Cheval de troie et autres!!!

Résolu
st ya qc Messages postés 93 Statut Membre -  
st ya qc Messages postés 93 Statut Membre -
Bonjour a tous et bien j ai un 2 cheval de troie et j ai des attact de reseau evidement mon ordi est pomal lente pourrier vous m aider svp merci!!!!

60 réponses

Précédent
Réponse 21 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Pourquoi je ne voudrais plus t aider ??!! lol

je pensais que tu faisais l analyse en ligne :s

Si tu dois prendre la version 8 bin prends là
0
Réponse 22 / 60
st ya qc Messages postés 93 Statut Membre
 
lol ok voici mon rapport antivir si sa peux d aider!!
0
Réponse 23 / 60
st ya qc Messages postés 93 Statut Membre
 
Avira AntiVir Personal
Report file date: 27 octobre 2008 21:46

Scanning for 995222 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ORDINATE-E10E10

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 2008-10-16 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 01:28:47
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 2008-10-27 01:29:00
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 2008-10-27 01:29:00
ANTIVIR3.VDF : 7.1.0.4 38912 Bytes 2008-10-27 01:29:04
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 16:05:56
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 2008-10-28 01:29:28
AESCN.DLL : 8.1.1.3 123252 Bytes 2008-10-14 16:05:56
AERDL.DLL : 8.1.1.2 438644 Bytes 2008-09-12 12:06:02
AEPACK.DLL : 8.1.2.4 369014 Bytes 2008-10-14 16:05:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 2008-10-28 01:29:25
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 2008-10-28 01:29:23
AEHELP.DLL : 8.1.1.2 115062 Bytes 2008-10-14 16:05:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 2008-10-28 01:29:11
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 16:05:56
AECORE.DLL : 8.1.2.8 172406 Bytes 2008-10-28 01:29:07
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-10-28 01:29:05
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 27 octobre 2008 21:46

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'dvdtray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{3FAFF195-A1AC-4F02-804F-DD8451AFDE75}\RP66\A0014408.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: 27 octobre 2008 22:36
Used time: 50:38 Minute(s)

The scan has been done completely.

6688 Scanning directories
276671 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
276667 Files not concerned
7921 Archives were scanned
3 Warnings
1 Notes
0
Réponse 24 / 60
st ya qc Messages postés 93 Statut Membre
 
et bien je ne peux toujours pas faire ca j ai pourtant telecharger explorer 8 mais il me dise la meme chose!!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

refais une analyse complete avec malwarebytes en mode sans échec stp
0
Réponse 26 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
fais une mise à jour avant !
0
Réponse 27 / 60
st ya qc Messages postés 93 Statut Membre
 
salut geoffrey5! dsl pour le delais voici mon rapport de MBAM!



Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1356
Windows 5.1.2600 Service Pack 3

2008-11-02 12:43:25
mbam-log-2008-11-02 (12-43-25).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 115491
Temps écoulé: 1 hour(s), 45 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 28 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

télécharge TrojanRemover à cette adresse, tu auras un tutoriel à ta disposition :

https://www.androidworld.fr/

et poste le rapport stp
0
Réponse 29 / 60
st ya qc Messages postés 93 Statut Membre
 
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:23:54 06 nov. 2008
Using Database v7191
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Client\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Client\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir

************************************************************


************************************************************
15:23:54: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
15:23:54: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
15:23:54: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:23:56: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
790528 bytes
Created: 2007-10-29
Modified: 2003-05-29
Company: Analog Devices, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 2008-08-18
Modified: 2008-06-10
Company: Sun Microsystems, Inc.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 2007-11-03
Modified: 2001-07-09
Company: Ahead Software Gmbh
--------------------
Value Name: DVDTray
Value Data: C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
65536 bytes
Created: 2007-11-03
Modified: 2004-09-03
Company: Hewlett-Packard Company
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 2008-10-27
Modified: 2008-06-12
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 2008-11-06
Modified: 2008-10-25
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 2007-10-18
Modified: 2007-10-18
Company: Microsoft Corporation
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Value Name: NBJ
Value Data: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
1961984 bytes
Created: 2007-11-03
Modified: 2005-07-14
Company: Ahead Software AG
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe [file not found to scan]
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
490952 bytes
Created: 2008-07-24
Modified: 2008-07-24
Company: DT Soft Ltd
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

************************************************************
15:23:58: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
15:23:58: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:23:58: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
15:23:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 2006-11-03
Modified: 2006-11-03
Company:
----------

************************************************************
15:23:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: hpqcxs08
Path: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
225280 bytes
Created: 2007-01-19
Modified: 2007-01-19
Company: Hewlett-Packard Co.
--------------------
Key: hpqddsvc
Path: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
131072 bytes
Created: 2007-01-19
Modified: 2007-01-19
Company: Hewlett-Packard Co.
--------------------
Key: Net Driver HPZ12
Path: C:\WINDOWS\system32\HPZinw12.dll
C:\WINDOWS\system32\HPZinw12.dll
43520 bytes
Created: 2006-11-08
Modified: 2006-11-08
Company: Hewlett-Packard
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Key: Pml Driver HPZ12
Path: C:\WINDOWS\system32\HPZipm12.dll
C:\WINDOWS\system32\HPZipm12.dll
53248 bytes
Created: 2006-11-08
Modified: 2006-11-08
Company: Hewlett-Packard
--------------------

************************************************************
15:24:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
418936 bytes
Created: 2008-10-26
Modified: 2008-10-26
Company: Emsi Software GmbH
----------
Key: ADM8511
ImagePath: system32\DRIVERS\NET8511.SYS
C:\WINDOWS\system32\DRIVERS\NET8511.SYS
24424 bytes
Created: 2006-08-22
Modified: 2000-12-12
Company: ADMtek
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
100224 bytes
Created: 2007-10-29
Modified: 2007-10-29
Company: Andrea Electronics Corporation
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 2008-10-27
Modified: 2008-10-15
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 2008-10-27
Modified: 2008-10-15
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 2004-07-15
Modified: 2004-07-15
Company: Microsoft Corporation
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 2008-10-27
Modified: 2007-02-27
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 2008-10-27
Modified: 2008-05-20
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 2008-10-27
Modified: 2008-06-27
Company: Avira GmbH
----------
Key: C-DillaCdaC11BA
ImagePath: C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
54784 bytes
Created: 2008-01-07
Modified: 2008-01-07
Company: Macrovision
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Client\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: CdaC15BA
ImagePath: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
C:\WINDOWS\system32\drivers\CdaC15BA.SYS
12464 bytes
Created: 2008-01-07
Modified: 2008-01-07
Company: Macrovision Europe Ltd
----------
Key: EL2000
ImagePath: system32\DRIVERS\EL2K_XP.sys
C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
147328 bytes
Created: 2003-07-17
Modified: 2007-10-29
Company: 3Com Corporation
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
168432 bytes
Created: 2008-01-24
Modified: 2008-11-01
Company: Google
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 49920 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21568 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: LightScribeService
ImagePath: "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
53248 bytes
Created: 2005-06-20
Modified: 2005-06-20
Company: Hewlett-Packard Company
----------
Key: MidiSyn
ImagePath: system32\drivers\MidiSyn.sys
C:\WINDOWS\system32\drivers\MidiSyn.sys
235100 bytes
Created: 2007-10-29
Modified: 2007-10-29
Company: Analog Devices Inc
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 2001-08-28
Modified: 2001-08-28
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 2001-08-28
Modified: 2001-08-28
Company: Microsoft Corporation
----------
Key: NWRDR
ImagePath: system32\DRIVERS\nwrdr.sys
C:\WINDOWS\system32\DRIVERS\nwrdr.sys
163584 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 2007-08-24
Modified: 2007-08-24
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 2006-10-26
Modified: 2006-10-26
Company: Microsoft Corporation
----------
Key: pcouffin
ImagePath: System32\Drivers\pcouffin.sys
C:\WINDOWS\System32\Drivers\pcouffin.sys
47360 bytes
Created: 2008-04-19
Modified: 2008-04-19
Company: VSO Software
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
578304 bytes
Created: 2007-10-29
Modified: 2003-06-02
Company: Analog Devices, Inc.
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 2007-10-29
Modified: 2002-09-20
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 2008-10-27
Modified: 2007-03-01
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0B4CED16-F13D-4913-99D7-F60E56E37D14}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip6.sys
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
225856 bytes
Created: 2004-08-03
Modified: 2008-06-20
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 2007-10-18
Modified: 2007-10-18
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 2007-10-25
Modified: 2007-10-25
Company: Microsoft Corporation
----------
Key: WmBEnum
ImagePath: system32\drivers\WmBEnum.sys
C:\WINDOWS\system32\drivers\WmBEnum.sys
19352 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmFilter
ImagePath: system32\drivers\WmFilter.sys
C:\WINDOWS\system32\drivers\WmFilter.sys
29976 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmVirHid
ImagePath: system32\drivers\WmVirHid.sys
C:\WINDOWS\system32\drivers\WmVirHid.sys
14744 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmXlCore
ImagePath: system32\drivers\WmXlCore.sys
C:\WINDOWS\system32\drivers\WmXlCore.sys
51608 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------

************************************************************
15:24:07: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************************
15:24:07: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
15:24:07: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 2008-10-27
Modified: 2008-06-12
Company: Avira GmbH
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: WinRAR
CLSID: [empty]
----------

************************************************************
15:24:08: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
File: [CLSID does not appear to reference a file]

************************************************************
15:24:08: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 2008-08-18
Modified: 2008-06-10
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 2007-09-20
Modified: 2007-09-20
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2582136 bytes
Created: 2008-08-18
Modified: 2008-08-18
Company: Google Inc.
----------
Key: {AE84A6AA-A333-4B92-B276-C11E2212E4FE}
BHO: C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
599472 bytes
Created: 2006-12-15
Modified: 2006-12-15
Company: Hewlett-Packard Co.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 2008-11-01
Modified: 2008-11-01
Company: Google Inc.
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 2007-10-19
Modified: 2007-10-19
Company: Microsoft Corporation
----------

************************************************************
15:24:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 2006-10-18
Modified: 2006-10-18
Company: Microsoft Corporation
----------

************************************************************
15:24:09: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:24:09: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:24:09: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
15:24:09: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
15:24:09: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 2003-08-07
Modified: 2003-08-07
Company:
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
73728 bytes
Created: 2006-02-10
Modified: 2006-02-10
Company: Hewlett-Packard Development Company, L.P.
Démarrage rapide de HP Photosmart Premier.lnk - links to C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
15:24:10: Scanning ----- SCHEDULED TASKS -----
Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 2007-10-19
Modified: 2007-10-19
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 2008-11-06 15:37:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------

************************************************************
15:24:10: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:24:10: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
54294 bytes
Created: 2008-01-04
Modified: 2008-11-05
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
54294 bytes
Created: 2008-01-04
Modified: 2008-11-05
Company:
----------
Additional checks completed

************************************************************
15:24:11: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - file already scanned
--------------------
C:\Program Files\a-squared Free\a2service.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - file already scanned
--------------------
C:\WINDOWS\system32\drivers\CDAC11BA.EXE - file already scanned
--------------------
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\DAEMON Tools Lite\daemon.exe - file already scanned
--------------------
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Client\Application Data\Simply Super Software\Trojan Remover\mtp27.exe
FileSize: 2618232
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
15:24:13: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
15:24:13: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
15:24:13: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:24:13 06 nov. 2008
Total Scan time: 00:00:18
************************************************************
0
Réponse 30 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

maintenant fais ceci stp :

▶ Telecharge UsbFix sur ton bureau

▶ Lance l installation avec les parametres par default

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix sur ton bureau

▶ Le pc va redémarer

▶ Apres redémarrage post le rapport UsbFix.txt

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" ,
"Nouvelle tâche" , tapes explorer.exe et valides
0
Réponse 31 / 60
st ya qc Messages postés 93 Statut Membre
 
BRANCHER mes sources de donnees externe a mon pc??
0
Réponse 32 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
(clé USB, disque dur externe, etc...)
0
Réponse 33 / 60
st ya qc Messages postés 93 Statut Membre
 
j ai pas de cle USB et bon voila en fait je comprend vraiment pas desole!!!
et pour disque dur externe ?? je connais seulement mon disque c lol!!
0
Réponse 34 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok alors lance le sans rien brancher lol
0
Réponse 35 / 60
st ya qc Messages postés 93 Statut Membre
 
ok il me dise que ...

le répertoire destination n'existe pas. Voulez vous le creer

je fais oui?
0
Réponse 36 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
oui
0
Réponse 37 / 60
st ya qc Messages postés 93 Statut Membre
 
-------------- UsbFix V2.395 ---------------

* User : Client - ORDINATE-E10E10
* Outils mis a jours le 06/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:19:33 le 2008-11-06
* Windows Xp - Internet Explorer 8.0.6001.18241


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\DOCUME~1\Client\LOCALS~1\Temp\1.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
DVDTray REG_SZ C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avp6_post_uninstall

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e183ce-94bf-11dd-8e41-000c6e407e8f}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [2008-02-09 14:12] C:\WINDOWS\system32\tmp.txt

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[2003-08-07 20:28][--a--c---] C:\AUTOEXEC.BAT
[2004-08-03 17:38][-rahs----] C:\NTDETECT.COM
[2008-08-17 15:40][---hsc---] C:\boot.ini

--------------- ! Fin du rapport ! ----------------
0
Réponse 38 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

maintenant fais ceci stp :

▶ Télécharge RAV Antivirus (d'Evosla)

▶ Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX

▶ Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau

▶ Doucle-clique sur >> RAV.exe << afin de lancer l'outil.

▶ Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)

▶ Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .

▶ Retire tes disques amovibles et redémarrez votre ordinateur.

▶ Poste le rapport, si infection!
0
Réponse 39 / 60
st ya qc Messages postés 93 Statut Membre
 
salut geoffrey5!

il na pas decouvert d infection (ligne bleu de gauche a droite) !!
et comment aller a disque amovible pour retirer?? merci!!
0
Réponse 40 / 60
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses