Sujet Précédent Sujet Suivant

Manque fichier elxstor.sys

Fermé
kalmoon - 16 sept. 2008 à 13:23
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 16 sept. 2008 à 21:00
Bonjour,

J'espère que vous allez pouvoir m'aider car j'ai un gros souci avec Windows Vista edition familiale premium.
Lorsque je démarre mon ordinateur celui-ci se bloque juste après la page de depart.
Il m'affiche le message d'erreur suivant : manque le fichier suivant :\windows\system32\drivers\elxstor.sys puis
0xc000000d.

Je pense que ça vient d'un virus mais pas sur.Avant j'avais windows XP et j'ai installé la mise à jour windows vista qui tourne depuis 4 mois.

J'ai aussi remarque que la pendule n'est plus jour. Si je la modifie, le lendemain quand je redémarre mon ordi elle n'est plus à jour.

Je vous joins les rapports de AVG, Bitdefender et Hijackthis.

Je vous remercie par avance de toute l'aide que vous pourrez m'apporter.

AVG

--------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 10:12:32 11/09/2008

+ Résultat de l'analyse:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoré.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoré.
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-1547161642-436374069-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoré.
:mozilla.168:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.171:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.247realmedia : Ignoré.
:mozilla.189:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.195:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.2o7 : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@avgtechnologies.112.2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
:mozilla.179:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.180:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.183:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.184:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.185:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.186:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.187:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.190:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adrevolver : Ignoré.
:mozilla.103:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Adtech : Ignoré.
:mozilla.89:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.90:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.91:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.95:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Advertising : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
:mozilla.159:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
:mozilla.191:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.100:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
:mozilla.98:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
:mozilla.99:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
:mozilla.66:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.263:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Estat : Ignoré.
:mozilla.182:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Euroclick : Ignoré.
:mozilla.188:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Euroclick : Ignoré.
:mozilla.61:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Fastclick : Ignoré.
:mozilla.62:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Fastclick : Ignoré.
:mozilla.63:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Fastclick : Ignoré.
:mozilla.64:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Fastclick : Ignoré.
:mozilla.65:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Fastclick : Ignoré.
:mozilla.248:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Googleadservices : Ignoré.
:mozilla.262:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignoré.
:mozilla.264:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignoré.
:mozilla.132:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignoré.
:mozilla.140:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Overture : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@real[2].txt -> TrackingCookie.Real : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.83:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.84:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.85:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.86:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.122:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Statcounter : Ignoré.
:mozilla.109:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.112:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.113:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.115:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.117:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.181:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignoré.
:mozilla.217:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.218:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.219:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.220:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.223:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.224:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.225:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.226:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.255:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.51:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.52:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.53:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.54:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@cetelem.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@cetelem.solution.weborama[3].txt -> TrackingCookie.Weborama : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\blackspirit@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignoré.
:mozilla.110:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.111:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.114:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.116:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.118:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.119:F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Mozilla\Firefox\Profiles\mrc7vjnm.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
F:\Windows.old.000\Users\BLACKSPIRIT\AppData\Roaming\Microsoft\Windows\Cookies\blackspirit@zedo[2].txt -> TrackingCookie.Zedo : Ignoré.


Fin du rapport

Bitdefender

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Thu, Sep 11, 2008 - 12:01:06</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:36:16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">567572</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">27841</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4138</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">52366</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1759763</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">43</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">G:\sauvegarde\Programmes\telechargement\EDONKEY\edonkey053.exe=>(NSIS o)=>zlib_nsis0008</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Application.Overnet.H</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">G:\sauvegarde\Programmes\telechargement\EDONKEY\edonkey053.exe=>(NSIS o)=>zlib_nsis0008</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">G:\sauvegarde\Programmes\telechargement\EDONKEY\edonkey053.exe=>(NSIS o)=>zlib_nsis0008</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">G:\sauvegarde\Programmes\telechargement\EDONKEY\edonkey053.exe=>(NSIS o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:20, on 11/09/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\CCleaner\CCleaner.exe
F:\Windows.old.000\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\kalmoon\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CDC8769-0918-4FCE-B5B7-A342CE24A6E3}: NameServer = 81.253.149.1 80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

3 réponses

Réponse 1 / 3
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 sept. 2008 à 13:52
slt
je ne comprends pas ton rapport hijakchtis montre windows XP sans le sp1 et SP2 et non vista?


Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal


________________________


vire ce qui a été trouvé pas AVG antispyware

________________________

le rapport bitdefender est ininterpretable, il faut un rapport donnant le nom des infections et les fichiers inféctés


________________________

ensuite pour voir:

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
1
Réponse 2 / 3
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 sept. 2008 à 21:00
sur cet ordi qui est sous XP : il faut absolument mettre rapidement un parefeu et un antivirus sinon il sera infécté:


PAREFEU en mettre un des suivant:

Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm



___________________

installe un antivirus comme antivir gratuit:


https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)


______________________

ensuite mets a jour windows avec le SP2 et SP3: DEMARRER puis TOUS LES PROGRAMMEs puis WINDOWS UPDATE

_______________________

remets ensuite un rapport hijactkhsi et dis si tu peut desormais mettre vista sur cet ordi
1
Réponse 3 / 3
kalmoon
16 sept. 2008 à 17:07
merci pour ta réponse jlpjlp,

Pour pouvoir utiliser mon ordinateur, j'ai installé mon ancien disque dur que j'avais reformaté avec l'ancienne version de windows Xp sans les mises a jour.

J'ai essayé d'installer windows vista sur celui-ci mais j'ai toujours la même réponse.

Mon ancien disque dur est sous la racine c et le nouveau qui ne marche pas et sous f et g car il y a une partition.

Je vais suivre tes conseils et je mettrais mon rapport.

Encore merci la rapidité de ta réponse.
0
kalmoon
16 sept. 2008 à 20:44
jlpjlp,

Voici le rapport de combofix et que celui-ci sera utilisable :

ComboFix 08-09-15.02 - kalmoon 2008-09-16 20:31:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.765 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\kalmoon\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof


((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.

2008-09-11 10:16 . 2008-09-11 12:15 <REP> d-------- C:\Windows\BDOSCAN8
2008-09-11 10:15 . 2008-09-11 10:15 <REP> d---s---- C:\Documents and Settings\kalmoon\UserData
2008-09-11 09:04 . 2008-09-11 09:04 <REP> d-------- C:\Documents and Settings\kalmoon\Application Data\Grisoft
2008-09-11 09:03 . 2008-09-11 09:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-11 09:03 . 2007-05-30 14:10 10,872 --a------ C:\Windows\system32\drivers\AvgAsCln.sys
2008-09-11 08:51 . 2008-09-11 08:51 <REP> d-------- C:\Program Files\CCleaner
2008-09-08 19:35 . 2008-09-08 19:35 <REP> d-------- C:\Program Files\THQ
2008-09-07 04:56 . 2008-09-07 04:56 98,304 --a------ C:\Windows\system32\CmdLineExt.dll
2008-09-07 04:49 . 2003-05-30 09:00 1,962,496 --a------ C:\Windows\system32\quartz.dll
2008-09-07 04:47 . 2008-09-07 04:47 <REP> d-------- C:\Program Files\Ubisoft
2008-09-07 01:21 . 1999-01-25 13:00 143,872 --------- C:\Windows\system32\iacenc.dll
2008-09-07 01:21 . 1999-01-25 13:00 56,832 --------- C:\Windows\system32\iyvu9_32.dll
2008-09-07 01:20 . 2008-09-07 01:20 <REP> d-------- C:\Program Files\Microsoft Games
2008-09-06 21:58 . 2008-09-06 21:58 1,224 --a------ C:\Windows\mozver.dat
2008-09-06 20:50 . 2008-09-06 20:50 <REP> d-------- C:\Documents and Settings\kalmoon\Application Data\DivX
2008-09-06 20:49 . 2008-09-06 20:50 <REP> d-------- C:\Program Files\DivX
2008-09-06 20:39 . 2008-09-06 20:39 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-09-06 20:38 . 2008-09-06 20:38 <REP> d-------- C:\Program Files\Real
2008-09-06 20:38 . 2008-09-06 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-09-06 20:36 . 2008-09-06 20:36 316,640 --a------ C:\Windows\WMSysPr9.prx
2008-09-06 15:43 . 2008-09-06 15:43 <REP> d-------- C:\Boot
2008-09-06 15:25 . 2008-09-10 04:53 <REP> d-------- C:\Program Files\eMule
2008-09-06 15:03 . 2008-09-06 15:03 <REP> d-------- C:\Documents and Settings\kalmoon\Application Data\vlc
2008-09-06 15:02 . 2008-09-06 15:02 <REP> d-------- C:\Program Files\VideoLAN
2008-09-06 14:01 . 2008-09-06 14:01 296,860 --a------ C:\upload_moi_KALMOON-5OVKM7N.tar.gz
2008-09-06 13:30 . 2006-11-02 11:53 438,840 -rahs---- C:\bootmgr
2008-09-06 12:49 . 2008-09-06 12:49 4,096 --a------ C:\Windows\d3dx.dat
2008-09-06 11:00 . 2001-08-17 22:03 21,760 --a--c--- C:\Windows\system32\dllcache\usbstor.sys
2008-09-06 10:57 . 2008-09-06 10:57 <REP> d-------- C:\Documents and Settings\kalmoon\Application Data\Talkback
2008-09-06 10:55 . 2008-09-06 10:55 <REP> d-------- C:\Windows\nview
2008-09-06 10:55 . 2007-06-29 00:43 356,352 --a------ C:\Windows\system32\nvudisp.exe
2008-09-06 10:55 . 2008-09-06 10:56 127,254 --a------ C:\Windows\system32\nvapps.xml
2008-09-06 10:55 . 2007-06-29 00:43 17,463 --a------ C:\Windows\system32\nvdisp.nvu
2008-09-06 10:08 . 2004-08-23 14:50 32,768 --a------ C:\Windows\system32\WooDial2000.dll
2008-09-06 10:06 . 2008-09-06 10:06 <REP> d-------- C:\Program Files\SAGEM
2008-09-06 10:05 . 2008-09-16 20:35 <REP> d-------- C:\Program Files\Wanadoo
2008-09-06 10:05 . 2008-09-06 10:05 <REP> d-------- C:\Program Files\Securitoo
2008-09-01 06:31 . 2001-08-17 22:59 3,072 --a------ C:\Windows\system32\drivers\audstub.sys
2008-09-01 06:30 . 2001-08-23 18:47 70,144 --a------ C:\Windows\system32\usbui.dll
2008-09-01 06:30 . 2001-08-23 18:18 56,960 --a------ C:\Windows\system32\drivers\redbook.sys
2008-09-01 06:30 . 2001-08-17 23:02 9,728 --a------ C:\Windows\system32\drivers\gameenum.sys
2008-09-01 06:29 . 2008-09-01 06:29 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
2008-09-01 06:29 . 2008-09-01 06:29 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-09-01 06:29 . 2008-09-06 09:05 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
2008-09-01 06:29 . 2008-09-01 06:29 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-09-01 06:29 . 2008-09-01 06:29 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
2008-09-01 06:29 . 2008-09-01 06:29 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-09-01 06:29 . 2008-09-01 06:29 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-09-01 06:29 . 2008-09-01 06:29 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
2008-09-01 06:29 . 2008-09-07 01:19 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
2008-09-01 06:29 . 2008-09-01 06:29 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-09-01 06:29 . 2008-09-06 20:37 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-09-01 06:29 . 2008-09-11 09:03 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-09-01 06:28 . 2008-09-11 10:18 <REP> d-------- C:\Windows\system32\CatRoot2
2008-09-01 06:28 . 2008-09-01 06:29 <REP> d-------- C:\Windows\system32\CatRoot
2008-09-01 06:28 . 2008-09-06 09:08 <REP> d--h----- C:\Documents and Settings\Default User
2008-09-01 06:28 . 2008-09-06 09:08 <REP> d-------- C:\Documents and Settings\All Users
2008-09-01 06:28 . 2008-09-06 09:12 <REP> d-------- C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 02:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 08:06 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-09-06 08:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-06 07:37 --------- d-----w C:\Program Files\AMD
2008-09-06 07:36 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-09-06 07:36 --------- d-----w C:\Program Files\AvRack
2008-09-06 07:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-06 07:06 --------- d-----w C:\Program Files\Services en ligne
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13312]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\System32\nvraidservice.exe" [2004-06-11 83968]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-06-29 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-06 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 C:\Windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-06-29 C:\Windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13312]

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
.
.
------- Examen suppl‚mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\kalmoon\Application Data\Mozilla\Firefox\Profiles\6k1vwpyc.default\
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\nppdf32.dll
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\nppl3260.dll
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\nprjplug.dll
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
FF -: plugin - F:\Windows.old.000\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 20:34:39
Windows 5.1.2600 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\FTRTSVC.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\wdfmgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\ALERTM~1\ALERTM~1.EXE
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-16 20:36:32 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-16 18:36:29

Avant-CF: 120,734,138,368 octets libres
AprŠs-CF: 120,698,662,912 octets libres

165

Bon courage pour l'interprétation et merci pour ton aide
0