Sujet Précédent Sujet Suivant

Virus msn "C'est toi!!??"

Résolu/Fermé
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 - 22 janv. 2008 à 21:41
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 16 févr. 2008 à 00:02
Bonjour à tous,

j'ai lu le topic où Herri avait le même problème que moi c'est à dire le virus msn qui dit "C'est toi?!". Du coup j'ai fais un SDFIx rapport que voici :

SDFix: Version 1.130

Run by dior on 22/01/2008 at 20:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\MARION~1\MESDOC~1\LOGICIEL\SDFix

Safe Mode:
Checking Services:

Name:
ldrsvc
runtime

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\System32\drivers\runtime.sys

ldrsvc - Deleted
runtime - Deleted



Infected ip6fw.sys Found!

ip6fw.sys File Locations:

"C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 05/08/2004 19:00
"C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 05/08/2004 19:00

Infected File Listed Below:

C:\WINDOWS\system32\drivers\ip6fw.sys

File copied to Backups Folder
Attempting to replace ip6fw.sys with original version...

Original ip6fw.sys Restored


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\-10025~1 - Deleted
C:\TUWWP.EXE - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\17PHolmes1148.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe.tmp - Deleted
C:\DOCUME~1\dior\LOCALS~1\Temp\services.exe - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 21:10:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000009a
"TracesSuccessful"=dword:00000003

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 52


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe"="C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot"
"C:\\Documents and Settings\\dior\\Local Settings\\Temporary Internet Files\\Content.IE5\\2QOBTNID\\incredimail_install[1].exe"="C:\\Documents and Settings\\dior\\Local Settings\\Temporary Internet Files\\Content.IE5\\2QOBTNID\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\dior\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\dior\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Disabled:edonkey2000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
"C:\\Program Files\\OrangeHSS\\Browser\\Browser.exe"="C:\\Program Files\\OrangeHSS\\Browser\\Browser.exe:*:Disabled:Browser"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\DOCUME~1\\dior\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\dior\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------
C:\Program Files\Helper\superfindout.dll Found

File Backups: - C:\DOCUME~1\MARION~1\MESDOC~1\LOGICIEL\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Jun 2006 218 A.SHR --- "C:\BOOT.BAK"
Sat 1 Apr 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sun 25 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 28 Jun 2001 1,679,360 A..H. --- "C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe"
Mon 26 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITED.tmp"
Tue 11 Sep 2007 62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Sat 14 Apr 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Tue 11 Sep 2007 62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007 29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Mon 22 Jan 2007 19,968 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0003.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3618.tmp"
Mon 22 Jan 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CV + LETTRE MOTIVATION\~WRL0001.tmp"
Sat 14 Apr 2007 25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007 24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007 21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007 20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007 23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007 61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"

Finished!


De plus, mon pare-feu se desactive tout seul, je le remets sans cesse. mais le pare feu qu'il m'indique je l'ai désinstallé (mal je pense) il y a un moment...

Help me please :)
A voir également:

159 réponses

Précédent
Réponse 121 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 févr. 2008 à 01:40
bon,

j´espere voir le rapport de kaspersky...

bonne nuit

@+
0
Réponse 122 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
5 févr. 2008 à 01:52
Concernant la 2ème manip' pour la connexion, la case que tu m'as demandé de cocher était déja cochée...

Je fais le scan et te le poste...

Bonne nuit
0
Réponse 123 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
5 févr. 2008 à 02:44
Alors là je n'y comprends rien ! J'ai attendu que le scan se termine et une fois fini : Pas de rapport... !! Ca me dit que j'ai 4 virus et 62 fichiers infectés et c'est tout...
0
Réponse 124 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 févr. 2008 à 17:08
salut helpmei34,

c´est encore tres embetant que tu ne puisse pas me montrer de rapport...

fais ceci :

nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

http://www.infosecu.fr/atf.html

telecharge le ici :

http://serveur1.archive-host.com/membres/up/1366464061/ATF-Cleaner.rar

puis avec celui ci :

->Clean Up 40:

http://pageperso.aol.fr/balltrap34/CleanUp40.exe

->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm

click sur option et décoche la case devant : delete prefect files

vide le manuellement :

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !

puis

Telecharge Winpfind3u.exe sur ton bureau :

-> http://sd-1.archive-host.com/membres/up/1366464061/winpfind3u.exe

Cré un dossier sur ton bureau appelé par exemple win.

Double click sur le fichier zip Winpfind3u.exe dans la petite boite qui va s´ouvrir click en haut sur extract to et choisie dans la liste deroulante ton dossier win. et appuie alors sur le bouton extract (a gauche).

Redemarre en mode sans echec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

Ouvre le dossier WinPFind3u et double click sur WinPFind3U.exe pour demarrer le programme

Réglages :

¤ Sous processus ¤

Coche la case : "Non-Microsoft"

¤ Sous win32 services ¤

Coche la case : "Non-Microsoft"

¤ Sous Driver Services group ¤

Coche la case : "Non-Microsoft"

¤ Sous Registry ¤

Coche la case : "Non-Microsoft"

¤ Sous Files/Folders Created Within ¤

COche la case : "30 days" et assure toi que la case "Non-Microsoft only" est bien cochée

¤ Sous Files/Folders Modified Within ¤

COche la case : "30 days" et assure toi que la case "Non-Microsoft only" est bien cochée

¤ Sous File String Search ¤

Coche la case : "Non-Microsoft"

Sur la partie de droite concernant les actions aditionelles au scan :

Décoche la case "Non-Microsoft only"

Et click sur le bouton "Select all"

Mintenant il est temps de scanner :

Appuie sur le boutont en haut a gauche "Run scan"

Le scan va alors demarrer, il va scanner un nombre important de fichiers alors dépendant du nombre de fichiers contenus dans ton pc, il sera plus ou moins long...

Laisse le travailler jusqu´au bout sans interruption.

Une fois le scan terminé, un rapport va s´afficher dans le bloc note, sauvegarde le de facon a le retrouver une fois avoir redemarré en mode normal.

Redemarre en mode normal et post le rapport ici
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 125 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
8 févr. 2008 à 02:24
Le rapport est extrement long... 74p....Je poste tout ici ?...
0
Réponse 126 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 févr. 2008 à 06:03
salut Helpmei34,

A vrai dire je voulais tester ce logiciel, mais j´ai du faire une erreure dans les reglages que je t´ai indiqués...

Je suis desolé pour la perte de temps occasionnée, mais comme tu l´as compris, 74 pages c´est beaucoups...

Tu peux supprimer Winpfind3u.exe et le rapport.

Regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

A pres avoir installé Antivir, fais un scan complet de ta machine avec les reglages que je t´ai stipulés si dessus et post le rapport ici

@+
0
Réponse 127 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
8 févr. 2008 à 11:07
Salut,

Il me semblait bien, c'était bizarre mais c'est pas grave :)


Quant à l'antivirus, j'ai déja essayé de le changer oour antivir car j'ai beaucoup entendu qu'il est bcp mieux que avast mais lorsque je l'intalle ca me dit qu'il est périmé... je vais réessayer avec ton lien...
0
Réponse 128 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
8 févr. 2008 à 12:39
Voici le rapport Antivir :



AntiVir PersonalEdition Classic
Report file date: 2008-02-08 11:33

Scanning for 1096091 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NOM-EB85C523610

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 10:21:27
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 10:21:27
ANTIVIR3.VDF : 7.0.2.109 354816 Bytes 2008-02-08 10:21:27
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-08 10:21:28
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-08 10:21:28
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 2008-02-08 11:33

Starting search for hidden objects.
'65506' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'Ares.exe' - '1' Module(s) have been scanned
Scan process 'PSFree.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
51 processes with 51 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\0174F6BA.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e331b1.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\07103065.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd31bb.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\08198692.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was deleted!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\09F0702A.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was deleted!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\0B023CE4.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dc31d4.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\0B575794.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was renamed to '0B575794.exe.VIR'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\10352F24.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47df31df.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\11AB551D.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ed31e1.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\169447C5.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e531e6.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\1709259E.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dc31e7.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\19C2CF95.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ef31ea.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\22C5711C.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ef31e3.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\24FB0BFD.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f231e5.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\252703B4.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47de31e6.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\2A4B097A.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e031f3.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\2B3E09BE.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47df31f4.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\4AA3FB0C.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ed31f3.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\4B99787E.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e531f5.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\5092188A.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e531e3.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\51BE177F.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ee31e5.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\54F5765D.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f231e8.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\56F88D2F.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f231eb.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\571C2DCC.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd31ec.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\5F2A63C4.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47de31fb.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\6689FBB0.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e431ec.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\691CB283.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd31ef.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\6BDC0936.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f031f8.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\6E2ABA76.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47de31fc.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\821D4C79.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd31e9.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\8E1A1C73.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd31fc.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\9DAB94F7.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ed31fc.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\9EF053E7.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f231fd.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\A421BFCC.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47de31ed.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\A5ADD5EC.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ed31ee.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\A8FD263C.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f231f1.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\AD0BC537.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dc31fe.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\B10BA732.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dc31eb.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\B200D6C8.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dc31ec.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\B9A9C96D.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ed31f4.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\BAD543EF.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f031fc.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\BEA7F9A5.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ed3200.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\C156C261.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e131ed.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\C2DC0F37.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f031ee.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\D06B2DFB.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e231ec.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\D3E408E0.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f131f0.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\DD134312.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd3201.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\ECB4AC39.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47ee3200.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\ECE18646.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f13200.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\ED3CC5DB.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47df3202.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\EFF67D8B.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47f23204.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\F0839843.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e431ef.qua'!
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\F44B6347.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '46409fc4.qua'!
C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD.rar
[0] Archive type: RAR
--> VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '481e330f.qua'!
C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma
[DETECTION] Is the Trojan horse TR/Wimad.A.Gen
[INFO] The file was moved to '480f333a.qua'!
C:\Program Files\TBONBin\tbon.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '481b3921.qua'!
C:\QooBox\Quarantine\catchme2008-01-31_170256.12.zip
[0] Archive type: ZIP
--> ztx86.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> astq.tga
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4820396d.qua'!
C:\QooBox\Quarantine\C\upaq.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '480d397d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\Temp\55303335.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47df3942.qua'!
C:\QooBox\Quarantine\C\WINDOWS\Temp\83446251.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47e03940.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP439\A0115671.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47dd3964.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120756.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47dd398d.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120803.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.Crw.1 Backdoor server programs
[INFO] The file was moved to '47dd398e.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP450\A0120966.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47dd3999.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP450\A0120967.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47dd399a.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP450\A0120968.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '4640a403.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122819.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39bd.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122820.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39be.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122821.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a427.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122822.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39b0.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122823.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39bf.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122824.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a458.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122825.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c1.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122826.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c0.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122827.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a459.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122828.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c2.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122829.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a45b.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122830.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a45a.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122831.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c3.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122832.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a45c.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122833.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c4.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122834.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a45d.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122835.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c6.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122836.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a45f.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122837.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c5.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122838.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a45e.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122839.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c7.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122840.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39f8.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122841.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a461.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122842.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39fa.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122843.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a450.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122844.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c9.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122845.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a452.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122846.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a463.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122847.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39fc.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122848.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a465.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122849.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39cb.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122850.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a454.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122851.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39cd.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122852.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a456.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122853.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39c8.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122854.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a451.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122855.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39ca.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122856.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39cf.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122857.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a448.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122858.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39d1.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122859.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a44a.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122860.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a453.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122861.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39cc.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122862.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a455.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122863.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39d3.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122864.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a44c.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122865.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39d5.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122866.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39ce.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122867.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a457.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122868.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '47dd39fe.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122869.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a467.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122870.exe
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '4640a44e.qua'!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122873.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47dd39d7.qua'!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: 2008-02-08 12:37
Used time: 1:04:03 min

The scan has been done completely.

8119 Scanning directories
359482 Files were scanned
116 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
2 files were deleted
0 files were repaired
115 files were moved to quarantine
1 files were renamed
2 Files cannot be scanned
359366 Files not concerned
13714 Archives were scanned
2 Warnings
25 Notes
65506 Objects were scanned with rootkit scan
0 Hidden objects were found

0
Réponse 129 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 févr. 2008 à 13:24
Re,

bon c´est pas mal du tout, en faite tout ou presque tout ce que antivir a détécté ce sont des fichiers soit dans la quarantaine des outils que nous avons utilisés ou soit les outils eux memes.

en realité voici les fichiers infectés :

C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD .rar
VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe
C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma
C:\Program Files\TBONBin\tbon.exe

Supprime ce programme -> C:\Program Files\TBONBin

Vide la quarantaine d´antivir.

Tu telecharge avec quoi comme programme p2p?

post un nouveau hijack this stp

@+
0
Réponse 130 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
8 févr. 2008 à 13:36
Re,

C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD .rar
VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe
C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma
C:\Program Files\TBONBin\tbon.exe

Je dois aller effacer ca ?

Mon p2p c'est ares mais je change souvent, j'ai aussi utorrent

Hitjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34, on 2008-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\PhotoFiltre.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
0
Réponse 131 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 févr. 2008 à 14:17
Re,

C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD .rar
VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe
C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma
C:\Program Files\TBONBin\tbon.exe

Je dois aller effacer ca ?

non.

Supprime ce programme -> C:\Program Files\TBONBin

Je ne connait pas ces programme de p2p mais vu ce que tu en recolte, c´est pas terrible!!!

car les fichiers au dessus trouvés par antivir proviennent de la bas...

je serait toi je ferais vraiment gaffe.

fais ceci :

appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.5.0_05 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03

puis

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"erreurs" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

puis un ultime scan :

j´aimerais que tu le fasse en mode sans echec

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

A.V.G : telecharge le programme avant d´aller en mode sans echec et mets le a jour

-> Télécharger AVG Anti-Spyware (ewido)

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

redemarre normalement et post le rapport ici stp

@+
0
Réponse 132 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
8 févr. 2008 à 20:17
vOICI LE RAPPORT

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:02 2008-02-08

+ Résultat de l'analyse:



:mozilla.123:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.174:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.175:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.176:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.177:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.180:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.97:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Adobe : Aucune action entreprise.
:mozilla.170:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.171:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.163:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.168:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.179:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.181:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.165:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.157:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
:mozilla.144:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.145:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.146:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.147:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.156:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.75:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.148:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.141:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.6:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Revenue : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Statistik-gallup : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Targetnet : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.57:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Trafic : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.
:mozilla.172:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.173:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.30:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS\temp\0B575794.exe.VIR -> Trojan.Agent.eeu : Aucune action entreprise.


Fin du rapport

0
Réponse 133 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 févr. 2008 à 20:29
re,

tu as supprimé tous ce que avg a trouvé? car la c´est mentionné "aucune action entreprise...

fais ceci :

refarde ce site / tutorial de Malekal pour mettre ta console java a jour, tu as la version jre1.5.0_05 et tu veux la version 1.6.0_03

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

click sur demarrer / executer tape sc stop FTRTSVC puis valide par ok

demarrer/ executer tape sc delete FTRTSVC puis valide par ok"

(respect les espaces )

a l´aide de hijack this coche et fix les lignes suivantes :
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe ( si toujour present )

puis

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

et en fin :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+
0
Réponse 134 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
10 févr. 2008 à 16:02
Salut,

Version Java ok

04 fixé mais pas le 023 car introuvable

Rapport TCleaner.txt

-->- Recherche:

C:\FixWareOut: trouvé !
C:\Combofix: trouvé !
C:\!Killbox: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\dior\Bureau\Dss.exe: trouvé !
C:\Documents and Settings\dior\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\dior\Bureau\FixWareout.exe: trouvé !
C:\Documents and Settings\dior\Bureau\KillBox.exe: trouvé !
C:\Documents and Settings\dior\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\dior\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp\tar.exe: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp\LFiles.exe: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp\gzip.exe: trouvé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\HijackThis.exe: trouvé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\WIN\Winpfind3u.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\dior\Bureau\Dss.exe: supprimé !
C:\Documents and Settings\dior\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\dior\Bureau\FixWareout.exe: supprimé !
C:\Documents and Settings\dior\Bureau\KillBox.exe: supprimé !
C:\Documents and Settings\dior\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\dior\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp\tar.exe: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp\LFiles.exe: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp\gzip.exe: supprimé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\HijackThis.exe: supprimé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\WIN\Winpfind3u.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\FixWareOut: supprimé !
C:\Combofix: supprimé !
C:\!Killbox: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Restauration annulée !
Corbeille vidée!
Fichiers temporaires nettoyés !
0
Réponse 135 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 févr. 2008 à 18:31
Salut,

Comment va ton pc?

@+
0
Réponse 136 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
10 févr. 2008 à 19:50
Il va bien. Sauf quelques problèmes de connexions ..

C'est fini, j'ai plus de virus ?!
0
Réponse 137 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 févr. 2008 à 23:16
Salut,

Pour moi c´est ok

c´est quels genre de problemes pour la connection ?

va faire un tour dans le journale des evenements et regarde si tu as des erreures ariivées au moment de tes problemes de connection.

https://www.pcastuces.com/pratique/windows/xp/default.htm

dis moi quoi

@+
0
Réponse 138 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
11 févr. 2008 à 11:14
Merci beaucoup en tout cas pour l'aide que tu m'as apporté ! C'est vraiment sympa d'avoir consacré du temps à m'aider !

Pour la connexion, j'ouvre un autre sujet ou pas ?
0
Réponse 139 / 159
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 févr. 2008 à 12:37
Salut,

De rien ;-)

Pour la connection tu as regardé dans le journal des evenements?

@+
0
Réponse 140 / 159
Helpmei34 Messages postés 125 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 9 mars 2009 1
11 févr. 2008 à 12:47
Oui mais comme je ne suis pas chez moi, je regarderai ce soir...

Je te tiens au courant
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
impossible de me connecter a msn hotmail
Regis -
marino_u -

4 réponses