Ordi infecté par trojan windows bloquer - Page 3

Résolu
Précédent
  • 1
  • 2
  • 3
  1. Utilisateur anonyme
     
    Télécharge ce fichier sur le bureau :

    http://downloads.malwareremoval.com/Nel/FixP.zip

    Extrait et double clique sur Fix_Protocol_zones_ranges.reg.

    Acceptes lorsqu'il te demande de fusionner avec le registre.

    ensuite :

    Telecharge UsbFix sur ton bureau

    --> Lance l installation avec les parametres par default

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci UsbFix sur ton bureau

    --> Le pc va redémarer

    -->Apres redémarrage post le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
    0
  2. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    -------------- UsbFix V2.395 ---------------

    * User : Van
    * Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
    * Recherche effectuée à 20:54:05 le 24/10/2008
    * Windows Xp - Internet Explorer 7.0.5730.11

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\AGS\AgentSrv.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\r_server.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\DOCUME~1\van\LOCALS~1\Temp\1.tmp\b2e.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    E: - Lecteur amovible

    +- Contenu de l'autorun : E:\autorun.inf

    [Autorun]
    Shellexecute=\SystemVolumeInformation\system.exe

    --------------- [ Registre / Startup ] ----------------

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    RMC REG_SZ C:\WINDOWS\system32\drivers\RMC.exe
    SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAShCut.exe
    RTHDCPL REG_SZ RTHDCPL.EXE
    Alcmtr REG_SZ ALCMTR.EXE
    ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
    HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    BigDogPath REG_SZ C:\WINDOWS\VM_STI.EXE NoteCam Direct 300
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    SystrayORAHSS REG_SZ "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    orahssStartup REG_SZ "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
    ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    AOLMUSIC REG_SZ C:\WINDOWS\system32\AOLMUSIC.EXE
    EMAIL REG_SZ C:\WINDOWS\system32\FREEEMAIL.exe

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d112239-1247-11dd-82a9-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d112239-1247-11dd-82a9-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1508f8b5-3bbd-11dd-82c8-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1508f8b5-3bbd-11dd-82c8-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{221db142-1daa-11dd-82af-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{221db142-1daa-11dd-82af-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2905a740-41ad-11dc-8222-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2905a740-41ad-11dc-8222-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cd30ac0-1798-11dd-82ac-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cd30ac0-1798-11dd-82ac-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92a6c39c-14a4-11db-808d-0060b3534d69}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92a6c39c-14a4-11db-808d-0060b3534d69}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7ccb2c8-096b-11dd-82a1-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7ccb2c8-096b-11dd-82a1-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae007028-eb72-11db-8195-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae007028-eb72-11db-8195-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c086d9b3-7737-11db-813e-00038a000015}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c086d9b3-7737-11db-813e-00038a000015}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - E:\autorun.inf

    --------------- ! Fin du rapport ! ----------------
    0
  3. Utilisateur anonyme
     
    refais un scan RSIT et post log.txt stp
    0
  4. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    ok le voici

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by van at 2008-10-24 21:08:40
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 41 GB (57%) free of 72 GB
    Total RAM: 511 MB (43% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:08:46, on 24/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AGS\AgentSrv.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\r_server.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\van\Bureau\RSIT.exe
    C:\Program Files\trend micro\van.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mule-force.com/homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE NoteCam Direct 300
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [*EMAIL] C:\WINDOWS\system32\FREEEMAIL.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AOLMUSIC] C:\WINDOWS\system32\AOLMUSIC.EXE
    O4 - HKCU\..\Run: [EMAIL] C:\WINDOWS\system32\FREEEMAIL.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: La Solution Ciel.lnk = C:\CIEL\STARTER.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\AGS\AgentSrv.EXE
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe (file missing)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier :C:\WINDOWS\system32\FREEEMAIL.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    0
  7. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    excuz ma nulite ms co g c pa ou se trouve le bloc note g fe un copie colle de la page
    :
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.24.3 2008.10.24 -
    AntiVir 7.9.0.9 2008.10.24 TR/Crypt.XPACK.Gen
    Authentium 5.1.0.4 2008.10.24 W32/LdPinch.D.gen!Eldorado
    Avast 4.8.1248.0 2008.10.24 Win32:Bandok-AS
    AVG 8.0.0.161 2008.10.25 BackDoor.Generic9.NTP
    BitDefender 7.2 2008.10.25 Backdoor.Bandok.BJ
    CAT-QuickHeal 9.50 2008.10.24 Backdoor.Bandok.bd
    ClamAV 0.93.1 2008.10.25 -
    DrWeb 4.44.0.09170 2008.10.25 BackDoor.Iam
    eSafe 7.0.17.0 2008.10.23 Suspicious File
    eTrust-Vet 31.6.6168 2008.10.25 -
    Ewido 4.0 2008.10.24 -
    F-Prot 4.4.4.56 2008.10.24 W32/LdPinch.D.gen!Eldorado
    F-Secure 8.0.14332.0 2008.10.25 Backdoor.Win32.Bandok.bd
    Fortinet 3.113.0.0 2008.10.25 W32/Bandook.A!tr.bdr
    GData 19 2008.10.25 Backdoor.Bandok.BJ
    Ikarus T3.1.1.44.0 2008.10.25 Backdoor.Win32.Bandok
    K7AntiVirus 7.10.506 2008.10.24 -
    Kaspersky 7.0.0.125 2008.10.25 Backdoor.Win32.Bandok.bd
    McAfee 5415 2008.10.25 BackDoor-CSN
    Microsoft 1.4005 2008.10.25 Backdoor:Win32/Bandok
    NOD32 3553 2008.10.24 probably a variant of Win32/Bandok
    Norman 5.80.02 2008.10.24 W32/Bandok.UX
    Panda 9.0.0.4 2008.10.25 Suspicious file
    PCTools 4.4.2.0 2008.10.24 Packed/Execryptor
    Prevx1 V2 2008.10.25 -
    Rising 21.00.42.00 2008.10.24 Trojan.Win32.Agent.ipc
    SecureWeb-Gateway 6.7.6 2008.10.24 Trojan.Crypt.XPACK.Gen
    Sophos 4.35.0 2008.10.25 Mal/Basine-A
    Sunbelt 3.1.1752.1 2008.10.24 Backdoor.Bandok.BI
    Symantec 10 2008.10.25 Backdoor.Trojan
    TheHacker 6.3.1.0.126 2008.10.25 Backdoor/Bandok.bd
    TrendMicro 8.700.0.1004 2008.10.24 PAK_Generic.001
    VBA32 3.12.8.8 2008.10.25 suspected of Backdoor.xBot.1 (paranoid heuristics)
    ViRobot 2008.10.24.1436 2008.10.24 -
    VirusBuster 4.5.11.0 2008.10.24 Packed/Execryptor
    Information additionnelle
    File size: 94720 bytes
    MD5...: c451e7c3ebb0860b20d3eb1079a3e49a
    SHA1..: fa787c455efd74a588b77aebcb96797f9abc6e87
    SHA256: 1ad8dc20e3093755a56ab8a7ce72a922005ab32ae4bf05453a32806c91ba9e86
    SHA512: a0dd9bcedd6243b6b082ac7208db32c448f788f78166f828d18d07314798125e
    4607d574abec9cf202fd8924c4ffdf4c65c9ac4026df7691740d30a002d2d173
    PEiD..: EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)
    TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1321cc88
    timedatestamp.....: 0x461378a0 (Wed Apr 04 10:06:24 2007)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x12000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rdata 0x13000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .data 0x14000 0xa4000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    nlquu929 0xb8000 0xe000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    qhommh4g 0xc6000 0x17000 0x16e00 7.99 baaac8b22367318efa7a3f69f76c64f3

    ( 0 imports )

    ( 0 exports )
    packers (Kaspersky): Execryptor
    packers (F-Prot): EXECryptor
    packers (Authentium): EXECryptor
    0
  8. Utilisateur anonyme
     
    Pas de soucis

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  9. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    ComboFix 08-10-24.02 - van 2008-10-24 21:44:17.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.228 [GMT -4:00]
    Lancé depuis: C:\Documents and Settings\van\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\perfc000.dat
    C:\WINDOWS\system32\winspool.dll
    C:\WINDOWS\zzzx.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_R_SERVER
    -------\Legacy_SMTPDRV
    -------\Legacy_WINDOWSDRIVER
    -------\Service_r_server
    -------\Service_WindowsDriver

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-25 au 2008-10-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-24 20:50 . 2008-10-24 20:54 <REP> d-------- C:\Program Files\UsbFix
    2008-10-24 20:17 . 2008-10-24 20:18 <REP> d-------- C:\rsit
    2008-10-24 19:28 . 2008-10-24 19:28 2,137,573 --a------ C:\upload_moi_VANESSA.tar.gz
    2008-10-23 20:33 . 2008-10-23 20:33 <REP> d-------- C:\WINDOWS\ERUNT
    2008-10-23 20:23 . 2008-10-23 23:14 <REP> d-------- C:\SDFix
    2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Program Files\Malwarebytes'Anti-Malware
    2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\van\Application Data\Malwarebytes
    2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-23 18:48 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-23 18:48 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-23 18:40 . 2008-10-23 18:40 1,172 --a------ C:\WINDOWS\mozver.dat
    2008-10-22 19:30 . 2008-10-23 18:30 <REP> d-------- C:\ToolBar SD
    2008-10-22 18:45 . 2008-10-24 21:08 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 06:17 . 2008-10-24 06:02 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Program Files\Avira
    2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-10-20 03:45 . 2008-05-01 10:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-10-19 21:57 . 2008-10-19 22:20 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-10-19 19:44 . 2008-10-19 19:44 <REP> d-------- C:\Program Files\Sun
    2008-10-19 19:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-10-19 14:37 . 2008-10-22 06:42 1,393 --a------ C:\WINDOWS\imsins.BAK
    2008-10-19 14:31 . 2008-10-19 14:31 <REP> d-------- C:\Program Files\Zelda Return of the Hylian
    2008-10-19 14:29 . 2008-10-20 02:55 <REP> d-------- C:\Program Files\Symantec
    2008-10-19 14:29 . 2008-10-19 14:29 <REP> d-------- C:\dfcfbd29597a7117e66f7aca6899c53f
    2008-10-18 17:57 . 2008-10-19 14:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-10-18 17:37 . 2008-10-19 15:25 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR
    2008-10-13 20:42 . 2008-10-19 14:30 <REP> d-------- C:\Documents and Settings\van\Application Data\Arcsoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-23 23:36 --------- d-----w C:\Program Files\MSN Messenger
    2008-10-22 20:50 --------- d-----w C:\Program Files\Azureus
    2008-10-20 07:39 --------- d-----w C:\Program Files\Alwil Software
    2008-10-20 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-19 23:37 --------- d-----w C:\Program Files\Java
    2008-10-19 20:45 --------- d-----w C:\Program Files\OrangeHSS
    2008-10-19 20:40 --------- d-----w C:\Program Files\Securitoo
    2008-10-19 18:31 --------- d-----w C:\Program Files\Yahoo!
    2008-10-18 14:51 --------- d-----w C:\Documents and Settings\van\Application Data\Image Zone Express
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2007-08-10 02:54 499 ----a-w C:\Documents and Settings\van\1.bat
    2007-08-10 01:04 746 ----a-w C:\Documents and Settings\van\1.reg
    2006-11-06 00:53 24,192 ----a-w C:\Documents and Settings\van\usbsermptxp.sys
    2006-11-06 00:53 22,768 ----a-w C:\Documents and Settings\van\usbsermpt.sys
    2006-08-04 20:31 452 ----a-w C:\Program Files\Raccourci vers Real.lnk
    2005-06-22 06:18 724,992 ----a-w C:\Documents and Settings\van\r_server.exe
    2004-07-03 07:47 29,728 ----a-w C:\Documents and Settings\van\raddrv.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
    "EMAIL"="C:\WINDOWS\system32\FREEEMAIL.exe" [2007-12-31 94720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 24576]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 102490]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 708698]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-03 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-12-11 94208]
    "orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-12-11 598016]
    "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-04-12 C:\WINDOWS\RTHDCPL.EXE]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "*EMAIL"="C:\WINDOWS\system32\FREEEMAIL.exe" [2007-12-31 94720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    C:\Documents and Settings\van\Mes documents\Menu D‚marrer\Programmes\D‚marrage\
    La Solution Ciel.lnk - C:\CIEL\STARTER.EXE [2006-11-18 487424]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-08-03 57344]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\WinVNC.exe"=
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "0:TCP"= 0:TCP:BND
    ":TCP"= :TCP:BNDFTP

    R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
    R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-04 226768]
    R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]
    S3 bDMusicb;bDMusicb;C:\DOCUME~1\van\LOCALS~1\Temp\bDMusicb.sys [ ]
    S3 MosSir;MosSir.sys;C:\WINDOWS\system32\DRIVERS\MosSir.sys [2004-12-13 22016]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D8G5SJH-37JD-F4SA6-VE44-VFD4FWQ2J7}]
    C:\WINDOWS\system32\AOLMUSIC.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{JF48FF-FK449F-FDS4F-GFS43FD-FSDF2-4FAC]
    C:\WINDOWS\system32\FREEEMAIL.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

    2007-11-18 C:\WINDOWS\Tasks\HDReg.job
    - c:\Apps\HDReg\HDRegRem.exe [2003-07-15 06:14]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-AOLMUSIC - C:\WINDOWS\system32\AOLMUSIC.EXE
    HKLM-Run-BigDogPath - C:\WINDOWS\VM_STI.EXE

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\van\Application Data\Mozilla\Firefox\Profiles\to6a4yeh.default\
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-24 21:49:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\AGS\AgentSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
    C:\APPS\HIDSERVICE\HidService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-24 21:58:03 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-25 01:57:58

    Avant-CF: 43 222 077 440 octets libres
    Après-CF: 43,201,507,328 octets libres

    187 --- E O F --- 2008-10-24 04:35:21
    0
  10. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\Documents and Settings\van\1.bat
    C:\Documents and Settings\van\1.reg
    C:\Documents and Settings\van\r_server.exe
    C:\upload_moi_VANESSA.tar.gz
    C:\WINDOWS\system32\FREEEMAIL.exe

    Folder::
    C:\Program Files\UsbFix
    C:\rsit
    C:\WINDOWS\ERUNT
    C:\SDFix

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EMAIL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "*EMAIL"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{JF48FF-FK449F-FDS4F-GFS43FD-FSDF2-4FAC]
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D8G5SJH-37JD-F4SA6-VE44-VFD4FWQ2J7}]


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  11. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    ComboFix 08-10-24.02 - van 2008-10-25 2:33:40.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.143 [GMT -4:00]
    Lancé depuis: C:\Documents and Settings\van\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    C:\Documents and Settings\van\1.bat
    C:\Documents and Settings\van\1.reg
    C:\Documents and Settings\van\r_server.exe
    C:\upload_moi_VANESSA.tar.gz
    C:\WINDOWS\system32\FREEEMAIL.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\van\1.bat
    C:\Documents and Settings\van\1.reg
    C:\Documents and Settings\van\r_server.exe
    C:\Program Files\UsbFix
    C:\Program Files\UsbFix\tmp.reg
    C:\Program Files\UsbFix\Tools\Ico.ico
    C:\Program Files\UsbFix\Tools\Ico2.ico
    C:\Program Files\UsbFix\Tools\Kill.exe
    C:\Program Files\UsbFix\Tools\Proc.exe
    C:\Program Files\UsbFix\Uninstal.exe
    C:\Program Files\UsbFix\UsbFix.exe
    C:\rsit
    C:\rsit\info.txt
    C:\rsit\log.txt
    C:\SDFix
    C:\SDFix\Add_DBFix_RunOnce_key.inf
    C:\SDFix\apps\assosfix.reg
    C:\SDFix\apps\Cghtme.exe
    C:\SDFix\apps\clb1.txt
    C:\SDFix\apps\cliptext.exe
    C:\SDFix\apps\DBFix.inf
    C:\SDFix\apps\download.exe
    C:\SDFix\apps\dummy.sys
    C:\SDFix\apps\Enable_Command_Prompt.inf
    C:\SDFix\apps\Enable_Command_Prompt.reg
    C:\SDFix\apps\ERDNT.E_E
    C:\SDFix\apps\ERDNTDOS.LOC
    C:\SDFix\apps\ERDNTWIN.LOC
    C:\SDFix\apps\ERUNT.EXE
    C:\SDFix\apps\ERUNT.LOC
    C:\SDFix\apps\fix.reg
    C:\SDFix\apps\FixBeep.reg
    C:\SDFix\apps\FixBH.reg
    C:\SDFix\apps\FixComponents.reg
    C:\SDFix\apps\FIXCU.reg
    C:\SDFix\apps\FIXLM.reg
    C:\SDFix\apps\FixPath.exe
    C:\SDFix\apps\FixRedir.reg
    C:\SDFix\apps\FixSchedule.reg
    C:\SDFix\apps\FixWebCheck.reg
    C:\SDFix\apps\fixXP.reg
    C:\SDFix\apps\FixXPsp2.reg
    C:\SDFix\apps\grep.exe
    C:\SDFix\apps\HaxdFix.reg
    C:\SDFix\apps\HPFix.reg
    C:\SDFix\apps\HPFix2.reg
    C:\SDFix\apps\HPFix3.reg
    C:\SDFix\apps\HPFix4.reg
    C:\SDFix\apps\HPFix5.reg
    C:\SDFix\apps\HPFix6.reg
    C:\SDFix\apps\HPFix7.reg
    C:\SDFix\apps\HPFix8.reg
    C:\SDFix\apps\HPFix9.reg
    C:\SDFix\apps\Installed.txt
    C:\SDFix\apps\isadmin.exe
    C:\SDFix\apps\leg2.txt
    C:\SDFix\apps\legacy.txt
    C:\SDFix\apps\legacybk.txt
    C:\SDFix\apps\locate.com
    C:\SDFix\apps\LS.exe
    C:\SDFix\apps\MD5File.exe
    C:\SDFix\apps\moveex.exe
    C:\SDFix\apps\MyGcpvFix.reg
    C:\SDFix\apps\MyGkFix2.reg
    C:\SDFix\apps\Process.exe
    C:\SDFix\apps\procs.exe
    C:\SDFix\apps\psservice.exe
    C:\SDFix\apps\Rem.txt
    C:\SDFix\apps\Rem2.txt
    C:\SDFix\apps\Replace\regedit.exe
    C:\SDFix\apps\Replace\w2k\AUTOEXEC.NT
    C:\SDFix\apps\Replace\w2k\beep.sys
    C:\SDFix\apps\Replace\w2k\command.com
    C:\SDFix\apps\Replace\w2k\command.PIF
    C:\SDFix\apps\Replace\w2k\CONFIG.NT
    C:\SDFix\apps\Replace\w2k\null.sys
    C:\SDFix\apps\Replace\xp\AUTOEXEC.NT
    C:\SDFix\apps\Replace\xp\beep.sys
    C:\SDFix\apps\Replace\xp\command.com
    C:\SDFix\apps\Replace\xp\command.PIF
    C:\SDFix\apps\Replace\xp\CONFIG.NT
    C:\SDFix\apps\Replace\xp\null.sys
    C:\SDFix\apps\Reset_AppInit_DLLs.reg
    C:\SDFix\apps\RestartIt!.exe
    C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg
    C:\SDFix\apps\Restore_SafeBoot_WindowsXP.reg
    C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
    C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
    C:\SDFix\apps\Restore_SecurityCenter.reg
    C:\SDFix\apps\Restore_SharedAccess.reg
    C:\SDFix\apps\sc.exe
    C:\SDFix\apps\sed.exe
    C:\SDFix\apps\SF.exe
    C:\SDFix\apps\shutdown.exe
    C:\SDFix\apps\srv2.txt
    C:\SDFix\apps\srv2bk.txt
    C:\SDFix\apps\svc.txt
    C:\SDFix\apps\svcbk.txt
    C:\SDFix\apps\Swreg.exe
    C:\SDFix\apps\swsc.exe
    C:\SDFix\apps\UnRAR.exe
    C:\SDFix\apps\unzip.exe
    C:\SDFix\apps\vfind.exe
    C:\SDFix\apps\WINMSG.EXE
    C:\SDFix\apps\winsec.reg
    C:\SDFix\apps\zip.exe
    C:\SDFix\backups\backupreg.zip
    C:\SDFix\backups\backups.zip
    C:\SDFix\backups\catchme.log
    C:\SDFix\backups\catchme.zip
    C:\SDFix\backups\HOSTS
    C:\SDFix\catchme.exe
    C:\SDFix\DBFix.bat
    C:\SDFix\dummy.sys
    C:\SDFix\Report.txt
    C:\SDFix\RunThis.bat
    C:\SDFix\SDFIX_ReadMe_Online.url
    C:\SDFix\W2K_VirusAlert_Repair.inf
    C:\SDFix\XP_VirusAlert_Repair.inf
    C:\upload_moi_VANESSA.tar.gz
    C:\WINDOWS\ERUNT
    C:\WINDOWS\ERUNT\SDFIX\DEFAULT
    C:\WINDOWS\ERUNT\SDFIX\ERDNT.CON
    C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    C:\WINDOWS\ERUNT\SDFIX\ERDNT.INF
    C:\WINDOWS\ERUNT\SDFIX\ERDNTDOS.LOC
    C:\WINDOWS\ERUNT\SDFIX\ERDNTWIN.LOC
    C:\WINDOWS\ERUNT\SDFIX\Find.txt
    C:\WINDOWS\ERUNT\SDFIX\RemLat.txt
    C:\WINDOWS\ERUNT\SDFIX\report.txt
    C:\WINDOWS\ERUNT\SDFIX\SAM
    C:\WINDOWS\ERUNT\SDFIX\SECURITY
    C:\WINDOWS\ERUNT\SDFIX\SOFTWARE
    C:\WINDOWS\ERUNT\SDFIX\SYSTEM
    C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\ntuser.dat
    C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
    C:\WINDOWS\ERUNT\SDFIX_First_Run\DEFAULT
    C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.CON
    C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.INF
    C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNTDOS.LOC
    C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNTWIN.LOC
    C:\WINDOWS\ERUNT\SDFIX_First_Run\SAM
    C:\WINDOWS\ERUNT\SDFIX_First_Run\SECURITY
    C:\WINDOWS\ERUNT\SDFIX_First_Run\SOFTWARE
    C:\WINDOWS\ERUNT\SDFIX_First_Run\SYSTEM
    C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\ntuser.dat
    C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
    C:\WINDOWS\system32\FREEEMAIL.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-25 au 2008-10-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Program Files\Malwarebytes'Anti-Malware
    2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\van\Application Data\Malwarebytes
    2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-23 18:48 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-23 18:48 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-23 18:40 . 2008-10-23 18:40 1,172 --a------ C:\WINDOWS\mozver.dat
    2008-10-22 19:30 . 2008-10-23 18:30 <REP> d-------- C:\ToolBar SD
    2008-10-22 18:45 . 2008-10-24 21:08 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 06:17 . 2008-10-24 06:02 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Program Files\Avira
    2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-10-20 03:45 . 2008-05-01 10:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-10-19 21:57 . 2008-10-19 22:20 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-10-19 19:44 . 2008-10-19 19:44 <REP> d-------- C:\Program Files\Sun
    2008-10-19 19:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-10-19 14:37 . 2008-10-22 06:42 1,393 --a------ C:\WINDOWS\imsins.BAK
    2008-10-19 14:31 . 2008-10-19 14:31 <REP> d-------- C:\Program Files\Zelda Return of the Hylian
    2008-10-19 14:29 . 2008-10-20 02:55 <REP> d-------- C:\Program Files\Symantec
    2008-10-19 14:29 . 2008-10-19 14:29 <REP> d-------- C:\dfcfbd29597a7117e66f7aca6899c53f
    2008-10-18 17:57 . 2008-10-19 14:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-10-18 17:37 . 2008-10-19 15:25 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR
    2008-10-13 20:42 . 2008-10-19 14:30 <REP> d-------- C:\Documents and Settings\van\Application Data\Arcsoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-23 23:36 --------- d-----w C:\Program Files\MSN Messenger
    2008-10-22 20:50 --------- d-----w C:\Program Files\Azureus
    2008-10-21 23:14 6,144 ----a-w C:\WINDOWS\system32\perfc000.VIR
    2008-10-20 07:39 --------- d-----w C:\Program Files\Alwil Software
    2008-10-20 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-19 23:37 --------- d-----w C:\Program Files\Java
    2008-10-19 20:45 --------- d-----w C:\Program Files\OrangeHSS
    2008-10-19 20:40 --------- d-----w C:\Program Files\Securitoo
    2008-10-19 18:31 --------- d-----w C:\Program Files\Yahoo!
    2008-10-18 14:51 --------- d-----w C:\Documents and Settings\van\Application Data\Image Zone Express
    2008-10-15 16:59 332,800 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-15 15:39 1,846,144 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-28 10:04 333,056 ------w C:\WINDOWS\system32\dllcache\srv.sys
    2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:44 2,182,400 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-08-14 13:44 2,138,112 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 13:44 2,059,776 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-08-14 13:44 2,017,792 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-08-14 09:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2006-11-06 00:53 24,192 ----a-w C:\Documents and Settings\van\usbsermptxp.sys
    2006-11-06 00:53 22,768 ----a-w C:\Documents and Settings\van\usbsermpt.sys
    2006-08-04 20:31 452 ----a-w C:\Program Files\Raccourci vers Real.lnk
    2004-07-03 07:47 29,728 ----a-w C:\Documents and Settings\van\raddrv.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 24576]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 102490]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 708698]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-03 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-12-11 94208]
    "orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-12-11 598016]
    "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-04-12 C:\WINDOWS\RTHDCPL.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    C:\Documents and Settings\van\Mes documents\Menu D‚marrer\Programmes\D‚marrage\
    La Solution Ciel.lnk - C:\CIEL\STARTER.EXE [2006-11-18 487424]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-08-03 57344]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\WinVNC.exe"=
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "0:TCP"= 0:TCP:BND
    ":TCP"= :TCP:BNDFTP

    R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
    R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-04 226768]
    R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]
    S3 bDMusicb;bDMusicb;C:\DOCUME~1\van\LOCALS~1\Temp\bDMusicb.sys [ ]
    S3 MosSir;MosSir.sys;C:\WINDOWS\system32\DRIVERS\MosSir.sys [2004-12-13 22016]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

    2007-11-18 C:\WINDOWS\Tasks\HDReg.job
    - c:\Apps\HDReg\HDRegRem.exe [2003-07-15 06:14]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-EMAIL - C:\WINDOWS\system32\FREEEMAIL.exe

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-25 02:36:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    Heure de fin: 2008-10-25 2:39:28
    ComboFix-quarantined-files.txt 2008-10-25 06:38:55
    ComboFix2.txt 2008-10-25 01:58:04

    Avant-CF: 43 615 633 408 octets libres
    Après-CF: 43,594,207,232 octets libres

    308 --- E O F --- 2008-10-24 04:35:21
    0
  12. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:46:59, on 25/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AGS\AgentSrv.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mule-force.com/homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: La Solution Ciel.lnk = C:\CIEL\STARTER.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\AGS\AgentSrv.EXE
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  13. Utilisateur anonyme
     
    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier :C:\WINDOWS\imsins.BAK

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.
    0
  14. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    salut!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    mon ordi semble fonctionner correctement plus de bip
    plus de plantage inopiné
    plus de blocage a l'ouverture de ma session!
    plus de erreur files corrupted
    antivir pt de nouveau fonctionner
    d'ailleur je vous met le dernier rapport

    Avira AntiVir Personal
    Report file date: samedi 25 octobre 2008 10:05

    Scanning for 1707164 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM

    Version information:
    BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 14:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 13:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 18:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 13:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:54:15
    ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 14:03:16
    ANTIVIR3.VDF : 7.0.7.90 187392 Bytes 25/10/2008 14:03:20
    Engineversion : 8.2.0.9
    AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 16:05:56
    AESCRIPT.DLL : 8.1.1.9 319867 Bytes 25/10/2008 14:03:41
    AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 16:05:56
    AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 12:06:02
    AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 16:05:56
    AEOFFICE.DLL : 8.1.0.29 196988 Bytes 25/10/2008 14:03:39
    AEHEUR.DLL : 8.1.0.63 1479032 Bytes 25/10/2008 14:03:37
    AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 16:05:56
    AEGEN.DLL : 8.1.0.42 319861 Bytes 25/10/2008 14:03:26
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 16:05:56
    AECORE.DLL : 8.1.2.8 172406 Bytes 25/10/2008 14:03:23
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 16:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 14:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 15:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 25/10/2008 14:03:21
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 17:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 18:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 18:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 19:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 19:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 25 octobre 2008 10:05

    The scan of running processes will be started
    Scan process 'avwsc.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
    Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
    Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'hprblog.exe' - '1' Module(s) have been scanned
    Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
    Scan process 'PhLeAutoRun.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'RMC.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'HidService.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'AgentSrv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    60 processes with 60 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '71' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Qoobox\Quarantine\C\Documents and Settings\van\r_server.exe.vir
    [DETECTION] Is the TR/RemoteAdmin.FC Trojan
    [NOTE] The file was moved to '49762dc6.qua'!
    C:\Qoobox\Quarantine\C\SDFix\backups\HOSTS.vir
    [DETECTION] Is the TR/AntiHosts.Gen Trojan
    [NOTE] The file was moved to '49562dc3.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335360.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362ddf.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335371.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362de6.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335379.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362def.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335394.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362df3.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0336393.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362df7.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0336402.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362dfc.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0336411.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362dfd.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337411.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5bb6.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337611.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e04.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337615.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e05.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337969.exe
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337969.exe
    [DETECTION] Contains recognition pattern of the WORM/Brontok.C worm
    [NOTE] The file was moved to '49362e1f.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337970.exe
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337970.exe
    [DETECTION] Contains recognition pattern of the WORM/Brontok.C worm
    [NOTE] The file was moved to '49362e20.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338023.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e26.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338074.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e2b.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338080.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e2c.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338092.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e2d.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP403\A0339093.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e2f.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339644.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e47.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339646.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5800.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339647.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e49.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339648.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e48.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339650.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5801.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339652.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5802.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339653.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e4b.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339654.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5804.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339655.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e4a.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339656.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5803.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339657.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e4c.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339659.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5805.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339661.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e4d.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339662.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5806.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339663.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e4f.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0339693.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e4e.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0340081.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e5e.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0340089.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f5817.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340132.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e62.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340484.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e73.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340495.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f583c.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340721.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e7f.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0341750.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e82.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0341756.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '49362e83.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0342751.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f58cc.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0342752.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was moved to '49362e84.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0347884.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e8a.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0347885.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was moved to '4a0f58c3.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP411\A0347912.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e8d.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP411\A0349914.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e8e.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP411\A0353928.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e90.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP412\A0354946.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362e9e.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP412\A0355024.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362ea0.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP412\A0355339.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362ea7.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356216.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362eaa.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356240.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362eab.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356251.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '4a0f58e4.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356284.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362eac.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356302.sys
    [DETECTION] Is the TR/Drop.Cutwail.AK Trojan
    [NOTE] The file was moved to '49362ead.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP417\A0358533.exe
    [DETECTION] Is the TR/RemoteAdmin.FC Trojan
    [NOTE] The file was moved to '49362ec2.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358670.exe
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE] The file was moved to '49362ec8.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358671.exe
    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
    [NOTE] The file was moved to '49362ec9.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358673.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '4a0f5882.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358674.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '49362ecb.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358675.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '49362eca.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358676.exe
    [DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
    [NOTE] The file was moved to '4a0f5883.qua'!
    C:\WINDOWS\888.exe
    [0] Archive type: RAR SFX (self extracting)
    --> r_server.exe
    [DETECTION] Is the TR/RemoteAdmin.FC Trojan
    [DETECTION] Contains recognition pattern of the DR/RAdmin.AC dropper
    [NOTE] The file was moved to '493b2ee1.qua'!
    C:\WINDOWS\heunh.exe
    [DETECTION] Is the TR/Dldr.Agent.ffn.2 Trojan
    [NOTE] The file was moved to '49782f10.qua'!
    C:\WINDOWS\quomw.exe
    [DETECTION] Is the TR/Agent.DLG Trojan
    [NOTE] The file was moved to '49722f24.qua'!
    C:\WINDOWS\system32\r_server.exe
    [DETECTION] Is the TR/RemoteAdmin.FC Trojan
    [NOTE] The file was moved to '4976323d.qua'!

    End of the scan: samedi 25 octobre 2008 10:50
    Used time: 45:32 Minute(s)

    The scan has been done completely.

    7240 Scanning directories
    268464 Files were scanned
    70 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    69 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    268392 Files not concerned
    7171 Archives were scanned
    2 Warnings
    69 Notes

    un GROS merci a geoffrey5 et chiquitine29 pour toute l'aide apporte
    vous etres super!

    MERCI
    BIOUSS
    0
  15. Utilisateur anonyme
     
    re

    vide la quarantaine de antivir

    réouvre hijackthis
    fais scan only
    coches ces lignes :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    tu les coches et tu clic sur fix checked

    ensuite désinstal java car pas a jours et telecharg et instal cette version :

    https://www.java.com/fr/download/manual.jsp

    ensuite :

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://download.piriform.com/ccsetup210.exe

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    -> Tuto : https://www.malekal.com/tutoriel-ccleaner/

    ensuite :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://pc-system.fr/
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    Désactive et réactive ta restauration system :

    (1) Désactiver la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétés
    Cliques sur l'onglet Restauration du système
    Coches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    (2) Activer la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétés
    Cliques sur l'onglet Restauration du système
    Décoches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

    0
  16. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    [ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\rapport_clean.txt: trouvé !
    C:\TB.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\Toolbar SD: trouvé !
    C:\Documents and Settings\van\Bureau\SdFix.exe: trouvé !
    C:\Documents and Settings\van\Bureau\Clean.zip: trouvé !
    C:\Documents and Settings\van\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\van\Bureau\ToolBarSD.exe: trouvé !
    C:\Documents and Settings\van\Bureau\UsbFix.exe: trouvé !
    C:\Documents and Settings\van\Bureau\UsbFix.lnk: trouvé !
    C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix: trouvé !
    C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
    C:\Program Files\Trend Micro\hijackthis.log: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\Qoobox\Quarantine\C\SDFIX: trouvé !
    C:\Qoobox\Quarantine\C\Program Files\UsbFix: trouvé !
    C:\Qoobox\Quarantine\C\WINDOWS\ERUNT\SDFIX: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\van\Bureau\SdFix.exe: supprimé !
    C:\Documents and Settings\van\Bureau\Clean.zip: supprimé !
    C:\Documents and Settings\van\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Documents and Settings\van\Bureau\ToolBarSD.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\rapport_clean.txt: supprimé !
    C:\TB.txt: supprimé !
    C:\UsbFix.txt: supprimé !
    C:\Documents and Settings\van\Bureau\UsbFix.exe: supprimé !
    C:\Documents and Settings\van\Bureau\UsbFix.lnk: supprimé !
    C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
    C:\Program Files\Trend Micro\hijackthis.log: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Qoobox: supprimé !
    C:\Toolbar SD: supprimé !
    C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    0
  17. lila21 Messages postés 37 Date d'inscription   Statut Membre 1
     
    ok
    merci
    chiquitine!!!!!!!!
    0
Précédent
  • 1
  • 2
  • 3