Sujet Précédent Sujet Suivant

Ordi infecté par trojan windows bloquer

Résolu
lila21 Messages postés 37 Statut Membre -  
 Utilisateur anonyme -
Bonjour,a tous j'ai des gros souci ec mon ordi;
au demarrage antivir detecte des trojans et bloque ma session,je n'ai donc pas acces a windows en fait mes icones ne s'affichent pas (jenvoie ce mess d'un ordi public).
Pour avoir acces a ma session il faut que je passe par le mode demarrage sans echec pour desactiver l'antivirus et ensuite lorsque je redemarre en normal (j'ai donc acces a ma session)un message s'affiche : erreur files corrupted et mon ordi redemarre automatiquement une fois sur deux a cause de N AUTORITE SYSTEM qui me dit que DCOM s'est termine de facon inattendu!

et lorsque je l antivirus est active au demarrage juste apres telechargement de mes parametres perso mais avt que mes icones ne s'affichent et que ts les programmes se lancent antivir bip plusieures fois parskil a detecter des "trojans " dans
c:\windows\system32\perfc000.dat c un TR.CRYPT.XPACK.GEN
c:\windows\system32\freeemail.exe c un TR.DELPHI.DOWNLOADER.GEN
c:\windows\system32\shvist.exe c un TR.CRYPT.XPACK.GEN

ET LA MON ORDI SE BLOQUE je ne peux ni supprimer ni mettre ces fichiers en quarantaine!!

j'ai aussi essayer de supprimer le fichier dat de facon manuelle mais rien n'y fait le fichier revient sans cesse et mon ordi est tjr infecter et empeche l'acces a ma session

je suis vrement trop nulle en informatique aidez moi svp!!!!!!!!!!
merci d'avance.
A voir également:

58 réponses

Précédent
Réponse 41 / 58
Utilisateur anonyme
 
Télécharge ce fichier sur le bureau :

http://downloads.malwareremoval.com/Nel/FixP.zip

Extrait et double clique sur Fix_Protocol_zones_ranges.reg.

Acceptes lorsqu'il te demande de fusionner avec le registre.

ensuite :

Telecharge UsbFix sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
0
Réponse 42 / 58
lila21 Messages postés 37 Statut Membre 1
 
-------------- UsbFix V2.395 ---------------

* User : Van
* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 20:54:05 le 24/10/2008
* Windows Xp - Internet Explorer 7.0.5730.11

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\AGS\AgentSrv.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\DOCUME~1\van\LOCALS~1\Temp\1.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

E: - Lecteur amovible

+- Contenu de l'autorun : E:\autorun.inf

[Autorun]
Shellexecute=\SystemVolumeInformation\system.exe

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
RMC REG_SZ C:\WINDOWS\system32\drivers\RMC.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAShCut.exe
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
BigDogPath REG_SZ C:\WINDOWS\VM_STI.EXE NoteCam Direct 300
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
SystrayORAHSS REG_SZ "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
orahssStartup REG_SZ "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AOLMUSIC REG_SZ C:\WINDOWS\system32\AOLMUSIC.EXE
EMAIL REG_SZ C:\WINDOWS\system32\FREEEMAIL.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d112239-1247-11dd-82a9-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d112239-1247-11dd-82a9-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1508f8b5-3bbd-11dd-82c8-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1508f8b5-3bbd-11dd-82c8-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{221db142-1daa-11dd-82af-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{221db142-1daa-11dd-82af-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2905a740-41ad-11dc-8222-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2905a740-41ad-11dc-8222-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cd30ac0-1798-11dd-82ac-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cd30ac0-1798-11dd-82ac-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92a6c39c-14a4-11db-808d-0060b3534d69}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92a6c39c-14a4-11db-808d-0060b3534d69}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7ccb2c8-096b-11dd-82a1-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7ccb2c8-096b-11dd-82a1-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae007028-eb72-11db-8195-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae007028-eb72-11db-8195-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c086d9b3-7737-11db-813e-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-180053380-1480792874-792489354-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c086d9b3-7737-11db-813e-00038a000015}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - E:\autorun.inf

--------------- ! Fin du rapport ! ----------------
0
Réponse 43 / 58
Utilisateur anonyme
 
refais un scan RSIT et post log.txt stp
0
Réponse 44 / 58
lila21 Messages postés 37 Statut Membre 1
 
ok le voici

Logfile of random's system information tool 1.04 (written by random/random)
Run by van at 2008-10-24 21:08:40
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 41 GB (57%) free of 72 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:46, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AGS\AgentSrv.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\van\Bureau\RSIT.exe
C:\Program Files\trend micro\van.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mule-force.com/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE NoteCam Direct 300
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [*EMAIL] C:\WINDOWS\system32\FREEEMAIL.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOLMUSIC] C:\WINDOWS\system32\AOLMUSIC.EXE
O4 - HKCU\..\Run: [EMAIL] C:\WINDOWS\system32\FREEEMAIL.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: La Solution Ciel.lnk = C:\CIEL\STARTER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\AGS\AgentSrv.EXE
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service Host Controller (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe (file missing)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 58
Utilisateur anonyme
 
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :C:\WINDOWS\system32\FREEEMAIL.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

0
Réponse 46 / 58
lila21 Messages postés 37 Statut Membre 1
 
excuz ma nulite ms co g c pa ou se trouve le bloc note g fe un copie colle de la page
:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.24.3 2008.10.24 -
AntiVir 7.9.0.9 2008.10.24 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.10.24 W32/LdPinch.D.gen!Eldorado
Avast 4.8.1248.0 2008.10.24 Win32:Bandok-AS
AVG 8.0.0.161 2008.10.25 BackDoor.Generic9.NTP
BitDefender 7.2 2008.10.25 Backdoor.Bandok.BJ
CAT-QuickHeal 9.50 2008.10.24 Backdoor.Bandok.bd
ClamAV 0.93.1 2008.10.25 -
DrWeb 4.44.0.09170 2008.10.25 BackDoor.Iam
eSafe 7.0.17.0 2008.10.23 Suspicious File
eTrust-Vet 31.6.6168 2008.10.25 -
Ewido 4.0 2008.10.24 -
F-Prot 4.4.4.56 2008.10.24 W32/LdPinch.D.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.25 Backdoor.Win32.Bandok.bd
Fortinet 3.113.0.0 2008.10.25 W32/Bandook.A!tr.bdr
GData 19 2008.10.25 Backdoor.Bandok.BJ
Ikarus T3.1.1.44.0 2008.10.25 Backdoor.Win32.Bandok
K7AntiVirus 7.10.506 2008.10.24 -
Kaspersky 7.0.0.125 2008.10.25 Backdoor.Win32.Bandok.bd
McAfee 5415 2008.10.25 BackDoor-CSN
Microsoft 1.4005 2008.10.25 Backdoor:Win32/Bandok
NOD32 3553 2008.10.24 probably a variant of Win32/Bandok
Norman 5.80.02 2008.10.24 W32/Bandok.UX
Panda 9.0.0.4 2008.10.25 Suspicious file
PCTools 4.4.2.0 2008.10.24 Packed/Execryptor
Prevx1 V2 2008.10.25 -
Rising 21.00.42.00 2008.10.24 Trojan.Win32.Agent.ipc
SecureWeb-Gateway 6.7.6 2008.10.24 Trojan.Crypt.XPACK.Gen
Sophos 4.35.0 2008.10.25 Mal/Basine-A
Sunbelt 3.1.1752.1 2008.10.24 Backdoor.Bandok.BI
Symantec 10 2008.10.25 Backdoor.Trojan
TheHacker 6.3.1.0.126 2008.10.25 Backdoor/Bandok.bd
TrendMicro 8.700.0.1004 2008.10.24 PAK_Generic.001
VBA32 3.12.8.8 2008.10.25 suspected of Backdoor.xBot.1 (paranoid heuristics)
ViRobot 2008.10.24.1436 2008.10.24 -
VirusBuster 4.5.11.0 2008.10.24 Packed/Execryptor
Information additionnelle
File size: 94720 bytes
MD5...: c451e7c3ebb0860b20d3eb1079a3e49a
SHA1..: fa787c455efd74a588b77aebcb96797f9abc6e87
SHA256: 1ad8dc20e3093755a56ab8a7ce72a922005ab32ae4bf05453a32806c91ba9e86
SHA512: a0dd9bcedd6243b6b082ac7208db32c448f788f78166f828d18d07314798125e
4607d574abec9cf202fd8924c4ffdf4c65c9ac4026df7691740d30a002d2d173
PEiD..: EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1321cc88
timedatestamp.....: 0x461378a0 (Wed Apr 04 10:06:24 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x13000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x14000 0xa4000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
nlquu929 0xb8000 0xe000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
qhommh4g 0xc6000 0x17000 0x16e00 7.99 baaac8b22367318efa7a3f69f76c64f3

( 0 imports )

( 0 exports )
packers (Kaspersky): Execryptor
packers (F-Prot): EXECryptor
packers (Authentium): EXECryptor
0
Réponse 47 / 58
Utilisateur anonyme
 
Pas de soucis

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 48 / 58
lila21 Messages postés 37 Statut Membre 1
 
ComboFix 08-10-24.02 - van 2008-10-24 21:44:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.228 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\van\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\perfc000.dat
C:\WINDOWS\system32\winspool.dll
C:\WINDOWS\zzzx.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_R_SERVER
-------\Legacy_SMTPDRV
-------\Legacy_WINDOWSDRIVER
-------\Service_r_server
-------\Service_WindowsDriver

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-25 au 2008-10-25 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 20:50 . 2008-10-24 20:54 <REP> d-------- C:\Program Files\UsbFix
2008-10-24 20:17 . 2008-10-24 20:18 <REP> d-------- C:\rsit
2008-10-24 19:28 . 2008-10-24 19:28 2,137,573 --a------ C:\upload_moi_VANESSA.tar.gz
2008-10-23 20:33 . 2008-10-23 20:33 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-23 20:23 . 2008-10-23 23:14 <REP> d-------- C:\SDFix
2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Program Files\Malwarebytes'Anti-Malware
2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\van\Application Data\Malwarebytes
2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 18:48 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 18:48 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 18:40 . 2008-10-23 18:40 1,172 --a------ C:\WINDOWS\mozver.dat
2008-10-22 19:30 . 2008-10-23 18:30 <REP> d-------- C:\ToolBar SD
2008-10-22 18:45 . 2008-10-24 21:08 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 06:17 . 2008-10-24 06:02 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Program Files\Avira
2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-20 03:45 . 2008-05-01 10:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-19 21:57 . 2008-10-19 22:20 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-10-19 19:44 . 2008-10-19 19:44 <REP> d-------- C:\Program Files\Sun
2008-10-19 19:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-19 14:37 . 2008-10-22 06:42 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-19 14:31 . 2008-10-19 14:31 <REP> d-------- C:\Program Files\Zelda Return of the Hylian
2008-10-19 14:29 . 2008-10-20 02:55 <REP> d-------- C:\Program Files\Symantec
2008-10-19 14:29 . 2008-10-19 14:29 <REP> d-------- C:\dfcfbd29597a7117e66f7aca6899c53f
2008-10-18 17:57 . 2008-10-19 14:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-18 17:37 . 2008-10-19 15:25 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR
2008-10-13 20:42 . 2008-10-19 14:30 <REP> d-------- C:\Documents and Settings\van\Application Data\Arcsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 23:36 --------- d-----w C:\Program Files\MSN Messenger
2008-10-22 20:50 --------- d-----w C:\Program Files\Azureus
2008-10-20 07:39 --------- d-----w C:\Program Files\Alwil Software
2008-10-20 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-19 23:37 --------- d-----w C:\Program Files\Java
2008-10-19 20:45 --------- d-----w C:\Program Files\OrangeHSS
2008-10-19 20:40 --------- d-----w C:\Program Files\Securitoo
2008-10-19 18:31 --------- d-----w C:\Program Files\Yahoo!
2008-10-18 14:51 --------- d-----w C:\Documents and Settings\van\Application Data\Image Zone Express
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-08-10 02:54 499 ----a-w C:\Documents and Settings\van\1.bat
2007-08-10 01:04 746 ----a-w C:\Documents and Settings\van\1.reg
2006-11-06 00:53 24,192 ----a-w C:\Documents and Settings\van\usbsermptxp.sys
2006-11-06 00:53 22,768 ----a-w C:\Documents and Settings\van\usbsermpt.sys
2006-08-04 20:31 452 ----a-w C:\Program Files\Raccourci vers Real.lnk
2005-06-22 06:18 724,992 ----a-w C:\Documents and Settings\van\r_server.exe
2004-07-03 07:47 29,728 ----a-w C:\Documents and Settings\van\raddrv.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"EMAIL"="C:\WINDOWS\system32\FREEEMAIL.exe" [2007-12-31 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 24576]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 708698]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-03 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-12-11 94208]
"orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-12-11 598016]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-12 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*EMAIL"="C:\WINDOWS\system32\FREEEMAIL.exe" [2007-12-31 94720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

C:\Documents and Settings\van\Mes documents\Menu D‚marrer\Programmes\D‚marrage\
La Solution Ciel.lnk - C:\CIEL\STARTER.EXE [2006-11-18 487424]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-08-03 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\WinVNC.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"0:TCP"= 0:TCP:BND
":TCP"= :TCP:BNDFTP

R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-04 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]
S3 bDMusicb;bDMusicb;C:\DOCUME~1\van\LOCALS~1\Temp\bDMusicb.sys [ ]
S3 MosSir;MosSir.sys;C:\WINDOWS\system32\DRIVERS\MosSir.sys [2004-12-13 22016]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D8G5SJH-37JD-F4SA6-VE44-VFD4FWQ2J7}]
C:\WINDOWS\system32\AOLMUSIC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{JF48FF-FK449F-FDS4F-GFS43FD-FSDF2-4FAC]
C:\WINDOWS\system32\FREEEMAIL.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2007-11-18 C:\WINDOWS\Tasks\HDReg.job
- c:\Apps\HDReg\HDRegRem.exe [2003-07-15 06:14]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-AOLMUSIC - C:\WINDOWS\system32\AOLMUSIC.EXE
HKLM-Run-BigDogPath - C:\WINDOWS\VM_STI.EXE

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\van\Application Data\Mozilla\Firefox\Profiles\to6a4yeh.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 21:49:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AGS\AgentSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\system32\slserv.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Heure de fin: 2008-10-24 21:58:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-25 01:57:58

Avant-CF: 43 222 077 440 octets libres
Après-CF: 43,201,507,328 octets libres

187 --- E O F --- 2008-10-24 04:35:21
0
Réponse 49 / 58
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\Documents and Settings\van\1.bat
C:\Documents and Settings\van\1.reg
C:\Documents and Settings\van\r_server.exe
C:\upload_moi_VANESSA.tar.gz
C:\WINDOWS\system32\FREEEMAIL.exe

Folder::
C:\Program Files\UsbFix
C:\rsit
C:\WINDOWS\ERUNT
C:\SDFix

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EMAIL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*EMAIL"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{JF48FF-FK449F-FDS4F-GFS43FD-FSDF2-4FAC]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D8G5SJH-37JD-F4SA6-VE44-VFD4FWQ2J7}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 50 / 58
lila21 Messages postés 37 Statut Membre 1
 
ComboFix 08-10-24.02 - van 2008-10-25 2:33:40.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.143 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\van\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Documents and Settings\van\1.bat
C:\Documents and Settings\van\1.reg
C:\Documents and Settings\van\r_server.exe
C:\upload_moi_VANESSA.tar.gz
C:\WINDOWS\system32\FREEEMAIL.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\van\1.bat
C:\Documents and Settings\van\1.reg
C:\Documents and Settings\van\r_server.exe
C:\Program Files\UsbFix
C:\Program Files\UsbFix\tmp.reg
C:\Program Files\UsbFix\Tools\Ico.ico
C:\Program Files\UsbFix\Tools\Ico2.ico
C:\Program Files\UsbFix\Tools\Kill.exe
C:\Program Files\UsbFix\Tools\Proc.exe
C:\Program Files\UsbFix\Uninstal.exe
C:\Program Files\UsbFix\UsbFix.exe
C:\rsit
C:\rsit\info.txt
C:\rsit\log.txt
C:\SDFix
C:\SDFix\Add_DBFix_RunOnce_key.inf
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\Cghtme.exe
C:\SDFix\apps\clb1.txt
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\DBFix.inf
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.inf
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBeep.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HaxdFix.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\Installed.txt
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\moveex.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\w2k\AUTOEXEC.NT
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\command.com
C:\SDFix\apps\Replace\w2k\command.PIF
C:\SDFix\apps\Replace\w2k\CONFIG.NT
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\xp\AUTOEXEC.NT
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\command.com
C:\SDFix\apps\Replace\xp\command.PIF
C:\SDFix\apps\Replace\xp\CONFIG.NT
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\Swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\UnRAR.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\catchme.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\DBFix.bat
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\W2K_VirusAlert_Repair.inf
C:\SDFix\XP_VirusAlert_Repair.inf
C:\upload_moi_VANESSA.tar.gz
C:\WINDOWS\ERUNT
C:\WINDOWS\ERUNT\SDFIX\DEFAULT
C:\WINDOWS\ERUNT\SDFIX\ERDNT.CON
C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
C:\WINDOWS\ERUNT\SDFIX\ERDNT.INF
C:\WINDOWS\ERUNT\SDFIX\ERDNTDOS.LOC
C:\WINDOWS\ERUNT\SDFIX\ERDNTWIN.LOC
C:\WINDOWS\ERUNT\SDFIX\Find.txt
C:\WINDOWS\ERUNT\SDFIX\RemLat.txt
C:\WINDOWS\ERUNT\SDFIX\report.txt
C:\WINDOWS\ERUNT\SDFIX\SAM
C:\WINDOWS\ERUNT\SDFIX\SECURITY
C:\WINDOWS\ERUNT\SDFIX\SOFTWARE
C:\WINDOWS\ERUNT\SDFIX\SYSTEM
C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\ntuser.dat
C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
C:\WINDOWS\ERUNT\SDFIX_First_Run\DEFAULT
C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.CON
C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.INF
C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNTDOS.LOC
C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNTWIN.LOC
C:\WINDOWS\ERUNT\SDFIX_First_Run\SAM
C:\WINDOWS\ERUNT\SDFIX_First_Run\SECURITY
C:\WINDOWS\ERUNT\SDFIX_First_Run\SOFTWARE
C:\WINDOWS\ERUNT\SDFIX_First_Run\SYSTEM
C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\ntuser.dat
C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
C:\WINDOWS\system32\FREEEMAIL.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-25 au 2008-10-25 ))))))))))))))))))))))))))))))))))))
.

2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Program Files\Malwarebytes'Anti-Malware
2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\van\Application Data\Malwarebytes
2008-10-23 18:48 . 2008-10-23 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 18:48 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 18:48 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 18:40 . 2008-10-23 18:40 1,172 --a------ C:\WINDOWS\mozver.dat
2008-10-22 19:30 . 2008-10-23 18:30 <REP> d-------- C:\ToolBar SD
2008-10-22 18:45 . 2008-10-24 21:08 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 06:17 . 2008-10-24 06:02 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Program Files\Avira
2008-10-20 19:42 . 2008-10-20 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-20 03:45 . 2008-05-01 10:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-19 21:57 . 2008-10-19 22:20 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-10-19 19:44 . 2008-10-19 19:44 <REP> d-------- C:\Program Files\Sun
2008-10-19 19:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-19 15:01 . 2008-06-14 13:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-19 14:37 . 2008-10-22 06:42 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-19 14:31 . 2008-10-19 14:31 <REP> d-------- C:\Program Files\Zelda Return of the Hylian
2008-10-19 14:29 . 2008-10-20 02:55 <REP> d-------- C:\Program Files\Symantec
2008-10-19 14:29 . 2008-10-19 14:29 <REP> d-------- C:\dfcfbd29597a7117e66f7aca6899c53f
2008-10-18 17:57 . 2008-10-19 14:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-18 17:37 . 2008-10-19 15:25 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR
2008-10-13 20:42 . 2008-10-19 14:30 <REP> d-------- C:\Documents and Settings\van\Application Data\Arcsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 23:36 --------- d-----w C:\Program Files\MSN Messenger
2008-10-22 20:50 --------- d-----w C:\Program Files\Azureus
2008-10-21 23:14 6,144 ----a-w C:\WINDOWS\system32\perfc000.VIR
2008-10-20 07:39 --------- d-----w C:\Program Files\Alwil Software
2008-10-20 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-19 23:37 --------- d-----w C:\Program Files\Java
2008-10-19 20:45 --------- d-----w C:\Program Files\OrangeHSS
2008-10-19 20:40 --------- d-----w C:\Program Files\Securitoo
2008-10-19 18:31 --------- d-----w C:\Program Files\Yahoo!
2008-10-18 14:51 --------- d-----w C:\Documents and Settings\van\Application Data\Image Zone Express
2008-10-15 16:59 332,800 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ------w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:44 2,182,400 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 13:44 2,138,112 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 13:44 2,059,776 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 13:44 2,017,792 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-14 09:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2006-11-06 00:53 24,192 ----a-w C:\Documents and Settings\van\usbsermptxp.sys
2006-11-06 00:53 22,768 ----a-w C:\Documents and Settings\van\usbsermpt.sys
2006-08-04 20:31 452 ----a-w C:\Program Files\Raccourci vers Real.lnk
2004-07-03 07:47 29,728 ----a-w C:\Documents and Settings\van\raddrv.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2005-03-28 24576]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-04 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-04 708698]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-03 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-12-11 94208]
"orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-12-11 598016]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-12 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

C:\Documents and Settings\van\Mes documents\Menu D‚marrer\Programmes\D‚marrage\
La Solution Ciel.lnk - C:\CIEL\STARTER.EXE [2006-11-18 487424]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-08-03 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\WinVNC.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"0:TCP"= 0:TCP:BND
":TCP"= :TCP:BNDFTP

R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 13912]
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-04 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 28160]
S3 bDMusicb;bDMusicb;C:\DOCUME~1\van\LOCALS~1\Temp\bDMusicb.sys [ ]
S3 MosSir;MosSir.sys;C:\WINDOWS\system32\DRIVERS\MosSir.sys [2004-12-13 22016]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tâches planifiées'

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2007-11-18 C:\WINDOWS\Tasks\HDReg.job
- c:\Apps\HDReg\HDRegRem.exe [2003-07-15 06:14]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-EMAIL - C:\WINDOWS\system32\FREEEMAIL.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 02:36:44
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
Heure de fin: 2008-10-25 2:39:28
ComboFix-quarantined-files.txt 2008-10-25 06:38:55
ComboFix2.txt 2008-10-25 01:58:04

Avant-CF: 43 615 633 408 octets libres
Après-CF: 43,594,207,232 octets libres

308 --- E O F --- 2008-10-24 04:35:21
0
Réponse 51 / 58
lila21 Messages postés 37 Statut Membre 1
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:46:59, on 25/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGS\AgentSrv.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mule-force.com/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: La Solution Ciel.lnk = C:\CIEL\STARTER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\AGS\AgentSrv.EXE
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 52 / 58
Utilisateur anonyme
 
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :C:\WINDOWS\imsins.BAK

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
0
Réponse 53 / 58
lila21 Messages postés 37 Statut Membre 1
 
salut!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
mon ordi semble fonctionner correctement plus de bip
plus de plantage inopiné
plus de blocage a l'ouverture de ma session!
plus de erreur files corrupted
antivir pt de nouveau fonctionner
d'ailleur je vous met le dernier rapport

Avira AntiVir Personal
Report file date: samedi 25 octobre 2008 10:05

Scanning for 1707164 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 14:03:16
ANTIVIR3.VDF : 7.0.7.90 187392 Bytes 25/10/2008 14:03:20
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 16:05:56
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 25/10/2008 14:03:41
AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 16:05:56
AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 12:06:02
AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 16:05:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 25/10/2008 14:03:39
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 25/10/2008 14:03:37
AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 16:05:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 25/10/2008 14:03:26
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 16:05:56
AECORE.DLL : 8.1.2.8 172406 Bytes 25/10/2008 14:03:23
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 25/10/2008 14:03:21
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 25 octobre 2008 10:05

The scan of running processes will be started
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'PhLeAutoRun.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'RMC.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'AgentSrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '71' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\Documents and Settings\van\r_server.exe.vir
[DETECTION] Is the TR/RemoteAdmin.FC Trojan
[NOTE] The file was moved to '49762dc6.qua'!
C:\Qoobox\Quarantine\C\SDFix\backups\HOSTS.vir
[DETECTION] Is the TR/AntiHosts.Gen Trojan
[NOTE] The file was moved to '49562dc3.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335360.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362ddf.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335371.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362de6.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335379.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362def.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0335394.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362df3.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0336393.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362df7.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0336402.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362dfc.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0336411.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362dfd.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337411.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5bb6.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337611.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e04.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337615.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e05.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337969.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337969.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.C worm
[NOTE] The file was moved to '49362e1f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337970.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0337970.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.C worm
[NOTE] The file was moved to '49362e20.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338023.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e26.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338074.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e2b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338080.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e2c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0338092.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e2d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP403\A0339093.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e2f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339644.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e47.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339646.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5800.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339647.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e49.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339648.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e48.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339650.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5801.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339652.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5802.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339653.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e4b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339654.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5804.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339655.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e4a.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339656.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5803.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339657.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e4c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339659.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5805.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339661.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e4d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339662.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5806.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0339663.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e4f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0339693.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e4e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0340081.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e5e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0340089.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f5817.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340132.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e62.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340484.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e73.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340495.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f583c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP408\A0340721.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e7f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0341750.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e82.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0341756.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49362e83.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0342751.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f58cc.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0342752.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49362e84.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0347884.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e8a.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP409\A0347885.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4a0f58c3.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP411\A0347912.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e8d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP411\A0349914.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e8e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP411\A0353928.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e90.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP412\A0354946.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362e9e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP412\A0355024.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362ea0.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP412\A0355339.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362ea7.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356216.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362eaa.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356240.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362eab.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356251.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '4a0f58e4.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356284.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362eac.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP413\A0356302.sys
[DETECTION] Is the TR/Drop.Cutwail.AK Trojan
[NOTE] The file was moved to '49362ead.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP417\A0358533.exe
[DETECTION] Is the TR/RemoteAdmin.FC Trojan
[NOTE] The file was moved to '49362ec2.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358670.exe
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '49362ec8.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358671.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to '49362ec9.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358673.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a0f5882.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358674.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49362ecb.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358675.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49362eca.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP419\A0358676.exe
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to '4a0f5883.qua'!
C:\WINDOWS\888.exe
[0] Archive type: RAR SFX (self extracting)
--> r_server.exe
[DETECTION] Is the TR/RemoteAdmin.FC Trojan
[DETECTION] Contains recognition pattern of the DR/RAdmin.AC dropper
[NOTE] The file was moved to '493b2ee1.qua'!
C:\WINDOWS\heunh.exe
[DETECTION] Is the TR/Dldr.Agent.ffn.2 Trojan
[NOTE] The file was moved to '49782f10.qua'!
C:\WINDOWS\quomw.exe
[DETECTION] Is the TR/Agent.DLG Trojan
[NOTE] The file was moved to '49722f24.qua'!
C:\WINDOWS\system32\r_server.exe
[DETECTION] Is the TR/RemoteAdmin.FC Trojan
[NOTE] The file was moved to '4976323d.qua'!

End of the scan: samedi 25 octobre 2008 10:50
Used time: 45:32 Minute(s)

The scan has been done completely.

7240 Scanning directories
268464 Files were scanned
70 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
69 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
268392 Files not concerned
7171 Archives were scanned
2 Warnings
69 Notes

un GROS merci a geoffrey5 et chiquitine29 pour toute l'aide apporte
vous etres super!

MERCI
BIOUSS
0
Réponse 54 / 58
Utilisateur anonyme
 
re

vide la quarantaine de antivir

réouvre hijackthis
fais scan only
coches ces lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

tu les coches et tu clic sur fix checked

ensuite désinstal java car pas a jours et telecharg et instal cette version :

https://www.java.com/fr/download/manual.jsp

ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/

ensuite :

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système

cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Coches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.

(2) Activer la Restauration du système

cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Décoches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.

Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

0
Réponse 55 / 58
lila21 Messages postés 37 Statut Membre 1
 
[ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\van\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\van\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\van\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\van\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\van\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\van\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\C\SDFIX: trouvé !
C:\Qoobox\Quarantine\C\Program Files\UsbFix: trouvé !
C:\Qoobox\Quarantine\C\WINDOWS\ERUNT\SDFIX: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\van\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\van\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\van\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\van\Bureau\ToolBarSD.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\TB.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\van\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\van\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\van\Mes documents\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 56 / 58
Utilisateur anonyme
 
Supprime combofix de ton bureau

si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
0
Réponse 57 / 58
lila21 Messages postés 37 Statut Membre 1
 
ok
merci
chiquitine!!!!!!!!
0
Réponse 58 / 58
Utilisateur anonyme
 
de rien !!! lol

@++
0