2 Trojan détectés par Antivir

Lily -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, Antivir me semble buguer car il a détecté 2 trojan qui sont respectivement situés et appelés :

- C:/WINDOWS/system32/zmfnhc.dll TR/Monder.yis
- C:/WINDOWS/system32/ipvabns.dll TR/Vundo.LY

Sauf qu'il ne cesse de me les signaler. J'ai essayé toutes les solutions proposées, à savoir : effacer, empêcher l'accès, mettre en quarantaine et ignorer.

J'avais déjà eu des virus et j'ai installé HijackThis. Pouvez vous m'aidez pour qu'antivir puisse marcher sans bugs ? Merci.
Configuration: Windows XP
Firefox 3.0.3

20 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt antivir n'arrive pas à les virer mais ces infections sont présentes .

    _________________
    Colle nous un rapport hijackthis aussi pour voir

    manuel :

    http://leblogdeclaude.blogspot.com/2006/10/informatique-sect­ion-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _____

    puis télécharge malwarebyte antimalware, fais un scan rapide avec et colle le rapport
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  2. Lily
     
    Voila le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:13:50, on 13/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\AppleOSSMgr.exe
    C:\WINDOWS\system32\AppleTimeSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\IRW.exe
    C:\Program Files\Boot Camp\KbdMgr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {09268BF8-2816-4716-91CA-0B6B72460AB7} - C:\WINDOWS\system32\awttsSLF.dll (file missing)
    O2 - BHO: (no name) - {170C3100-4466-43B1-8586-567CA50360C9} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {59E50424-C1D8-4EBC-ADBB-521A635ADC78} - (no file)
    O2 - BHO: (no name) - {63FB7115-E0C1-4535-92AA-5EFBFB781968} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {88461562-d417-4f6a-bb7f-3590c26573f4} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: (no name) - {DB59BF94-9896-4A1D-864F-511C4CD10A35} - C:\WINDOWS\system32\jkkJaxVn.dll (file missing)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
    O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A905DE45-50F7-48C6-893B-DBE00C254925}: NameServer = 80.10.246.2,80.10.246.129
    O20 - AppInit_DLLs: cyqdot.dll pvabns.dll zmfnhc.dll
    O20 - Winlogon Notify: awttsSLF - awttsSLF.dll (file missing)
    O20 - Winlogon Notify: opnooPJd - C:\WINDOWS\
    O20 - Winlogon Notify: rqRJCSli - C:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
    O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  3. Lily
     
    S'il vous plait pouvez vous m'aider à déchiffrer ces rapports ? Car c'est vraiment une langue inconnue pour moi. Merci.
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok vire ce qui a été trouvé par malwarebyte

    puis

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ____________________

    puis remets un rapport hijakchits
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lily
     
    Voila le rapport combofix, merci ! :

    ComboFix 08-11-12.01 - Rebecca 2008-11-13 20:08:34.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1541 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Rebecca\Bureau\killbagler.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\update.exe
    c:\windows\system32\ackqcq.dll
    c:\windows\system32\cyqdot.dll
    c:\windows\system32\eeoeib.dll
    c:\windows\system32\erndeoxn.dll
    c:\windows\system32\lbmntlsh.dll
    c:\windows\system32\lfvcleom.ini
    c:\windows\system32\nVxaJkkj.ini
    c:\windows\system32\nVxaJkkj.ini2
    c:\windows\system32\obxcysnc.dll
    c:\windows\system32\pvabns.dll
    c:\windows\system32\qAJTwyxx.ini
    c:\windows\system32\qAJTwyxx.ini2
    c:\windows\system32\ssmporno.ini
    c:\windows\system32\tykhofgv.dll
    c:\windows\system32\windows_update.exe
    c:\windows\system32\ysmxbdud.dll
    c:\windows\system32\zmfnhc.dll

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://lovelypornovideo.net
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-13 20:17 . 2008-11-13 20:17 <REP> d-------- c:\windows\LastGood
    2008-11-13 20:00 . 2008-11-13 20:00 <REP> d-------- C:\HijackThis
    2008-11-07 15:09 . 2008-11-07 15:09 245,760 --a------ c:\windows\system32\jkkJaxVn.VIR
    2008-11-07 15:04 . 2008-11-07 15:04 66,064 --a------ C:\StarCodec_ver1.5897.0.exe
    2008-11-07 15:04 . 2008-11-07 15:04 35,840 --a------ c:\windows\system32\awttsSLF.VIR
    2008-11-05 12:13 . 2008-11-05 12:24 5,224 --a------ c:\windows\BricoPackFoldersDelete.cmd
    2008-11-04 23:57 . 2008-11-04 23:57 <REP> d-------- c:\windows\system32\fr-fr
    2008-11-04 23:57 . 2008-11-04 23:57 <REP> d-------- c:\windows\system32\fr
    2008-11-04 23:57 . 2008-11-04 23:57 <REP> d-------- c:\windows\system32\bits
    2008-11-04 23:57 . 2008-11-04 23:57 <REP> d-------- c:\windows\l2schemas
    2008-11-04 23:55 . 2008-11-04 23:57 <REP> d-------- c:\windows\ServicePackFiles
    2008-11-04 23:50 . 2008-11-04 23:50 <REP> d-------- c:\windows\EHome
    2008-11-04 13:40 . 2008-11-04 13:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2008-11-04 13:39 . 2008-11-04 13:39 <REP> d-------- c:\program files\UbiSoft
    2008-10-31 22:17 . 2008-10-31 22:17 <REP> d-------- c:\program files\Fichiers communs\DirectX
    2008-10-31 22:14 . 2008-10-31 22:14 <REP> d-------- c:\program files\Codemasters
    2008-10-31 16:23 . 2008-10-31 16:23 <REP> d-------- c:\program files\Microsoft Games
    2008-10-29 22:33 . 2008-11-05 12:11 <REP> d-------- C:\unzipped
    2008-10-24 17:10 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2008-10-20 15:37 . 2008-10-28 16:22 <REP> d-------- c:\program files\The Guild 2 - Pirates of the European Seas
    2008-10-18 17:56 . 2008-10-27 21:23 <REP> d-------- c:\program files\devolo
    2008-10-16 17:15 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-10-16 17:15 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-16 17:15 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-16 17:15 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-16 17:15 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2008-10-16 17:15 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-13 17:52 53,783 ----a-w c:\windows\system32\drivers\fwdrv.err
    2008-11-12 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-11-10 19:34 --------- d-----w c:\documents and settings\Rebecca\Application Data\uTorrent
    2008-11-08 09:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-05 13:09 --------- d-----w c:\documents and settings\Rebecca\Application Data\LimeWire
    2008-11-05 11:24 72,382 ----a-w c:\windows\BricoPackUninst.cmd
    2008-11-02 17:47 --------- d-----w c:\documents and settings\Rebecca\Application Data\gtk-2.0
    2008-10-31 18:07 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-27 21:19 --------- d-----w c:\documents and settings\Rebecca\Application Data\dvdcss
    2008-10-17 15:48 --------- d-----w c:\documents and settings\Rebecca\Application Data\U3
    2008-10-06 14:48 --------- d-----w c:\program files\Free Audio Pack
    2008-10-05 19:24 --------- d-----w c:\program files\Last.fm
    2008-10-04 23:41 --------- d-----w c:\program files\StuffPlug3
    2008-09-29 22:06 --------- d-----w c:\program files\Free WMA to MP3 Converter
    2008-09-18 20:33 --------- d-----w c:\documents and settings\Rebecca\Application Data\SPORE
    2008-09-18 19:34 --------- d-----w c:\program files\Electronic Arts
    2008-09-17 17:06 --------- d--h--r c:\documents and settings\Rebecca\Application Data\SecuROM
    2008-09-16 14:44 --------- d-----w c:\program files\EA GAMES
    2008-09-15 20:54 --------- d-----w c:\program files\7Sins
    2008-09-01 19:09 744 ----a-w c:\documents and settings\Rebecca\Application Data\filterclsid.dat
    2008-01-07 12:26 32 ----a-r c:\documents and settings\All Users\hash.dat
    .

    ------- Sigcheck -------

    2007-08-22 13:57 669696 4f6a45b54d26708e2c2bf2c43d83edea c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
    2007-10-11 06:59 670208 0465cde31add22f6233ffb4fe4af01cf c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
    2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
    2008-02-16 10:32 670208 dcb8a9f102663d962be60cde38a6c1d7 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
    2008-04-21 07:57 670720 f2f343d7ed0223645ba773b840eb4993 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
    2008-04-21 07:43 670208 7af7d7d178f2863e7e7c880b55c88b76 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
    2008-04-21 07:30 670720 82b3264706b9921c67b196319fda51de c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
    2008-06-23 17:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
    2008-06-23 16:10 670208 d2177655bc338a07b99913f6a4bed52d c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
    2008-06-23 15:56 670720 4e00327da458beffea8f4b222f466b20 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
    2008-08-20 06:33 671744 aef39ac3bcbafe971155d0073191b5a6 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
    2008-08-20 06:10 670208 50d19e569c83a9c1ae7efaef6a93bc50 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
    2008-08-20 06:07 670720 96d50aca60da22adbd253f2825c98d1a c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
    2008-08-20 06:37 663552 adbb0bdb81eb0013942d907e9418ab8b c:\windows\$NtServicePackUninstall$\wininet.dll
    2006-03-02 13:00 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtUninstallKB939653$\wininet.dll
    2007-08-22 14:13 697344 3a5cf7dc05dff3be1ada9c9fd0f27f0c c:\windows\$NtUninstallKB942615$\wininet.dll
    2007-10-11 07:13 663552 d2fd027e5d3af96dee6c5cc225079df0 c:\windows\$NtUninstallKB944533$\wininet.dll
    2007-12-07 02:07 697856 de04a7293a48d92fddd6ec067a225562 c:\windows\$NtUninstallKB947864$\wininet.dll
    2008-04-14 03:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\$NtUninstallKB950759$\wininet.dll
    2008-02-16 10:02 663552 c9218cd3cd93586ffe9ae789282cae63 c:\windows\$NtUninstallKB950759_0$\wininet.dll
    2008-04-21 07:43 670208 7af7d7d178f2863e7e7c880b55c88b76 c:\windows\$NtUninstallKB953838$\wininet.dll
    2008-04-21 08:02 663552 355a69cc05045428ce6b9e6bfbd4b74b c:\windows\$NtUninstallKB953838_0$\wininet.dll
    2008-06-23 16:10 670208 d2177655bc338a07b99913f6a4bed52d c:\windows\$NtUninstallKB956390$\wininet.dll
    2008-06-23 16:40 663552 95d92788889b847309c63e2ec287d1c0 c:\windows\$NtUninstallKB956390_0$\wininet.dll
    2008-08-20 06:10 704512 9eb880e26ec8c1023b93ce9f0e20ca48 c:\windows\ServicePackFiles\i386\wininet.dll
    2008-04-14 03:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wininet.dll
    2008-08-20 06:10 704512 9eb880e26ec8c1023b93ce9f0e20ca48 c:\windows\system32\wininet.dll
    2008-08-20 06:10 670208 50d19e569c83a9c1ae7efaef6a93bc50 c:\windows\system32\dllcache\wininet.dll

    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
    2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\$NtServicePackUninstall$\explorer.exe
    2006-03-02 13:00 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
    2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IRW"="c:\windows\system32\IRW.exe" [2008-04-15 147456]
    "Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-04-15 423216]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-02 266497]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Launch LCDMon"="c:\program files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 549376]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-30 185896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-09-04 917072]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
    "RTHDCPL"="RTHDCPL.EXE" [2008-04-15 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2008-04-15 c:\windows\SkyTel.exe]
    "SoundMan"="SOUNDMAN.EXE" [2008-04-15 c:\windows\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2008-04-15 c:\windows\alcwzrd.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=cyqdot.dll pvabns.dll zmfnhc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\devolo\\informer\\devinf.exe"=
    "c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
    R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
    R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-04-15 132400]
    R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-04-15 99632]
    R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2008-04-15 5504]
    R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2008-04-15 6528]
    R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2007-02-07 35840]
    R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
    R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\DRIVERS\applebt.sys [2008-04-15 9088]
    R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2008-04-15 16512]
    R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2008-04-15 19968]
    R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\DRIVERS\BthKicker.sys [2007-10-08 7424]
    S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f09838-bb88-11dc-b30b-001d4f92770e}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccbb1574-e394-11dc-b36c-001d4f92770e}]
    \Shell\AutoRun\command - E:\RunGame.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{170C3100-4466-43B1-8586-567CA50360C9} - (no file)
    BHO-{59E50424-C1D8-4EBC-ADBB-521A635ADC78} - (no file)
    BHO-{63FB7115-E0C1-4535-92AA-5EFBFB781968} - (no file)
    BHO-{88461562-d417-4f6a-bb7f-3590c26573f4} - (no file)
    BHO-{DB59BF94-9896-4A1D-864F-511C4CD10A35} - c:\windows\system32\jkkJaxVn.dll
    ShellExecuteHooks-{09268BF8-2816-4716-91CA-0B6B72460AB7} - (no file)
    Notify-opnooPJd - (no file)
    Notify-rqRJCSli - (no file)
    MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\Rebecca\Application Data\Mozilla\Firefox\Profiles\kray1tj8.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-13 20:18:21
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    c:\documents and settings\Rebecca\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
    c:\program files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
    c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-13 20:27:01 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-13 19:26:54
    ComboFix2.txt 2008-08-05 13:40:18

    Avant-CF: 7 718 862 848 octets libres
    Après-CF: 8,206,221,312 octets libres

    261 --- E O F --- 2008-11-06 18:00:52
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
    (dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
    https://www.malekal.com/tutoriel-ccleaner/
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    ____________________

    et remets un raport hijackthis et dis tes soucis actuels

    a plus
    0
  8. Lily
     
    C'est bon, je l'ai fait. Est-ce que c'est réparé maintenant ?
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport hijakchits?

    encore des soucis??
    0
  10. Lily
     
    Désolée je n'avais pas vu qu'il fallait mettre le rapport :) Normalement, plus de soucis merci, antivir a arreté de me signaler des virus en rafale.

    Voici le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:49, on 13/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\AppleOSSMgr.exe
    C:\WINDOWS\system32\AppleTimeSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\IRW.exe
    C:\Program Files\Boot Camp\KbdMgr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
    O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A905DE45-50F7-48C6-893B-DBE00C254925}: NameServer = 80.10.246.2,80.10.246.129
    O20 - AppInit_DLLs: cyqdot.dll pvabns.dll zmfnhc.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
    O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    relance hijakchits fais do a systeme scan only et fix cette ligne (fix cheked)

    O20 - AppInit_DLLs: cyqdot.dll pvabns.dll zmfnhc.dll

    _______________

    pour virer ce qui a été utilsé:

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ___________________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    _____________________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com

    voilà!

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus
    ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT
    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
  12. Livia
     
    Je l'ai fait et je vais télécharger toutes les autres applications. Merci beaucoup pour m'avoir donné de ton temps !! :)
    0
  13. Lily
     
    Voila le rapport de TC Cleaner :

    [ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\SDFIX: trouvé !
    C:\Combofix: trouvé !
    C:\HijackThis: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\Antivirus, etc\OtMoveIt2.exe: trouvé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\Antivirus, etc\hijackthis.log: trouvé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\SdFix.exe: trouvé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\HJTInstall.exe: trouvé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\UsbFix.exe: trouvé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\UsbFix.lnk: trouvé !
    C:\Documents and Settings\Rebecca\Menu Démarrer\Programmes\UsbFix: trouvé !
    C:\Documents and Settings\Rebecca\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
    C:\HijackThis\HijackThis.exe: trouvé !
    C:\HijackThis\hijackthis.log: trouvé !
    C:\Program Files\UsbFix: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\Program Files\UsbFix\UsbFix.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\Antivirus, etc\OtMoveIt2.exe: supprimé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\SdFix.exe: supprimé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\HJTInstall.exe: supprimé !
    C:\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\UsbFix.txt: supprimé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\Antivirus, etc\hijackthis.log: supprimé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\UsbFix.exe: supprimé !
    C:\Documents and Settings\Rebecca\Bureau\Bureau\EN CAS DE VIRUS\UsbFix.lnk: supprimé !
    C:\Documents and Settings\Rebecca\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
    C:\HijackThis\hijackthis.log: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Program Files\UsbFix\UsbFix.exe: supprimé !
    C:\SDFIX: supprimé !
    C:\Combofix: supprimé !
    C:\HijackThis: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\Rebecca\Menu Démarrer\Programmes\UsbFix: supprimé !
    C:\Program Files\UsbFix: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Entre temps, Antivir a trouvé un nouveau trojan : TR/Dldr.Zlob.ctr je l'ai supprimé. Est-il totalement inactif maintenant ? Je m'occupe maintenant de la restauration du système.
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport antivir pour verifier

    si rien c'est bon!
    0
  15. Lily
     
    Je suis désolée, le scan d'antivir dure longtemps :)
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    a plus
    0
  17. Lily
     
    Le scan antivir est toujours en cours et n'a fait aucune détection. Pourtant, en parallèle, un message d'avertissement d'antivir m'a dit qu'il avait trouvé un trojan nommé vondo.M.35840. Je lui ai encore dit de le détruire mais je ne comprends pas car mon antivirus et mon pare-feu (sunbelt) sont actifs.
    0
  18. Lily
     
    Il vient encore d'en trouver un autre, agent.amge.
    0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu collera le rapport on verra

    a plus
    0
  20. Lily
     
    Voila le rapport antivir :

    Avira AntiVir Personal
    Report file date: jeudi 13 novembre 2008 22:34

    Scanning for 1034213 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: IMAC

    Version information:
    BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 02/08/2008 15:44:04
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 02/08/2008 15:44:03
    LUKE.DLL : 8.1.4.5 164097 Bytes 02/08/2008 15:44:04
    LUKERES.DLL : 8.1.4.0 12033 Bytes 02/08/2008 15:44:04
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 09:03:02
    ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 19:06:47
    ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 19:06:47
    ANTIVIR3.VDF : 7.1.0.82 189952 Bytes 13/11/2008 15:48:31
    Engineversion : 8.2.0.31
    AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 15:23:20
    AESCRIPT.DLL : 8.1.1.15 332156 Bytes 13/11/2008 15:48:32
    AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 18:32:04
    AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 20:23:56
    AEPACK.DLL : 8.1.3.4 393591 Bytes 13/11/2008 15:48:31
    AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 18:32:04
    AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 18:32:03
    AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 18:32:02
    AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 18:32:02
    AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 15:23:14
    AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 18:32:01
    AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 15:23:12
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 02/08/2008 15:44:04
    AVPREF.DLL : 8.0.2.0 38657 Bytes 02/08/2008 15:44:03
    AVREP.DLL : 8.0.0.2 98344 Bytes 02/08/2008 15:44:04
    AVREG.DLL : 8.0.0.1 33537 Bytes 02/08/2008 15:44:03
    AVARKT.DLL : 1.0.0.23 307457 Bytes 18/04/2008 05:12:00
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 02/08/2008 15:44:03
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 18/04/2008 05:12:00
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 02/08/2008 15:44:04
    NETNT.DLL : 8.0.0.1 7937 Bytes 18/04/2008 05:12:00
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 02/08/2008 15:44:02
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 02/08/2008 15:44:02

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: jeudi 13 novembre 2008 22:34

    Starting search for hidden objects.
    '76689' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'YzShadow.exe' - '1' Module(s) have been scanned
    Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
    Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'CTSyncU.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'CTCheck.exe' - '1' Module(s) have been scanned
    Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'LCDClock.exe' - '1' Module(s) have been scanned
    Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned
    Scan process 'LCDPOP3.exe' - '1' Module(s) have been scanned
    Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned
    Scan process 'LCDMon.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'KbdMgr.exe' - '1' Module(s) have been scanned
    Scan process 'IRW.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleTimeSrv.exe' - '1' Module(s) have been scanned
    Scan process 'AppleOSSMgr.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    56 processes with 56 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '57' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\59098ba49324fd00b05e\update\update.exe
    [WARNING] The file could not be opened!
    C:\59098ba49324fd00b05e\update\updspapi.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: vendredi 14 novembre 2008 01:32
    Used time: 2:58:15 Hour(s)

    The scan has been done completely.

    12416 Scanning directories
    593795 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    593791 Files not concerned
    1871 Archives were scanned
    4 Warnings
    0 Notes
    76689 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    :Files
    c:\windows\system32\jkkJaxVn.VIR

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ________________

    encore des soucis????
    0