Smitfraud, virtuemonde, etc

Loreley -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 10 déc. 2008 à 14:07

Bonjour,
mon ordi tourne au ralentit ces derniers temps, et spybot a trouvé entre pas mal d'autres choses, smitfraud et virtuemonde. J'ai lancé malwarebytes anty malwares hier soir et ce matin, j'ai fait un rapport avec highjackthis, installé directement sous c:// et voila ce que ca donne:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:21, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {376EFD74-7AA4-44A4-9E39-E374ED3139A9} - (no file)
O2 - BHO: (no name) - {517CECB0-9112-4963-A15A-AF69C88C4C74} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {EC8B2BD1-8915-41F2-80AC-DF1609DBD0F6} - (no file)
O2 - BHO: (no name) - {F651F0C7-057A-4D0D-A9D5-9FC2EE283400} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Afficher la suite

12 réponses

Réponse 1 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
C:\Windows\system32\YUR6.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Loreley

coucou,
j'ai téléchargé OTMoveIt, mais il n'a pas trouvé le fichier dont tu parles. Voici le rapport:

========== FILES ==========
File/Folder C:\Windows\system32\YUR6.exe not found.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12092008_133730

je vais télécharger combofix.

bisous et merci de ton aide

Réponse 2 / 12

zorinho Messages postés 829 Statut Membre 51

Salut,

peux-tu également coller le rapport de MBAM (Malwarebyte's antimalware) ici?

Cela pourra vraiment aider les helpers.

Zor

Loreley

le voila

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1475
Windows 5.1.2600 Service Pack 3

09/12/2008 09:32:01
mbam-log-2008-12-09 (09-32-01).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 249746
Temps écoulé: 1 hour(s), 40 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 92

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{bab8f6dc-41b1-440f-a066-aac224906880} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{129d532e-e2ec-4527-b4ba-4626830efe18} (Rogue.MicroAV) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1f50ba4a-870f-4f5f-924b-e02aafb954bb} (Rogue.MicroAV) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0f056d0d-2622-48b4-bba3-4f9bc38650da} (Rogue.MicroAV) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e7b37eaf-3ee8-4dd9-8acb-57a61da2aa95} (Rogue.MicroAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{129d532e-e2ec-4527-b4ba-4626830efe18} (Rogue.MicroAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376efd74-7aa4-44a4-9e39-e374ed3139a9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bab8f6dc-41b1-440f-a066-aac224906880} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376efd74-7aa4-44a4-9e39-e374ed3139a9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.bqxp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bab8f6dc-41b1-440f-a066-aac224906880} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{376efd74-7aa4-44a4-9e39-e374ed3139a9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rwlfsdmk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\dfmlxbpkbkl.dll (Rogue.MicroAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0099675.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100659.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100665.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100666.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100667.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100668.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100669.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100670.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100671.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100672.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0100675.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100730.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100732.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100734.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100735.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100736.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100737.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100738.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100739.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100740.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100746.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100747.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100749.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100751.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP634\A0100752.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100772.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100798.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100799.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100800.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100803.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100804.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100807.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100808.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100812.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100814.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100816.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100817.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100818.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100819.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100821.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100822.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100823.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100824.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100802.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100820.dll (Adware.Adspy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100999.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101001.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101227.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101228.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101229.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101230.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101231.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101232.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101233.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101234.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101244.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101247.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101265.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101266.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101283.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101287.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101291.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101292.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101293.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101294.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101297.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101298.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101299.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101300.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101301.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101302.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101303.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101306.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101307.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101309.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101310.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0101304.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0102356.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117142.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117143.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117144.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117145.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117146.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117147.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117148.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117149.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP698\A0117150.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\exwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johan\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Réponse 3 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok fais la suite

Loreley

voila le rapport de combofix:

ComboFix 08-12-07.04 - Dora 2008-12-09 13:54:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1534 [GMT 1:00]
Lancé depuis: c:\documents and settings\Dora\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\goydklws.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://lovelypornovideo.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))
.

2008-12-09 13:37 . 2008-12-09 13:37 <REP> d-------- C:\_OTMoveIt
2008-12-09 10:08 . 2008-12-09 10:08 396,288 --a------ C:\HJ.exe
2008-12-05 16:21 . 2008-12-05 16:21 <REP> d-------- c:\documents and settings\Emma\Application Data\DivX
2008-12-05 16:21 . 2008-12-05 16:21 268 --ah----- C:\sqmdata14.sqm
2008-12-05 16:21 . 2008-12-05 16:21 244 --ah----- C:\sqmnoopt14.sqm
2008-11-29 15:58 . 2008-11-29 15:58 <REP> d-------- c:\program files\iTunes
2008-11-29 15:58 . 2008-11-29 15:58 <REP> d-------- c:\program files\iPod
2008-11-29 15:58 . 2008-11-29 15:58 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 15:57 . 2008-11-29 15:57 <REP> d-------- c:\program files\QuickTime
2008-11-29 15:57 . 2008-11-29 15:57 <REP> d-------- c:\program files\Bonjour
2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe
2008-11-21 22:47 . 2008-11-21 22:47 9,878 --a------ c:\windows\system32\dsm_fr.qm
2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb
2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll
2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll
2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll
2008-11-18 20:32 . 2008-11-18 20:32 <REP> d-------- c:\temp\google
2008-11-18 20:32 . 2008-11-18 20:32 <REP> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 12:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-09 12:48 --------- d-----w c:\program files\Skype
2008-12-09 12:48 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-09 12:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 20:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-08 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-07 21:17 --------- d-----w c:\documents and settings\Dora\Application Data\uTorrent
2008-12-06 22:08 6,474 ----a-w c:\documents and settings\Dora\Application Data\wklnhst.dat
2008-12-04 10:29 --------- d-----w c:\program files\DivX
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-29 14:58 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-22 21:47 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-07 07:51 499,712 ----a-w c:\windows\system32\msvcp71.dll
2007-11-17 00:26 0 -c--a-w c:\documents and settings\Invité\Application Data\wklnhst.dat
2007-08-18 08:18 718 -c--a-w c:\documents and settings\Léa\Application Data\wklnhst.dat
2008-08-22 15:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082220080823\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Muscbrigade"="c:\musicbrigade\Musicbrigade.exe" [2005-12-22 40960]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe"="c:\windows\system32\bgsmsnd.exe" [2007-11-19 160136]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-07 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-12-07 49254]
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-07 113664]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-07 113664]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2006-12-22 161264]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2000-02-24 11970]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2000-02-24 207424]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2000-02-24 299843]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2000-02-24 148545]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2000-02-24 497216]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2000-02-24 23104]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-13 7040]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2000-02-24 215040]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{376EFD74-7AA4-44A4-9E39-E374ED3139A9} - (no file)
BHO-{517CECB0-9112-4963-A15A-AF69C88C4C74} - (no file)
BHO-{EC8B2BD1-8915-41F2-80AC-DF1609DBD0F6} - (no file)
BHO-{F651F0C7-057A-4D0D-A9D5-9FC2EE283400} - (no file)
HKCU-Run-\YUR6.exe - c:\windows\system32\YUR6.exe
HKLM-Run-Blubster - c:\program files\Blubster\Blubster.exe

.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Dora\Application Data\Mozilla\Firefox\Profiles\3mo5b3oh.default\
FF -: plugin - c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 13:57:59
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-12-09 13:58:47
ComboFix-quarantined-files.txt 2008-12-09 12:58:26

Avant-CF: 128,883,261,440 octets libres
Après-CF: 132,460,785,664 octets libres

167 --- E O F --- 2008-09-10 22:42:38

Réponse 4 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-----------------------

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Loreley

coucou,
alors, j'ai réparé trois fois le registre avec ccleaner, puis j'ai fait le rapport que tu m'a demandé, le voila:
merci encore!!!

Search Navipromo version 3.6.9 began on 09/12/2008 at 14:41:25.29

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "Dora"

Updated on 05.11.2008 at 21h00 by IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Version Internet Explorer : 7.0.5730.11
Filesystem type : NTFS

Search done in normal mode

*** Searching for installed Software ***

*** Search folders in "C:\WINDOWS" ***

*** Search folders in "C:\Program Files" ***

*** Search folders in "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Search folders in "C:\Documents and Settings\All Users\menudm~1" ***

*** Search folders in "c:\docume~1\alluse~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\Dora\applic~1" ***

*** Search folders in "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\Emma\applic~1" ***

*** Search folders in "C:\DOCUME~1\INVIT~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\LA4770~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\SRAPHI~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\Dora\locals~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\Emma\locals~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\LA4770~1\locals~1\applic~1" ***

*** Search folders in "C:\DOCUME~1\SRAPHI~1\locals~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\Dora\menudm~1\progra~1" ***

*** Search folders in "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Search folders in "C:\DOCUME~1\Emma\menudm~1\progra~1" ***

*** Search folders in "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***

*** Search folders in "C:\DOCUME~1\LA4770~1\menudm~1\progra~1" ***

*** Search folders in "C:\DOCUME~1\SRAPHI~1\menudm~1\progra~1" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Dora\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\Emma\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\LA4770~1\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\SRAPHI~1\locals~1\applic~1" *

*** Search files ***

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In "C:\WINDOWS\system32" :

* In "C:\Documents and Settings\Dora\locals~1\applic~1" :

* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* In "C:\DOCUME~1\Emma\locals~1\applic~1" :

* In "C:\DOCUME~1\INVIT~1\locals~1\applic~1" :

* In "C:\DOCUME~1\LA4770~1\locals~1\applic~1" :

* In "C:\DOCUME~1\SRAPHI~1\locals~1\applic~1" :

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :

*** Search completed on 09/12/2008 at 14:47:08.42 ***

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

__________________

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com

encore des soucis?

Loreley

coucou, voila le rapport de TCLEANER:

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\hijackthis.log: trouvé !
C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Dora\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Dora\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\Dora\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Dora\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Dora\Bureau\OTMoveIt3.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Dora\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Dora\Bureau\Navilog1.exe: supprimé !
C:\Documents and Settings\Dora\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Dora\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\hijackthis.log: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Documents and Settings\Dora\Bureau\OTMoveIt3.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
Point de restauration crée !

mon ordinateur à l'air de bien fonctionner, faudrais juste que tu me confirmes qu'il est bien clean. Tu veux un nouveaux rapport HTJ ou est-ce-qu'il faut d'abbord que je fasse quelque chose d'autre?

Réponse 6 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

vire combofix manuellement

et remet un hijakchits et cela devrait etre bon!!!

Loreley

voila la nouveaux rapport HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:06, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\bgsmsnd.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\HJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 7 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

__________________

pour ta protection ad aware en gratuit necessite de tout faire manuellement , c'est comme cela , c'est le prix de la gratuité, mais ad aware est dépassé et spybot associé a malwarebyte c'est mieux

pour norton tu as bien fais de le virer!
pour la suite payante avec 9 pour 5 euros par moi cela ne vaut pas le coup! il existe des suite moins chère que cela comme Bitdefender qui revient a moitié prix car valable 2 ans, ou ANTIVIR ou KASPERSKY .....

sinon en gratuit:

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/

Réponse 8 / 12

zorinho Messages postés 829 Statut Membre 51

Salut,

j'anticipe...

1) Ad-aware ne sert strictement à rien...

Tu peux conserver Malwarebytesantimalware que tu mettras à jour pour faire des scans.

Superantispyware fait aussi des miracles http://www.commentcamarche.net/telecharger/telecharger 34055294 superantispyware

2) Comme antivirus gratuit, je te conseille Antivir (attention désinstalle-bien ton antivirus actuel)
http://www.commentcamarche.net/telecharger/telecharger 55 antivir

3) utilise un pare-feu, tel comodo firewall ou Jetico

tous ces logiciels sont gratuits

Bon surf

Zor

Loreley

Merci à vous deux. Je récapitule, j'ai refait le scan HJT et j'ai supprimer les entrées listées plus haut.
J'ai desinstallé Ad-aware et installé Antivir qui a déjà trouvé plusieurs virus (??), je les ai mis en quarantaine, je poste ca dès que le scan est finit.
J'ai desactivé le parefeu windows dans le centre de sécurité et j'ai installé Comodo. Par contre... y a rien qui s'ouvre, c'est normal? Dans le centre de sécurité Windows m'informe toujours que le parefeu est désactivé.
Je garde bien Malwarebytesantimalware, par contre, est ce que je garde aussi Spybot?
Bises

Réponse 9 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok colle le rapport antivir

et oui mets spybot avec malwarebyte

Loreley

bonsoir, voila le rapport antivir:

Avira AntiVir Personal
Report file date: 09 December 2008 20:32

Scanning for 1079796 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-14AAC46F927

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 14:54:24
ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 07/12/2008 14:54:24
ANTIVIR3.VDF : 7.1.0.211 55296 Bytes 09/12/2008 14:54:25
Engineversion : 8.2.0.43
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.18 336251 Bytes 09/12/2008 14:54:29
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.32 196987 Bytes 09/12/2008 14:54:29
AEHEUR.DLL : 8.1.0.74 1519990 Bytes 09/12/2008 14:54:28
AEHELP.DLL : 8.1.2.0 119159 Bytes 09/12/2008 14:54:26
AEGEN.DLL : 8.1.1.6 323955 Bytes 09/12/2008 14:54:26
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 09/12/2008 14:54:25
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 09 December 2008 20:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '72' files ).

Starting the file scan:

Begin scan in 'C:\' <467431>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP633\A0099673.exe
[0] Archive type: RAR SFX (self extracting)
--> 0.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 2.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 3.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 4.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 5.exe
[1] Archive type: RAR SFX (self extracting)
--> MicroAV.cpl
[DETECTION] Is the TR/FakeAV.BC.22 Trojan
[NOTE] The file was moved to '496ecf70.qua'!
C:\System Volume Information\_restore{CC82CBDC-DF61-4B78-84D3-C43A60C72CBD}\RP635\A0100796.exe
[0] Archive type: RAR SFX (self extracting)
--> 0.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 2.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 3.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 4.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 5.exe
[1] Archive type: RAR SFX (self extracting)
--> MicroAV.cpl
[DETECTION] Is the TR/FakeAV.BC.22 Trojan
[NOTE] The file was moved to '496fcf76.qua'!

End of the scan: 09 December 2008 21:22
Used time: 50:05 Minute(s)

The scan has been done completely.

9964 Scanning directories
485151 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
485137 Files not concerned
10031 Archives were scanned
6 Warnings
2 Notes

Réponse 10 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

vire ce qui est en quarantaine dans antivir

puis

désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis redemarre ton ordi
puis réactive la

et refais un scan antivir et colle le

Loreley

ca y est, c'est fait, voila le nouveau rapport.

Avira AntiVir Personal
Report file date: 10 December 2008 07:35

Scanning for 1080260 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-14AAC46F927

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 14:54:24
ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 07/12/2008 14:54:24
ANTIVIR3.VDF : 7.1.0.213 63488 Bytes 09/12/2008 06:34:33
Engineversion : 8.2.0.43
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.18 336251 Bytes 09/12/2008 14:54:29
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.32 196987 Bytes 09/12/2008 14:54:29
AEHEUR.DLL : 8.1.0.74 1519990 Bytes 09/12/2008 14:54:28
AEHELP.DLL : 8.1.2.0 119159 Bytes 09/12/2008 14:54:26
AEGEN.DLL : 8.1.1.6 323955 Bytes 09/12/2008 14:54:26
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 09/12/2008 14:54:25
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 10 December 2008 07:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'cssurf.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'googletalk.exe' - '1' Module(s) have been scanned
Scan process 'bgsmsnd.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'arpwrmsg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '70' files ).

Starting the file scan:

Begin scan in 'C:\' <467431>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: 10 December 2008 08:21
Used time: 45:58 Minute(s)

The scan has been done completely.

9711 Scanning directories
471880 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
471878 Files not concerned
10002 Archives were scanned
6 Warnings
0 Notes

Réponse 11 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok c'est bon!!!!

encore des soucis?

Loreley

non, tout à l'air bon. Merci!!!!!!!!!!!!!!!!!!!!!!!!

Réponse 12 / 12

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok bonne suite

Discussions similaires

Smitfraud-C

[XP] Desinfection smitfraud

triangle jaune infection smitfraud

Smitfraud, virtuemonde, etc

12 réponses

Votre réponse

Discussions similaires

Newsletters