Posez votre question Signaler

Infecté par des virus popup [Résolu]

Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention - Dernière réponse le 1 avril 2010 à 11:52
Bonjour,
J'ai des problèmes avec mon portable. J'ai des virus popup dont je ne suis pas capable de me débarassé. Merci à celui qui va me donner un coup de pouce
Lire la suite 

Infecté par des virus popup »

19 réponses
Réponse
+1
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 24 mars 2010 à 01:17
salut ;

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"



Ajouter un commentaire
Jeanlafontaine67- 24 mars 2010 à 02:06
List'em by g3n-h@ckm@n 1.6.0.4

User : Administrateur (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 20:25:33 | 2010-03-23

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local | 68,36 Go (42,46 Go free) | NTFS
D:\ -> Disque fixe local | 29,29 Go (28,89 Go free) [DONNEES] | NTFS
E:\ -> Disque fixe local | 14,13 Go (14,07 Go free) [GHOST] | NTFS
F:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\bill104.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.EXE
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\findstr.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LightScribe Control Panel REG_SZ C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
feedreader.exe REG_SZ "C:\Program Files\FeedReader30\feedreader.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Gestionnaire Antidote.exe REG_SZ C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsmqIntCert REG_SZ regsvr32 /s mqrt.dll
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe
SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
PDF Complete REG_SZ "C:\Program Files\PDF Complete\pdfsty.exe"
PTHOSTTR REG_SZ C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
CognizanceTS REG_SZ rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
Recguard REG_SZ C:\WINDOWS\Sminst\Recguard.exe
Reminder REG_SZ C:\WINDOWS\Creator\Remind_XP.exe
Scheduler REG_SZ C:\WINDOWS\SMINST\Scheduler.exe
Cpqset REG_SZ C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
WatchDog REG_SZ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
AccelerometerSysTrayApplet REG_SZ C:\WINDOWS\system32\AccelerometerSt.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ShStatEXE REG_SZ "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI REG_SZ "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
<NO NAME> REG_SZ
lxdxmon.exe REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
lxdxamon REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
sysfbtray REG_SZ C:\windows\bill104.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ APSHook.dll,wbsys.dll

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ administrateur
AltDefaultDomainName REG_SZ MARTINEAUJ
DefaultDomainName REG_SZ MARTINEAUJ
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
DisableCAD REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ PROTIC
DCacheUpdate REG_BINARY aebcef61e3caca01
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\DomainCache

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
C:\WINDOWS\SMINST\Scheduler.exe REG_SZ C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\McAfee\Common Framework\FrameworkService.exe REG_SZ C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\WINDOWS\system32\lxdxcoms.exe REG_SZ C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor
C:\WINDOWS\system32\lxdxcfg.exe REG_SZ C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Documents and Settings\Administrateur\Local Settings\Temp\7zS21.tmp\SymNRT.exe REG_SZ C:\Documents and Settings\Administrateur\Local Settings\Temp\7zS21.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe:*:Enabled:Lexmark Web Gateway
C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe:*:Enabled:
C:\Program Files\Armagetron Advanced\armagetronad.exe REG_SZ C:\Program Files\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad
C:\Program Files\Safari\Safari.exe REG_SZ C:\Program Files\Safari\Safari.exe:*:Enabled:Safari

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Disabled:Printer Device Monitor
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

DNS Server Search Order: 24.200.243.189
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.hp.com

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
68,36 Go total, 42,46 Go libre (62%), 12% fragment' (fragmentation du fichier 25%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Present !! : C:\WINDOWS\002718_.tmp
Present !! : C:\WINDOWS\bk23567.dat
Present !! : C:\WINDOWS\fdgg34353edfgdfdf
Present !! : C:\WINDOWS\lgo
Present !! : C:\WINDOWS\ligh
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : C:\WINDOWS\System32\x64
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 21:02:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:02:49,56
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 24 mars 2010 à 05:45
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 25 mars 2010 à 00:15
Kill'em by g3n-h@ckm@n 1.6.0.4

User : Administrateur (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 18:02:25 | 2010-03-24

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local | 68,36 Go (42,48 Go free) | NTFS
D:\ -> Disque fixe local | 29,29 Go (28,89 Go free) [DONNEES] | NTFS
E:\ -> Disque fixe local | 14,13 Go (14,07 Go free) [GHOST] | NTFS
F:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SMINST\PCAngel.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Quarantined & Deleted !! : C:\WINDOWS\002718_.tmp
Quarantined & Deleted !! : C:\WINDOWS\bk23567.dat
Quarantined & Deleted !! : C:\WINDOWS\fdgg34353edfgdfdf
Quarantined & Deleted !! : C:\WINDOWS\lgo

Quarantined & Deleted !! : C:\WINDOWS\System32\_003083_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\x64
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467594.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467926.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146111103.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146114101.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\01011201014650115.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat

==============
host file OK !
==============

========
Registry
========

Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 25 mars 2010 à 00:33
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur "all"

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 25 mars 2010 à 02:18
Bonjour,
Votre lien de Oldtimer ne fonctionne pas,
ci vous ;e pouvez, il serait gentil de le réparer

 Ajouter un commentaire
gen-hackman- 25 mars 2010 à 02:32
desactive ton antivirus pour le telecharger
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 26 mars 2010 à 00:47
Bonjour,
voici mes liens:

OTL.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsJ8Z1O6.txt



Extras.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsxwouar.txt

 Ajouter un commentaire
Jeanlafontaine67- 26 mars 2010 à 00:50
Bonjour,
est-t-il grave que je ne l'ai pas fait en administrateur?
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 26 mars 2010 à 00:59
Bonjour,

Voici eux de ma session administrateur:

Otl: http://www.cijoint.fr/cjlink.php?file=cj201003/cijntQjt2p.txt


Extras: http://www.cijoint.fr/cjlink.php?file=cj201003/cijzipIS1q.txt

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 26 mars 2010 à 11:12
▶ Télécharge UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 26 mars 2010 à 22:54
############################## | UsbFix V6.100 |

User : Administrateur (Administrateurs) # MARTINEAUJ
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:52:02 | 2010-03-26
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local # 68,36 Go (42,37 Go free) # NTFS
D:\ -> Disque fixe local # 29,29 Go (28,89 Go free) [DONNEES] # NTFS
E:\ -> Disque fixe local # 14,13 Go (14,07 Go free) [GHOST] # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 1,88 Go (1,85 Go free) # FAT

################## | Elements infectieux |

G:\autorun.inf

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

################## | Vaccin |


################## | ! Fin du rapport # UsbFix V6.100 ! |

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 26 mars 2010 à 23:45
ok option 2...............

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 26 mars 2010 à 23:56
Je pense que ce virus n'est plus dans mon ordinateur. Aujourd'hui, je n'ai remarqué aucun acte de virus

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 27 mars 2010 à 00:09
et ca c'est quoi ?

HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 31 mars 2010 à 23:40
J'ai trouvé le nom du virus qui est dans mon ordinateur

il s'agit de Xp defender pro

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 1 avril 2010 à 00:10
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)


Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Jeanlafontaine67 10Messages postés 24 mars 2010Date d'inscription 5 janvier 2012Dernière intervention 1 avril 2010 à 02:58
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3939

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-03-31 20:50:20
mbam-log-2010-03-31 (20-50-20).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 250479
Temps écoulé: 1 heure(s), 19 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 11
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 61

Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swoko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql600oko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QL600OKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWOKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvc (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d46908fb-4d97-4c4d-8d00-02d665cf8b7e}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpq.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\00004baa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DQPU513E\Setup_312s2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IF9OETQO\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\LHZ99H29\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269302769.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269308610.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352672.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269363783.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364268.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269383009.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269436294.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\F5SCEZCJ\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[3].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\K1TJ8MEF\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\Setup_312s1[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\UMSPI9ON\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\ZR6NXQ3E\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Mes documents\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269296700.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269302825.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269383250.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269388273.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467594.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467926.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096703.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096704.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096705.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096706.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096707.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096708.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill104.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mrxoko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00004c8e.tmp (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269458438.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269466737.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146114101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\01011201014650115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269300841.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301142.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301143.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301144.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301149.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301150.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352977.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352979.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352981.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352983.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364570.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364571.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
gen-hackman 68344Messages postés 30 avril 2008Date d'inscription 11 juin 2011Dernière intervention 1 avril 2010 à 11:52
je peux avoir le rapport de usbfix option suppression ?

Ajouter un commentaire
Ajouter un commentaire
Posez votre question
Ce document intitulé « Infecté par des virus popup » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
Passage au tout numérique : quel coût pour les particuliers ?