provient de téléchargements illégaux (p2p).

A+

PS : et comment va le PC ?

Formatage en cours...3% Veuillez patienter. Merci.

Réponse 40 / 50

tommy042 Messages postés 34 Statut Membre

Salut DllD, ca va ??

Bon ben je vais me mettre à la procedure et te poster tout ça. Pour Droppix Recorder, je crois que je l'avais téléchargé sur telecharger.com justement. Apres, c vrai que j'utilise souvent Emule mais pas pour celui là. Je te poste les rapports et te tiens au courant !

a+

Ordi très très lent, virus ou autre ?

50 réponses

Votre réponse

Discussions similaires