A voir également:
- Comment supprimer TR/Crypt.XPACK.Gen - Trojan
- Comment supprimer une page sur word - Guide
- Supprimer compte instagram - Guide
- Comment supprimer bing - Guide
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Supprimer edge - Guide
1 réponse
rislou71
Messages postés
1484
Date d'inscription
mercredi 24 octobre 2007
Statut
Membre
Dernière intervention
26 août 2009
96
12 nov. 2008 à 12:39
12 nov. 2008 à 12:39
salut !
commence par faire un scan online sur https://www.bitdefender.fr/ et poste le rapport...
on verra par la suite
a tte :)
commence par faire un scan online sur https://www.bitdefender.fr/ et poste le rapport...
on verra par la suite
a tte :)
12 nov. 2008 à 13:26
et j'ai eu ce rapport à la fin:
ComboFix 08-11-11.01 - Yosr 2008-11-12 12:45:46.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.216.1036.18.96 [GMT 1:00]
Running from: c:\documents and settings\Yosr\Bureau\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Yosr\Application Data\AntispywareBot
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 09_16_51 AM_140.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 09_25_17 AM_671.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 09_26_16 AM_703.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 09_28_45 AM_046.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 09_34_35 AM_218.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 09_35_36 AM_125.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 09_45_22 AM_234.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 11_08_08 AM_546.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\Log\2008 May 11 - 11_08_53 AM_546.log
c:\documents and settings\Yosr\Application Data\AntispywareBot\rs.dat
c:\documents and settings\Yosr\Application Data\AntispywareBot\Settings\ScanResults.pie
c:\documents and settings\Yosr\Application Data\smss.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]005E73B.urr
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]0098BE8.urr
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00BCE85.dat
c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\windows\system32\amvo1.dll
c:\windows\system32\dao350.dll
c:\windows\system32\mdm.exe
c:\windows\Tasks.\AntiSpywareBot Scheduled Scan.job
.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.
2008-11-12 12:17 . 2008-11-12 12:17 <REP> d-------- c:\program files\Trend Micro
2008-10-12 11:57 . 2008-10-12 15:37 <REP> d-------- c:\windows\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 19:03 3,381,692 ----a-w c:\windows\galele5.scr
2008-05-10 11:50 377,344 ----a-w c:\documents and settings\Yosr\Application Data\svchost.exe
2008-05-10 11:50 377,344 ----a-w c:\documents and settings\Yosr\Application Data\lsass.exe
2006-05-20 14:06 44,032 --sha-w c:\program files\Thumbs.db
2005-10-27 14:34 17,679,890 ------w c:\program files\inst-BtkaPro.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-12 2084480]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NuTCSetupEnviron"="c:\program files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe" [2002-04-25 16384]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-03-02 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-22 185896]
"VMSnap3"="c:\windows\Paizhao.EXE" [2007-01-09 49152]
"Domino"="c:\windows\Recovery.EXE" [2007-01-09 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-06 106560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R2 NuTCRACKERService;NuTCRACKERService;c:\windows\System32\nutsrv4.exe [2002-04-25 277272]
S3 DirectPort;DirectPort;c:\windows\System32\Drivers\DirectPort.sys [2006-10-02 4946]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2006-04-25 428160]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ef5043c-b6ae-11db-bd30-000d87080b7d}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90f83ea0-5f2c-11da-bc2a-000d87080b7d}]
\Shell\AutoRun\command - g83816.com
\Shell\explore\Command - g83816.com
\Shell\open\Command - g83816.com
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-FrameWorkService - (no file)
HKLM-Run-Wah - c:\program files\Common Files\Mdn2.exe
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-FrameWorkService - (no file)
Notify-NavLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Yosr\Application Data\Mozilla\Firefox\Profiles\7v0qxxfr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 12:49:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
c:\docume~1\Yosr\LOCALS~1\Temp\RGI41.tmp
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-11-12 12:55:43
ComboFix-quarantined-files.txt 2008-11-12 11:55:40
Pre-Run: 8 460 005 376 octets libres
Post-Run: 8,756,506,624 octets libres
149 --- E O F --- 2008-11-08 00:07:00