Sujet Précédent Sujet Suivant

Nettoyage ordi

Résolu/Fermé
touptigus Messages postés 107 Date d'inscription mardi 22 juin 2010 Statut Membre Dernière intervention 18 juin 2013 - 23 nov. 2010 à 20:24
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 24 nov. 2010 à 18:11
Bonjour,
je suis en train d'essayer de nettoyer mon ordinateur. J'ai fait une analyse avec malwarebytes et voici le rapport d'erreur :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5176

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

23/11/2010 20:16:46
mbam-log-2010-11-23 (20-16-46).txt

Type d'examen: Examen complet (C:\|E:\|F:\|)
Elément(s) analysé(s): 206311
Temps écoulé: 1 heure(s), 39 minute(s), 37 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 77

Processus mémoire infecté(s):
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3F17C9F7-AF42-CFA9-E65E-012D444D2324} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslAgent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\winsys (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\systemcheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-3766517918-6540621917-854137244-2582\MsMxEng.exe,C:\RECYCLER\S-1-5-21-9868630856-2650523421-991837569-5330\sysdate.exe,explorer.exe,C:\RECYCLER\S-1-5-21-1876351025-4363918792-512183528-4058\MsMxEng.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\RECYCLERLS-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Delete on reboot.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\srhmoxc\winsys.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\RECYCLERLS-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe (Generic.Bot.H) -> Delete on reboot.
C:\Program Files\XP_Antispyware\AVEngn.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\XP_Antispyware\htmlayout.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1876351025-4363918792-512183528-4058\MsMxEng.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3766517918-6540621917-854137244-2582\MsMxEng.exe (Trojan.Inject) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-9868630856-2650523421-991837569-5330\sysdate.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\_scui.cpl (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\XP_Antispyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_Antispyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bruno1\Application Data\jimonepyn.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winSystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winSystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.


voilà avant d'avoir ce rapport j'ai eu un message disant qaue tout les fichiers n'avaient pas pu être détruit..... bon ma question est la suivante, je fais quoi maintenant?
A voir également:

9 réponses

Réponse 1 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 631
Modifié par Malekal_morte- le 23/11/2010 à 20:26
Salut,

Paye ta poubelle à malwares....

Sauvegarde tes documents importants.


Désactive les logiciels de protection (Antivirus, Antispywares) puis :

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

Eventuellement, installe la console de récupération comme cela est conseillé

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
et donne le lien ici :)

Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.


Proverbe Chinois : "Si tu sais mettre un bonnet sur la tete, tu sais mettre une capote"
0
Réponse 2 / 9
touptigus Messages postés 107 Date d'inscription mardi 22 juin 2010 Statut Membre Dernière intervention 18 juin 2013 4
23 nov. 2010 à 20:56
oki merci je fais ça tout de suite... et oui c'est une poubelle, je pensait que j'aurais eu plus le droit au terme decharge. Afin je suis surpris au'il fonctionne sans trop de problême....
0
Réponse 3 / 9
touptigus Messages postés 107 Date d'inscription mardi 22 juin 2010 Statut Membre Dernière intervention 18 juin 2013 4
23 nov. 2010 à 21:37
voici le rapport :
ComboFix 10-11-23.01 - Bruno1 23/11/2010 21:16:17.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.751.413 [GMT 1:00]
Lancé depuis: c:\documents and settings\Bruno1\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: VirusKeeper 2010 Pro antivirus *On-access scanning enabled* (Updated) {165EE528-D666-4745-B14E-AA998BBEC191}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bruno1\Cookies\felusyt.ban
c:\documents and settings\Bruno1\Cookies\fujyziv.bin
c:\documents and settings\Bruno1\Cookies\otapy.inf
E:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((((((( Fichiers créés du 2010-10-23 au 2010-11-23 ))))))))))))))))))))))))))))))))))))
.

2010-11-23 17:33 . 2010-11-23 17:33 -------- d-----w- c:\documents and settings\Bruno1\Application Data\Malwarebytes
2010-11-23 17:33 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-23 17:33 . 2010-11-23 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-23 17:33 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-23 17:32 . 2010-11-23 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 15:36 . 2009-07-20 15:36 19180 ----a-w- c:\program files\Fichiers communs\yxepe.pif
2008-11-05 20:26 . 2008-11-05 20:26 16435 ----a-w- c:\program files\Fichiers communs\etuvumu.dll
2008-11-05 20:26 . 2008-11-05 20:26 13765 ----a-w- c:\program files\Fichiers communs\egygicu.exe
2004-10-01 13:00 . 2007-09-29 15:40 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 204800]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tpwrtray"="TPWRTRAY.EXE" [2003-05-07 217088]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
"TI WLAN"="c:\program files\Wireless LAN Utility\TIWLANCu.exe" [2005-03-14 1150976]
"TFNF5"="TFNF5.exe" [2001-09-04 69632]
"PmProxy"="c:\program files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 40960]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-07-31 2037088]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-02 249896]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-12-25 159744]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2003-05-23 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-4-19 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8445:TCP"= 8445:TCP:BitComet 8445 TCP
"8445:UDP"= 8445:UDP:BitComet 8445 UDP

S3 ATMELWinXPPCMCIAFVNETR(2ARE)(R);ATMEL WinXP PCMCIAFVNETR(2ARE)(R) Service for ATMEL PCMCIA FastVNET (502A-E);c:\windows\system32\DRIVERS\fvnete51.sys --> c:\windows\system32\DRIVERS\fvnete51.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [07/08/2007 11:22 438912]
S3 wlags48b;Wireless LAN PCCard Driver;c:\windows\system32\drivers\wlags48b.sys [08/05/2003 10:29 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bruno1\Application Data\Mozilla\Firefox\Profiles\9icpinsg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-PowerBar - (no file)
HKCU-Run-DscProcUi - c:\windows\system32\uhgnijyd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 21:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? jt??9~????????????????A???????W???????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

Recherche de fichiers cachés ...


c:\documents and settings\Bruno1\Application Data\Skype\famillewarouxauperou\main.db-journal 12824 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2164)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Wireless LAN Utility\tiwlnsvc.exe
c:\windows\system32\TPWRTRAY.EXE
c:\windows\system32\TFNF5.exe
c:\windows\LTSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\hh.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2010-11-23 21:35:42 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-23 20:35

Avant-CF: 1 862 542 336 octets libres
Après-CF: 1 758 992 384 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

- - End Of File - - D464E3DBF49AFB78CAB38AD42E92108D
0
Réponse 4 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 631
Modifié par Malekal_morte- le 23/11/2010 à 21:41
C'est quoi ton lecteur E:\ ?
Car apparemment t'as un C:\ E:\ et F:\
C'est un truc branché ? style disque dur externe ?

Envoie ces fichiers sur http://upload.malekal.com :
c:\program files\Fichiers communs\yxepe.pif
c:\program files\Fichiers communs\etuvumu.dll
c:\program files\Fichiers communs\egygicu.exe

Vois si tu peux les supprimer.
Si tu n'y arrives pas, dis le moi.

Proverbe Chinois : "Si tu sais mettre un bonnet sur la tete, tu sais mettre une capote"
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
touptigus Messages postés 107 Date d'inscription mardi 22 juin 2010 Statut Membre Dernière intervention 18 juin 2013 4
23 nov. 2010 à 21:44
e: est une partition et f: est une clé usb....
j'envoie les fichiers et je supprime et ensuite?
et je te tiens au courant...
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 631
23 nov. 2010 à 21:44
oki.

oui fais ça.
0
Réponse 6 / 9
touptigus Messages postés 107 Date d'inscription mardi 22 juin 2010 Statut Membre Dernière intervention 18 juin 2013 4
23 nov. 2010 à 21:50
je n'ai pas pu envoyer le fichier yxepe.pif, il me dit au'il est impossible d'envoyer un fichier au format .pif

je suppose que je le supprime de toute façon? pour les deux autres, ça y est ils n'existent plus...
alors je supprime?
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 631
23 nov. 2010 à 21:53
renomme le .pif en .exe
Si tu sais pas faire laisse tomber.

Par contre t'as pas l'air d'avoir d'antivirus.......

Installe Antivir : https://www.malekal.com/avira-free-security-antivirus-gratuit/
Fais un scan complet et poste le rapport ici.
0
Réponse 7 / 9
touptigus Messages postés 107 Date d'inscription mardi 22 juin 2010 Statut Membre Dernière intervention 18 juin 2013 4
24 nov. 2010 à 16:53
voici le rapport, désolé j'ai été un peu long....



Avira AntiVir Personal
Report file date: mercredi 24 novembre 2010 14:38

Scanning for 3086742 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BRUNO

Version information:
BUILD.DAT : 10.0.0.596 31825 Bytes 16/11/2010 15:57:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02/08/2010 15:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 02/08/2010 15:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 15:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 15:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 15:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 13:29:39
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02/11/2010 13:29:58
VBASE010.VDF : 7.10.13.81 2048 Bytes 02/11/2010 13:29:59
VBASE011.VDF : 7.10.13.82 2048 Bytes 02/11/2010 13:29:59
VBASE012.VDF : 7.10.13.83 2048 Bytes 02/11/2010 13:30:00
VBASE013.VDF : 7.10.13.116 147968 Bytes 04/11/2010 13:30:01
VBASE014.VDF : 7.10.13.147 146944 Bytes 07/11/2010 13:30:06
VBASE015.VDF : 7.10.13.180 123904 Bytes 09/11/2010 13:30:08
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 13:30:09
VBASE017.VDF : 7.10.13.243 147456 Bytes 15/11/2010 13:30:11
VBASE018.VDF : 7.10.14.15 142848 Bytes 17/11/2010 13:30:12
VBASE019.VDF : 7.10.14.41 134144 Bytes 19/11/2010 13:30:14
VBASE020.VDF : 7.10.14.63 128000 Bytes 22/11/2010 13:30:16
VBASE021.VDF : 7.10.14.64 2048 Bytes 22/11/2010 13:30:16
VBASE022.VDF : 7.10.14.65 2048 Bytes 22/11/2010 13:30:16
VBASE023.VDF : 7.10.14.66 2048 Bytes 22/11/2010 13:30:17
VBASE024.VDF : 7.10.14.67 2048 Bytes 22/11/2010 13:30:17
VBASE025.VDF : 7.10.14.68 2048 Bytes 22/11/2010 13:30:18
VBASE026.VDF : 7.10.14.69 2048 Bytes 22/11/2010 13:30:18
VBASE027.VDF : 7.10.14.70 2048 Bytes 22/11/2010 13:30:18
VBASE028.VDF : 7.10.14.71 2048 Bytes 22/11/2010 13:30:19
VBASE029.VDF : 7.10.14.72 2048 Bytes 22/11/2010 13:30:19
VBASE030.VDF : 7.10.14.73 2048 Bytes 22/11/2010 13:30:19
VBASE031.VDF : 7.10.14.85 128000 Bytes 24/11/2010 13:30:22
Engineversion : 8.2.4.112
AEVDF.DLL : 8.1.2.1 106868 Bytes 02/08/2010 15:09:54
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 24/11/2010 13:30:59
AESCN.DLL : 8.1.7.2 127349 Bytes 24/11/2010 13:30:52
AESBX.DLL : 8.1.3.2 254324 Bytes 24/11/2010 13:31:01
AERDL.DLL : 8.1.9.2 635252 Bytes 24/11/2010 13:30:51
AEPACK.DLL : 8.2.3.11 471416 Bytes 24/11/2010 13:30:47
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 24/11/2010 13:30:44
AEHEUR.DLL : 8.1.2.44 3076471 Bytes 24/11/2010 13:30:42
AEHELP.DLL : 8.1.14.0 246134 Bytes 24/11/2010 13:30:31
AEGEN.DLL : 8.1.4.2 401781 Bytes 24/11/2010 13:30:30
AEEMU.DLL : 8.1.3.0 393589 Bytes 24/11/2010 13:30:27
AECORE.DLL : 8.1.18.1 196984 Bytes 24/11/2010 13:30:25
AEBB.DLL : 8.1.1.0 53618 Bytes 02/08/2010 15:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02/08/2010 15:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 02/08/2010 15:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 02/08/2010 15:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02/08/2010 15:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 02/08/2010 15:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02/08/2010 15:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02/08/2010 15:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02/08/2010 15:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: mercredi 24 novembre 2010 14:38

Starting search for hidden objects.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\parseautoexec
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\1\status
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\1\imagelist
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\1\status
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\1\status
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\1\status
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\System.Drawing.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\1\status
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\1\status
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ilusagemask
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\niusagemask
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\latestindex
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index61\niusagemask
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index61\ilusagemask
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index62\niusagemask
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index62\ilusagemask
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\loglevel
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Prefetcher\tracesprocessed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\pendingfilerenameoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'mscorsvw.exe' - '38' Module(s) have been scanned
Scan process 'mrtstub.exe' - '11' Module(s) have been scanned
Scan process 'windows-kb890830-v3.13.exe' - '25' Module(s) have been scanned
Scan process 'wuauclt.exe' - '42' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '27' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'netfxupdate.exe' - '11' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'jucheck.exe' - '44' Module(s) have been scanned
Scan process 'avcenter.exe' - '98' Module(s) have been scanned
Scan process 'wuauclt.exe' - '44' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'QuickDCF2.exe' - '28' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '45' Module(s) have been scanned
Scan process 'Apntex.exe' - '15' Module(s) have been scanned
Scan process 'vVX1000.exe' - '23' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process '00THotkey.exe' - '31' Module(s) have been scanned
Scan process 'Apoint.exe' - '39' Module(s) have been scanned
Scan process 'hkcmd.exe' - '39' Module(s) have been scanned
Scan process 'igfxtray.exe' - '39' Module(s) have been scanned
Scan process 'InCD.exe' - '27' Module(s) have been scanned
Scan process 'LTSMMSG.exe' - '19' Module(s) have been scanned
Scan process 'VProTray.exe' - '29' Module(s) have been scanned
Scan process 'PmProxy.exe' - '16' Module(s) have been scanned
Scan process 'TFNF5.exe' - '17' Module(s) have been scanned
Scan process 'TIWLANCu.exe' - '31' Module(s) have been scanned
Scan process 'TouchED.Exe' - '18' Module(s) have been scanned
Scan process 'TPWRTRAY.EXE' - '33' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'tiwlnsvc.exe' - '11' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'SMAgent.exe' - '14' Module(s) have been scanned
Scan process 'VProSvc.exe' - '48' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '20' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '19' Module(s) have been scanned
Scan process 'ALUSchedulerSvc.exe' - '27' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'Explorer.EXE' - '90' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '172' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '65' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '468' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP1\A0000249.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP1\A0000250.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
Begin scan in 'E:\' <disque restauration>

Beginning disinfection:
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP1\A0000250.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '47999277.qua'.
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP1\A0000249.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f0ebdd0.qua'.


End of the scan: mercredi 24 novembre 2010 17:00
Used time: 2:21:20 Hour(s)

The scan has been done completely.

5168 Scanned directories
245302 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
245300 Files not concerned
6856 Archives were scanned
0 Warnings
2 Notes
374697 Objects were scanned with rootkit scan
20 Hidden objects were found
0
Réponse 8 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 631
24 nov. 2010 à 17:42
Ca semble OK.

Si tu n'as plus de soucis, on peut cloturer.

Fais plus attention à l'avenir....

Maintiens tes logiciel à jour c'est important, utilise ce programme : /faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
Absolument à faire.

Les antivirus ne font pas tout en ce qui concerne la sécurité de ta machine (mettre à jour ses logiciels etc etc)
La meilleur protection reste de connaître les infections pour pouvoir les éviter et avoir de bonne habitude.
Donc faut se documenter.

Un peu de lecture pour éviter les infections :
- connaitre et éviter les infections : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
- sécuriser son PC : http://forum.malekal.com/comment-securiser-son-ordinateur.html
- lire : http://www.commentcamarche.net/faq/27128-malwares-quels-enjeux-version-synthese

Ce qu'il ne faut pas faire :
Je télécharge n'importe quoi - je m'infecte :
https://forums.commentcamarche.net/forum/affich-19719198-onglets-pub-intempestifs#14
https://forums.commentcamarche.net/forum/affich-18347759-le-nouveau-avast-sonne-trop-souvent#9
Je télécharge depuis n'importe où - je m'infecte : https://forums.commentcamarche.net/forum/affich-19916973-clickpotato-vlc-virus#6
Recommandations sur la sécurité : https://forums.commentcamarche.net/forum/affich-18680013-windows-7-et-antispyware#1

Fonctionnement de quelques catégories de malwares :
https://forums.commentcamarche.net/forum/affich-17725521-virus-programme-troyen
https://forums.commentcamarche.net/forum/affich-17746390-concernant-la-propagation-des-virus

Si tu as des questions sur le fonctionement des malwares.
N'hésite pas.

0
touptigus Messages postés 107 Date d'inscription mardi 22 juin 2010 Statut Membre Dernière intervention 18 juin 2013 4
24 nov. 2010 à 18:02
oki merci, le truc c'est que cette machine n'est pas connecté a internet, que je vis au pérou et que ici les virus c'est comme un fichier doc, tu en trouves a chaque coin de rue, que ça fait deux ans que je n'ai pas fait de chek up de cette machine et qu'un nombre incalculable de clé ont été connecté.
bref... je ne connecte plus rien....
merci encore
0
Réponse 9 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 631
24 nov. 2010 à 18:11
ha bha bon courage alors :)
0