Sujet Précédent Sujet Suivant

Virus ?

marnat -  
jorginho67 Messages postés 15447 Statut Contributeur sécurité -
Bonjour,
Je suis desespérée, je pense avoir un GROS virus :
Impossible de lancer un antivirus (en ligne ou local), ni antispyware, j'ai un message "n'est pas une application de win32 valide".
Idem Hijackthis, télécharger, puis à l'installation message idem ci dessus
Impossible de démarrer le mode sans échec
Impossible de ré-installer xp, lorsque je mets le Cd, il boot dessus et au bout d'un moment (lorsqu'il fait la recherche xp) il s'éteint.
Ma Cpu tourne à 100% avec quelques baisses de tps en tps.

Y'a t'il un moyen de formater en dehors de la console Xp et peut on ré-installer Xp ensuite ?

Merci à tous.
A voir également:

17 réponses

Réponse 1 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Salut !

Ton pc est probablement infecté par le ver Bagle (suite à l'installation d'un crack piégé ou e-mail vérolé), d'ou le message spécifique "....win32 application non valide" que tu dois avoir souvent.....
lorsque tu essaye d'installer ou exécuter un logiciel de sécurité, Le ver les neutralise.

Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Ø Lance l'installation avec les paramètres par defaut

Ø Double-clique sur le raccourci FindyKill sur ton bureau

Ø Au menu principal, choisis l'option * 1 * (Recherche)

Ø Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

2
Réponse 2 / 17
netforum Messages postés 1663 Statut Membre 185
 
redemarre to ordinateur au pendant le demarrage tape f8 plusieur fois

ensuite choisi l'option demarrer en mode sans echec

et la lance ton antivirus
0
Réponse 3 / 17
snemuor Messages postés 25 Statut Membre
 
salut,
Ne crois pas trop en ma réponse car je ne suis en rien un pro de l'informatique, je pense que certains vont te trouver une réponse satisfaisante.
Moi par expérience, j'ai eu a peu près le meme probleme. Comme j'avais un autre ordi, j'ai sorti mon DD du pc et l'ai branché en esclave sur l'autre pc (par un boitier externe) mais je pense que cela peut se faire en interne.
A ce stade je n'ai eu aucun mal à le formater avec mon autre pc puis a le rebrancher sur le pc d'origine puis réinstaller xXP par le cd d'install.
C'est certainement pas la meilleure solution car j'ai bien sur tout perdu ce que j'avais sur le disque, mais au moins ca m'a permis de repartir à zéro !!!
Cordialement
0
Réponse 4 / 17
marnat
 
Merci pour vos réponses rapides,
Concernant le mode sans échec, il se lance avec F8, mais ensuite une page furtive bleue apparait et il redemarre avec les choix -> Mode sans échec, derniere bonne configuration, démarrer windows normalement, mais le mode sans échec est en boucle.
Pour la deuxième solution c'est un ordi portable et je ne sais pas démonter les DD des portables.
Merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
marnat
 
Merci,

Ci joint rapport FindyKill

----------------- FindyKill V4.705 ------------------

* User : Propri‚taire - PROPRI-92AE593E
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 12:44:03 le 19/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\drivers\downld\169250.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Processus infectieux stoppés ] ----------------

"C:\WINDOWS\system32\drivers\downld\169250.exe" (3464)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\109156.EXE-357C5287.pf
Found ! - C:\WINDOWS\prefetch\115656.EXE-0422E217.pf
Found ! - C:\WINDOWS\prefetch\131453.EXE-3A27AE8C.pf
Found ! - C:\WINDOWS\prefetch\146031.EXE-07483AA4.pf
Found ! - C:\WINDOWS\prefetch\152062.EXE-09F565F3.pf
Found ! - C:\WINDOWS\prefetch\155062.EXE-34F816B6.pf
Found ! - C:\WINDOWS\prefetch\169250.EXE-283C3417.pf
Found ! - C:\WINDOWS\prefetch\221093.EXE-37DB64C4.pf
Found ! - C:\WINDOWS\prefetch\99203.EXE-2051199F.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-041A0D93.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [19/11/2008 12:22] - C:\WINDOWS\system32\mdelk.exe
Found ! [19/11/2008 12:22] - C:\WINDOWS\system32\wintems.exe
Found ! [19/11/2008 12:22] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [19/11/2008 12:22] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [19/11/2008 12:21] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [10/07/2004 02:05] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [19/11/2008 12:25] - "C:\WINDOWS\system32\drivers\downld"
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\103921.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\104062.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\105031.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\105406.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\106375.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\109156.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\111625.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\115656.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\116656.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\123296.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\125796.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\128765.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\131453.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\131953.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\137640.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\143171.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\145843.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\146031.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\150875.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\152062.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\155062.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\160218.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\161625.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\169250.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\172234.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\186953.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\191859.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\194859.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\197046.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\199625.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\221093.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\225718.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\226718.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\228218.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\228312.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\230640.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\241843.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\245500.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\252859.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\258406.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\263453.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\265515.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\268156.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\275296.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\280984.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\282140.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\296250.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\302125.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\312281.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\315796.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\320031.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\325250.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\328625.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\359140.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\364640.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\374281.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\375625.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\417375.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\436171.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\77687.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\78796.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\93187.exe
Found ! [19/11/2008 12:25] - C:\WINDOWS\system32\drivers\downld\99203.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Application Data

Found ! [19/11/2008 12:23] - "C:\Documents and Settings\Propri‚taire\Application Data\m\flec006.exe"
Found ! [19/11/2008 12:23] - "C:\Documents and Settings\Propri‚taire\Application Data\m\list.oct"
Found ! [19/11/2008 12:23] - "C:\Documents and Settings\Propri‚taire\Application Data\m\data.oct"
Found ! [19/11/2008 12:23] - "C:\Documents and Settings\Propri‚taire\Application Data\m\srvlist.oct"
Found ! [19/11/2008 12:25] - "C:\Documents and Settings\Propri‚taire\Application Data\m\shared"
Found ! [19/11/2008 08:33] - "C:\Documents and Settings\Propri‚taire\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5

Found ! [19/11/2008 12:23] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\875RMEJL\b64[1].jpg
Found ! [19/11/2008 12:23] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\875RMEJL\b64_2[1].jpg
Found ! [19/11/2008 12:23] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\875RMEJL\mxd[1].jpg
Found ! [19/11/2008 11:17] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8HEVWTQJ\b64_2[1].jpg
Found ! [19/11/2008 11:41] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8HEVWTQJ\mxd[1].jpg
Found ! [19/11/2008 11:41] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64[1].jpg
Found ! [19/11/2008 11:41] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64_2[1].jpg
Found ! [19/11/2008 11:16] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64_3[1].jpg
Found ! [19/11/2008 12:22] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64_3[2].jpg
Found ! [19/11/2008 11:16] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\I9LIFYP4\b64[1].jpg
Found ! [19/11/2008 11:15] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\I9LIFYP4\b64_2[1].jpg
Found ! [19/11/2008 11:16] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\I9LIFYP4\mxd[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
DAEMON Tools="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
Buyertools Reminder="C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
avgnt="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1844237615-1770027372-839522115-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1844237615-1770027372-839522115-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1844237615-1770027372-839522115-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1844237615-1770027372-839522115-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1844237615-1770027372-839522115-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1844237615-1770027372-839522115-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

I: - Lecteur amovible

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe0c582e-c74b-11dc-b084-0014a54dc090}\Shell\AutoRun\command

------------------- ! Fin du rapport ! --------------------
0
Réponse 6 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Bien joué.

Relance findykill,

Ø Choisis cette fois ci l'option * 2 * (suppression)

il y aura 2 redémarrages, laisse travailler l'outil jusqu'a l'apparition du message "nettoyage effectué"

un rapport va s'ouvrir, poste le dans ta prochaine réponse stp

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 7 / 17
marnat
 
Voila la suite
La Cpu s'est calmée mais pas win32

----------------- FindyKill V4.705 ------------------

* User : Propri‚taire - PROPRI-92AE593E
* executed from : C:\Program Files\FindyKill
* Update on 17/11/08 par Chiquitine29
* Start at 13:28:20 the 19/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\109156.EXE-357C5287.pf
Deleted ! - C:\WINDOWS\prefetch\115656.EXE-0422E217.pf
Deleted ! - C:\WINDOWS\prefetch\131453.EXE-3A27AE8C.pf
Deleted ! - C:\WINDOWS\prefetch\146031.EXE-07483AA4.pf
Deleted ! - C:\WINDOWS\prefetch\152062.EXE-09F565F3.pf
Deleted ! - C:\WINDOWS\prefetch\155062.EXE-34F816B6.pf
Deleted ! - C:\WINDOWS\prefetch\169250.EXE-283C3417.pf
Deleted ! - C:\WINDOWS\prefetch\221093.EXE-37DB64C4.pf
Deleted ! - C:\WINDOWS\prefetch\99203.EXE-2051199F.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-041A0D93.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\103921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\104062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\105031.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\105406.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\106375.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\109156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\111625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\115656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\116656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\123296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\125796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\128765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\131453.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\131953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\137640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\143171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\145843.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\146031.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\150875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\152062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\155062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\160218.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\161625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\169250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\172234.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\186953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\191859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\197046.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\199625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\221093.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\225718.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\226718.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\228218.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\228312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\230640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\241843.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\245500.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\252859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\258406.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\263453.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\265515.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\268156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\275296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\280984.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\282140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\296250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\302125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\312281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\315796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\320031.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\325250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\328625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\359140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\364640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\374281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\375625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\417375.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\436171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\77687.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\78796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\93187.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\99203.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\Propri‚taire\Application Data

Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\#1 ACE Search Engine Submission Software 2.4.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\2ASCII_2.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\90.3 Brazilian Popular Music MPB-FM 1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\AceIT_Calculator_Deluxe_2.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Adolix_Outlook_Express_Backup_2.51.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\AMPHIOTIK SYNTHESIS 2.04.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Anxiety Psychopharmacology 2.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Aspose.Report 1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\BadCopy Pro 3.81 build 0306.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\BestScreensavers Flower Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\BF PEN 2.0 Alpha.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Bouquets_And_Blossoms_1.3.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Brickster_1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Cell_Extreme_WAP_Server_1.7.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Chinese Purple Star Astrology 1.25.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Chrysanth Inventory Manager 2001 (Public Edition) 3.00.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Color_Button_ActiveX_Control_1.0_(Cracked).zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\ColourWorks_3.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\CompanyFlag_Photo_ID_Designer_1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Copy_Database_for_SQL_Server_Professional_1.02.00.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Daily Thought 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\DAT to AVI Converter 3.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Delta Force Black Hawk Down gameplay movie 1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Desktop Themes 1.89.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\DesktopReminder_2.0_[Patch].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Dictionary of Computing 9984921743.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Digital Calendar 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Djembe Font 4.5.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\DownShift_Download_Manager_1.2_Serial.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Dr._Salman's_Window_Security_Toolkit_5.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\EDComX 1.52.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Event_Organizer_Deluxe_2.8_Serial.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\FabSoft_ShortCut_8.1.0.4_KeyGen.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Fax by Modem 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\File Access extended stored procedures for SQL Server 1.0 (Key+Serial).zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\File partitioner 2.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Flight Simulator 2004 A Century of Flight Mt. Rainier Strip.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\FLV Player 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\FTDVD_Author_4.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\GanttPV 0.9.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Gator News Ticker 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\German_Station_Clock 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Ghost-Tech Paranormal Investigator 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Gnuplot 4.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Go Game Skill of Endgame for Pocket PC 2002 1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\GOTE Screen Capture 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\GreatNews_1.0_Beta_Build_383.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\HGT_File_Viewer_beta.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\How_To_Use_Your_Mind_1.0_(With_Crack).zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\HTMLSpy_1.04.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\HypoTrochoid 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Icon Factory 1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Image_Explorer_Pro_7.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Image_to_PDF_Dynamic_Link_Library_2.00_[Crack].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\IMInspector Personal Edition 1.4 build 50.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Indentix Expense Tracker 1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\IpodCopy 0.6.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\KANJI_ScreenSaver_1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Kaspersky.Anti-Hacker.v1.7.130.German.Retail-FFF.by.GEAR.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Keylogger_King_Pro_3.3.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Learn the Alphabet Screensaver.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Lock it and Protect Pro 2.03.08.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\LockAnEXE_1.21.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\LockBox_1.0.2_[With_Crack].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Love II Smiley Collection for PostSmile 1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\LUNAphone_Softphone_Dialer_1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Mapper24 0.2.3.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\MB Free Aries Astrology 1.60.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Mermaid_Dollz_dressing_game_1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\MetaTagDummy! 1.7.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\MicroCalendar_1.3.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\MixMeister_Fusion_7.0.3.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Mocha 3.992.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Movkit Batch Video Converter 2.8 (Crack).zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\MP3 Cutter 1.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\MSN_Explorer_Theme_for_Win9x_1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\MusicCubeOne 1.3.1.6.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\NetNotify 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\NetVizion_2.0_[Crack].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Numera 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Online Recorder 5.6.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\On_Line_Timer_1.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Password Pouch 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\PerfectDisk_8.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Picture Convert to Hex II 1.1 beta.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Program Plus 1.1.5.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Puma_Video_To_PSP_Converter_2.35a.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\RDF_Viewer_1.3.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Ready_Mortgage_Site_Solution_JUL.2007_[Cracked].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Reverbering 1.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Ro3n 4.1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Rock and Roll Thanksgiving Turkeys Demo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\RomPhone 2000 2.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\RPS 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Simply_Syndicate_Trial_1.5.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\SizeFixer Home 1.0.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Smart PDF Converter Pro 3.9.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Smartworks - Project Planner 4.8.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\STATFOOT32 2.03.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Stick_2.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\SuperCool_Photo_Album_1.01.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Super_MP3_Recorder_2.50.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Surfingcash 2.0.0107.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Switch Window 1.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\System Guard 1.29.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\TK8 Backup 4.1.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Traffic_Geek_7.0.0.8.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\TrayAccess 2.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Trust_Me_1.2.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\TSJoiner_1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Ultralingua Spanish - Portuguese Dictionary 5.03.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\UltraSleuth_Gold_3.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Unreal_Tournament_2004_Fraghouse_Invasion_mod_zip_3.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\USA_Geographical_Search_1.2_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\UserManagemeNT Lite 5.4 Build 1853.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\USPS Address Informational Tool 1.27.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\VBA Password Recovery 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\VideoCog_2.1_[Key].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\ViPNet_Safe_Disk_1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Virtual Safe 1.2.2.0 [With Crack].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Wiki2EXE 1.04.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\WinCatalog_Light_2.2_(Patch).zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Window Killer 1.0 [Crack].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\WinFortress_2.3_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\Word Icons 1.0.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\YASA DVD to PSP Converter 2.7.42.1923.zip
Deleted ! - C:\Documents and Settings\Propri‚taire\Application Data\m\shared\[PC.PROG.ITA].F-Prot.AntiVirus.For.Windows.v3.14a.Retail-ROR.ShareReactor.zip
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m"

»»»» Supression files in C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{057D8FB2-B64F-4B58-A052-B90252EA6E0B}.jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\875RMEJL\b64[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\875RMEJL\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\875RMEJL\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8HEVWTQJ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8HEVWTQJ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\HZVV15K2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\I9LIFYP4\b64[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\I9LIFYP4\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\I9LIFYP4\mxd[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-1844237615-1770027372-839522115-1003\Software\Local AppWizard-Generated Applications\winfilse

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe0c582e-c74b-11dc-b084-0014a54dc090}\Shell\AutoRun\command

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Propri‚taire\Mes documents\jeux\age titans\Age Of Mythology Cd2 (fr) + crack100%efficace By Jess_the_best.iso
C:\Documents and Settings\Propri‚taire\Mes documents\jeux\age titans\Age Of Mythology The Titans (fr) + Crack100%efficace By Jess_the_best.iso
C:\Documents and Settings\Propri‚taire\Mes documents\jeux\sims naufrages\LES SIMS 2 - Histoires de Naufrag‚s - Crack NoCD & Keygen by ViTALiTY
C:\Documents and Settings\Propri‚taire\Mes documents\jeux\sims naufrages\LES SIMS 2 - Histoires de Naufrag‚s - Crack NoCD & Keygen by ViTALiTY\crack
C:\Documents and Settings\Propri‚taire\Mes documents\jeux\sims naufrages\LES SIMS 2 - Histoires de Naufrag‚s - Crack NoCD & Keygen by ViTALiTY\crack\ViTALiTY
C:\Documents and Settings\Propri‚taire\Mes documents\jeux\sims naufrages\LES SIMS 2 - Histoires de Naufrag‚s - Crack NoCD & Keygen by ViTALiTY\crack\ViTALiTY\keygen.exe
C:\Documents and Settings\Propri‚taire\Mes documents\jeux\sims naufrages\LES SIMS 2 - Histoires de Naufrag‚s - Crack NoCD & Keygen by ViTALiTY\crack\ViTALiTY\SimsCS.exe

---------------- ! End of report ! ------------------
0
Réponse 8 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Vire moi ça stp

C:\Documents and Settings\Propri‚taire\Mes documents\jeux\age titans\Age Of Mythology The Titans
C:\Documents and Settings\Propri‚taire\Mes documents\jeux\sims naufrages\LES SIMS 2 - Histoires de Naufrag‚s -
===============================

• Télécharge Hijackthis
Hijackthis (HJT) est un outil de diagnostic pour voir si tout va bien avec ton pc....

Ø Enregistre HJTInstall.exe sur ton bureau
Ø Double-clique sur HJTInstall.exe pour lancer le programme
*. Par défaut, il s'installera là C:\Program Files\Trend Micro\HijackThis
*. Accepte la license en cliquant sur le bouton "I Accept"
Ø Choisis l'option "Do a system scan and save a log file"
*. Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
*. Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Ø Colle le rapport que tu viens de copier sur ce forum

0
marnat
 
Merci

Fichiers virés.

La suite


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:31, on 19/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5490beca0f8640caadbf87a99211fc8f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5490beca0f8640caadbf87a99211fc8f
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61C022A9-7CDA-442C-9101-8F3F68DA1125}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{290727F7-E3C8-4D3B-8BD9-984554C2B1DC}: NameServer = 212.27.53.252,212.27.54.252
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 9 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
( clic droit sur le parapluie AVIRA ANTIVIR => Start Update ) et laisse faire la MàJ.

Redémarre en mode sans échec !
Pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.
0
Réponse 10 / 17
marnat
 
Re,

Je ne peux pas faire de maj car tous les programmes "sécurité" sont bloqués au démarrage et j'ai tjs le message de win32 non valide pour ces mêmes logiciels, je ne peux pas lancer Antivir.
J'ai réussi à lancer mon ordi en mode sans échec mais j'ai aussi ce message pour Antivir en mode sans échec.

....
0
Réponse 11 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
En mode normal !

Télécharge Combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Avant de telecharger, clique sur "enregistrer" renomme le en killbagle et enregistre le sur le bureau

Ø Double clique sur killbagle.exe.

=> Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt


Avant d'utiliser ComboFix :

Ø Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

Une fois fait, sur ton bureau double-clic sur killbagle.exe.

Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. /!\

En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisse-le faire.

Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

=> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
marnat
 
C'était long mais me revoila,

rapport :
ComboFix 08-11-18.A1 - Propriétaire 2008-11-19 16:55:18.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.618 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\killbagle.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://au.download.windowsupdatej+|Cv+@J:NGD_DQ{ztHG.XFkI;AWWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXuEEEE
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-19 au 2008-11-19 ))))))))))))))))))))))))))))))))))))
.

2008-11-19 12:43 . 2008-11-19 13:32 <REP> d-------- c:\program files\FindyKill
2008-11-18 22:08 . 2008-11-19 08:26 <REP> d-------- c:\program files\MyVideoSoft
2008-11-12 21:30 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 17:21 . 2008-11-08 17:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-08 17:21 . 2008-11-10 09:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-10-25 19:26 . 2008-10-25 19:26 2,842 --a------ c:\windows\system32\ealregsnapshot1.reg

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 15:57 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-19 14:15 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-19 10:38 --------- d-----w c:\program files\Pinnacle
2008-11-19 10:35 --------- d-----w c:\program files\listac
2008-11-19 10:32 --------- d-----w c:\program files\Yahoo!
2008-11-19 10:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 10:16 --------- d-----w c:\program files\neodivx2006
2008-11-19 10:10 --------- d-----w c:\program files\AusLogics Disk Defrag
2008-11-19 10:08 --------- d-----w c:\program files\Sokoban
2008-11-19 10:07 --------- d-----w c:\program files\DivX
2008-11-19 10:04 --------- d-----w c:\program files\Astonsoft
2008-11-19 09:40 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-11-19 09:39 --------- d--h--r c:\program files\rnamfler
2008-11-19 09:18 --------- d-----w c:\program files\FlashGet
2008-11-18 22:04 9,310,240 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-18 22:04 110,924 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-18 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-11-14 21:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\vlc
2008-11-13 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-10 13:28 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-11-08 16:21 --------- d-----w c:\program files\Logitech
2008-11-08 16:21 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-11-08 16:20 --------- d-----w c:\program files\Labtec
2008-11-04 20:57 --------- d-----w c:\program files\SpeedFan
2008-10-29 08:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-26 16:10 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Autodesk
2008-10-26 14:32 --------- d-----w c:\program files\UltraISO
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 16:31 --------- d-----w c:\program files\Google
2008-10-06 18:27 --------- d-----w c:\documents and settings\Propriétaire\Application Data\ZoomBrowser EX
2008-10-06 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-10-03 17:21 --------- d-----w c:\program files\Any Video Converter Professional
2008-10-03 17:21 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Any Video Converter Professional
2008-10-03 17:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-20 18:49 --------- d-----w c:\documents and settings\Propriétaire\Application Data\EmailNotifier
2008-09-20 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\Megaupload
2008-09-20 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier
2008-09-20 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2008-09-20 16:13 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
.

------- Sigcheck -------

2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp2gdr\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp2qfe\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp3gdr\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\sp3qfe\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\SoftwareDistribution\Download\507067b70cd6d949aad91fc738213e69\sp2gdr\tcpip.sys
2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2004-08-05 14:00 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-11-19 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-19 919016]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2007-07-03 231424]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\DMSKSSRh.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4e6128e-515b-11dc-a336-0014a54dc090}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKCU-Run-Buyertools Reminder - c:\program files\Buyertools Reminder\Reminder.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]e8586ud.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 17:49:03
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-11-19 17:53:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-19 16:53:18

Avant-CF: 47 788 126 208 octets libres
Après-CF: 47,726,993,408 octets libres

204 --- E O F --- 2008-11-13 21:24:13
0
Réponse 12 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Tu arrives a lancer Avira en mode normal ?

Télécharge ATF Cleaner par Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Refais moi un log HJT tout frais stp...

Ø Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport ici
0
marnat
 
Non Avira marche tjs pas, je continue selon tes consignes
A+
Merci
0
marnat
 
Nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22, on 19/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5490beca0f8640caadbf87a99211fc8f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5490beca0f8640caadbf87a99211fc8f
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{290727F7-E3C8-4D3B-8BD9-984554C2B1DC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{61C022A9-7CDA-442C-9101-8F3F68DA1125}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{290727F7-E3C8-4D3B-8BD9-984554C2B1DC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{290727F7-E3C8-4D3B-8BD9-984554C2B1DC}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{290727F7-E3C8-4D3B-8BD9-984554C2B1DC}: NameServer = 212.27.53.252,212.27.54.252
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 13 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Désinstale Avira antivir correctement
http://www.avira.com/en/documents/utils/av7_tools/en/avuninstXPeng.zip

Télécharge le a nouveau sur le lien suivant et installe le :
http://site-naheulbeuk.com/
Tu as un tutoriel pour t'aider.

Redémarre en mode sans échec !
Pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.
0
marnat
 
Re,

En fait erreur de saisie, il s'éteint à 70% en mode sans echec, par contre en mode normal il a été jusqu'au bout,
je te mets le rapport ci dessous :
Il m'a détecté un truc sur superantispyware je l'ai désinstallé, je le remettrais + tard.

Au démarrage, je n'ai tjs plus spybot, zone alarm, je dois les désinstaller et les ré-installer ?

Ma connection wifi ou ethernet est Ok car j'arrive à lancer Thunderbird, à recevoir mes mails, à charger des maj (Antivir) mais Internet fonctionne tjs très tres mal, hier soir, j'ai réussi à me connecter, mais le temps d'écrire ce message et de valider, ma connexion s'est interrompue et je n'arrive plus à recharger ma page d'accueil.
Ce matin Internet : ca mouline dans le vide

Encore merci pour ton aide
A+


Avira AntiVir Personal
Report file date: mercredi 19 novembre 2008 20:35

Scanning for 1042450 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PROPRI-92AE593E

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:13:10
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 18:13:12
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 18:13:13
ANTIVIR3.VDF : 7.1.0.110 109568 Bytes 19/11/2008 18:13:14
Engineversion : 8.2.0.34
AEVDF.DLL : 8.1.0.6 102772 Bytes 19/11/2008 18:13:28
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 19/11/2008 18:13:27
AESCN.DLL : 8.1.1.5 123251 Bytes 19/11/2008 18:13:26
AERDL.DLL : 8.1.1.3 438645 Bytes 19/11/2008 18:13:25
AEPACK.DLL : 8.1.3.4 393591 Bytes 19/11/2008 18:13:24
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 19/11/2008 18:13:23
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 19/11/2008 18:13:22
AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 18:13:19
AEGEN.DLL : 8.1.1.4 319861 Bytes 19/11/2008 18:13:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 19/11/2008 18:13:17
AECORE.DLL : 8.1.5.0 172407 Bytes 19/11/2008 18:13:16
AEBB.DLL : 8.1.0.3 53618 Bytes 19/11/2008 18:13:16
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 19/11/2008 18:13:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 19 novembre 2008 20:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '55' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '497473a8.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP512\A0090845.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '49547458.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP512\A0090850.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4954745b.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP512\A0090868.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '49547460.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP512\A0090873.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49547463.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP512\A0091867.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '49547467.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP512\A0091875.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4954746a.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP513\A0091901.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547470.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP513\A0091913.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '49547472.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP513\A0091917.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49547475.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP513\A0091922.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547477.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP513\A0091923.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547479.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091925.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954747c.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091928.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954747e.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091929.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547480.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091935.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49547483.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091937.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49547485.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091941.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '49547487.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091963.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954748a.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091975.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '4954748c.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091980.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4954748f.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091985.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547491.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0091986.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954749e.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0092000.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '4954749f.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0092004.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4ad0d920.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0092020.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '495474a0.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0092023.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4ad0d921.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0092031.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '495474a2.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0092032.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0db5b.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP514\A0092033.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '495474a4.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP516\A0095468.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '4954753a.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP516\A0095471.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4ad0dac3.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP516\A0095474.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954753b.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP516\A0095475.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0dac4.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP516\A0095476.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954753c.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0095503.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '4954753f.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096541.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '49547565.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096549.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49547566.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096550.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da9f.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096566.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '49547567.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096572.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4ad0da90.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096573.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547568.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096574.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da91.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096575.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547569.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096591.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954756a.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096592.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da93.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096595.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '4954756c.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096601.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954756b.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096603.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da94.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096604.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da95.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096607.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954756e.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096608.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4954756d.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096609.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da96.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096611.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da97.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096613.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547560.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096614.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '4954756f.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096615.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da88.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096616.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547570.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096619.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da89.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096621.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547571.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096626.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da8a.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096633.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547572.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096635.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547573.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096637.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da8c.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096638.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to '49547574.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096643.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547575.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096644.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da8e.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096645.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547576.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096647.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da8f.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096658.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '49547578.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP518\A0096661.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was moved to '4ad0da81.qua'!
C:\System Volume Information\_restore{4B22B315-B3A8-47A8-9373-FEA19C7D1EA3}\RP519\A0096712.exe
[DETECTION] Contains recognition pattern of the WORM/Srosa.A worm
[NOTE] The file was moved to '4954757c.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mercredi 19 novembre 2008 21:40
Used time: 1:04:54 Hour(s)

The scan has been done completely.

7893 Scanning directories
333937 Files were scanned
72 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
72 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
333862 Files not concerned
3511 Archives were scanned
3 Warnings
72 Notes
0
Réponse 14 / 17
marnat
 
L'ordi vient de s'éteindre à environ 7% de fichiers scannés, je relance.
A+
0
Réponse 15 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Re,
Désolé, j'a du m'absenter hier...

Tout se trouve dans la restauration système.

Pour le nettoyer, il suffit de la désactiver, et la réactiver pour ainsi créer un point de restauration propre !

Désactive ta "Restauration du système" puis réactive la.

(1) Désactivation
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case " Désactiver la Restauration du système sur tous les lecteurs"
Appliquer . patiente jusqu a que cela soit marqué "désactivée" puis Ok.

(2) Activation
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
Appliquer. attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur !

Regarde ici pour ta connexion
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#restore
0
Réponse 16 / 17
marnat
 
Merci encore pour ta réponse,

Concernant Internet, je ne pense pas que ma connexion soit en cause (je ne peux pas tester) je ne suis pas chez moi, car j'arrive à aller sous Thunderbird, recevoir des mails et j'arrive à faire mes maj de logiciels sécurité.
J'essaie ce soir de réparer ma connexion en rentrant et je te tiens informé.

Merci

A+
0
Réponse 17 / 17
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Alors ?

De bonnes nouvelles ?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses