Votre question

Virus TR/Crypt.ZPACK.Gen [trojan]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Juin 2010 12:56:03

Bonjour,


Depuis 2 jours j'ai énormément d'alerte virus de mon antivirus "antivir" avec ce nom la :
TR/Crypt.ZPACK.Gen [trojan] notamment dans ce dossier par exemple : C:\WINDOWS\system32\drivers\OLD47.tmp.

Et maintenant mon ordinateur rame comme c'est pas possible, le processeur est à 100% d'utilisation avec que je viens juste de l'allumer.

Merci de bien vouloir m'apporter quelques solutions,

Voici le rapport :

Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:36, on 23/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HerculesWiFiService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\Hercules\WiFiStationN\WiFiN.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files\PrtScr\PrtScr.exe /Tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Diinote.lnk = ?
O4 - Startup: siszpe32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WiFi Station N.lnk = C:\Program Files\Hercules\WiFiStationN\WiFiN.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AD245DC-9616-4AA1-AD17-41454883F14F}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HerculesWiFi - Guillemot Corporation - C:\WINDOWS\system32\HerculesWiFiService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\WINDOWS\system32\pr2ajbeb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10764 bytes


Autres pages sur : virus crypt zpack gen trojan

23 Juin 2010 14:58:19

Bonjour

1

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


2

Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    24 Juin 2010 07:52:06

    Bonjour,


    ca y est j'ai fait le premier rapport par contre le 2ème mon ordi ramé tellement (100% de processeur) que j'ai du le faire en mode dans echec :


    Citation :

    ComboFix 10-06-23.01 - gg 23/06/2010 20:09:20.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2406 [GMT 2:00]
    Lancé depuis: c:\documents and settings\gg\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\gg\Application Data\avdrn.dat
    c:\windows\system32\images
    c:\windows\system32\images\toolbar\calendar.gif
    c:\windows\system32\images\toolbar\crlogo.gif
    c:\windows\system32\images\toolbar\export.gif
    c:\windows\system32\images\toolbar\export_over.gif
    c:\windows\system32\images\toolbar\exportd.gif
    c:\windows\system32\images\toolbar\First.gif
    c:\windows\system32\images\toolbar\first_over.gif
    c:\windows\system32\images\toolbar\Firstd.gif
    c:\windows\system32\images\toolbar\gotopage.gif
    c:\windows\system32\images\toolbar\gotopage_over.gif
    c:\windows\system32\images\toolbar\gotopaged.gif
    c:\windows\system32\images\toolbar\grouptree.gif
    c:\windows\system32\images\toolbar\grouptree_over.gif
    c:\windows\system32\images\toolbar\grouptreed.gif
    c:\windows\system32\images\toolbar\grouptreepressed.gif
    c:\windows\system32\images\toolbar\Last.gif
    c:\windows\system32\images\toolbar\last_over.gif
    c:\windows\system32\images\toolbar\Lastd.gif
    c:\windows\system32\images\toolbar\Next.gif
    c:\windows\system32\images\toolbar\next_over.gif
    c:\windows\system32\images\toolbar\Nextd.gif
    c:\windows\system32\images\toolbar\Prev.gif
    c:\windows\system32\images\toolbar\prev_over.gif
    c:\windows\system32\images\toolbar\Prevd.gif
    c:\windows\system32\images\toolbar\print.gif
    c:\windows\system32\images\toolbar\print_over.gif
    c:\windows\system32\images\toolbar\printd.gif
    c:\windows\system32\images\toolbar\Refresh.gif
    c:\windows\system32\images\toolbar\refresh_over.gif
    c:\windows\system32\images\toolbar\refreshd.gif
    c:\windows\system32\images\toolbar\Search.gif
    c:\windows\system32\images\toolbar\search_over.gif
    c:\windows\system32\images\toolbar\searchd.gif
    c:\windows\system32\images\toolbar\up.gif
    c:\windows\system32\images\toolbar\up_over.gif
    c:\windows\system32\images\toolbar\upd.gif
    c:\windows\system32\images\tree\begindots.gif
    c:\windows\system32\images\tree\beginminus.gif
    c:\windows\system32\images\tree\beginplus.gif
    c:\windows\system32\images\tree\blank.gif
    c:\windows\system32\images\tree\blankdots.gif
    c:\windows\system32\images\tree\dots.gif
    c:\windows\system32\images\tree\lastdots.gif
    c:\windows\system32\images\tree\lastminus.gif
    c:\windows\system32\images\tree\lastplus.gif
    c:\windows\system32\images\tree\Magnify.gif
    c:\windows\system32\images\tree\minus.gif
    c:\windows\system32\images\tree\minusbox.gif
    c:\windows\system32\images\tree\plus.gif
    c:\windows\system32\images\tree\plusbox.gif
    c:\windows\system32\images\tree\singleminus.gif
    c:\windows\system32\images\tree\singleplus.gif

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-23 au 2010-06-23 ))))))))))))))))))))))))))))))))))))
    .

    2010-06-23 11:11 . 2010-06-23 11:07 72192 ----a-w- c:\windows\system32\tasklist.exe
    2010-06-22 11:47 . 2010-06-22 11:47 2238 ----a-r- c:\documents and settings\gg\Application Data\Microsoft\Installer\{886894A4-EA7B-498E-B5B8-8EDCDF9475F3}\_2E3C788AF8A84889051BA1.exe
    2010-06-22 11:23 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-06-22 11:23 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-06-22 11:22 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2010-06-22 11:22 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-06-22 11:21 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
    2010-06-22 11:21 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-06-22 11:21 . 2010-06-22 11:21 -------- d-----r- c:\documents and settings\LocalService\Favoris
    2010-06-17 17:09 . 2010-06-17 17:09 -------- d-----w- c:\documents and settings\gg\Local Settings\Application Data\zoug
    2010-06-17 16:32 . 2010-06-22 11:47 -------- d-----w- c:\program files\MediaCUB
    2010-06-10 22:27 . 2010-06-23 05:52 1447528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-06-10 19:52 . 2010-05-06 10:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-06 08:27 . 2010-06-06 08:27 -------- d-----w- c:\program files\PrtScr
    2010-06-05 18:51 . 2010-06-05 18:51 -------- d-----w- c:\program files\Comptes et Budget Free V6.0
    2010-06-05 18:51 . 2010-06-05 18:51 -------- d-----w- c:\documents and settings\gg\Application Data\AlauxSoft
    2010-06-05 06:55 . 2007-03-12 21:34 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-06-05 06:55 . 2007-03-12 21:34 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-06-05 06:55 . 2007-03-12 21:34 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-06-05 06:55 . 2010-06-06 08:10 -------- d-----w- c:\program files\TUGzip
    2010-06-05 06:55 . 2010-06-05 18:55 -------- d-----w- c:\documents and settings\gg\Application Data\OfferBox
    2010-06-03 22:09 . 2010-03-25 19:49 66048 ----a-w- c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
    2010-05-26 05:28 . 2010-05-26 05:28 503808 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1805b2cb-n\msvcp71.dll
    2010-05-26 05:28 . 2010-05-26 05:28 499712 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1805b2cb-n\jmc.dll
    2010-05-26 05:28 . 2010-05-26 05:28 348160 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1805b2cb-n\msvcr71.dll
    2010-05-26 05:28 . 2010-05-26 05:28 61440 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4189ef0b-n\decora-sse.dll
    2010-05-26 05:28 . 2010-05-26 05:28 12800 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4189ef0b-n\decora-d3d.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-23 05:35 . 2010-06-23 05:27 12 ----a-w- c:\documents and settings\LocalService\Application Data\qcopjv.dat
    2010-06-15 21:22 . 2008-03-27 18:24 -------- d-----w- c:\documents and settings\gg\Application Data\BitTorrent
    2010-06-15 21:22 . 2008-03-27 18:28 -------- d-----w- c:\documents and settings\gg\Application Data\uTorrent
    2010-06-13 11:12 . 2004-08-05 12:00 623984 ----a-w- c:\windows\system32\perfh00C.dat
    2010-06-13 11:12 . 2004-08-05 12:00 129450 ----a-w- c:\windows\system32\perfc00C.dat
    2010-06-06 08:20 . 2008-07-30 19:56 -------- d-----w- c:\program files\Bible
    2010-06-06 07:32 . 2009-03-21 10:31 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-02 09:31 . 2008-01-05 23:33 44944 ----a-w- c:\documents and settings\cam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-06 10:33 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-03 05:31 . 2007-12-28 22:00 -------- d-----w- c:\program files\Java
    2010-05-02 08:08 . 2004-08-05 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
    2010-04-23 05:23 . 2007-11-29 19:35 44944 ----a-w- c:\documents and settings\gg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-20 18:10 . 2009-11-30 13:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-20 13:08 . 2010-04-20 13:08 503808 ----a-w- c:\documents and settings\cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-428637cf-n\msvcp71.dll
    2010-04-20 13:08 . 2010-04-20 13:08 499712 ----a-w- c:\documents and settings\cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-428637cf-n\jmc.dll
    2010-04-20 13:08 . 2010-04-20 13:08 348160 ----a-w- c:\documents and settings\cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-428637cf-n\msvcr71.dll
    2010-04-20 13:08 . 2010-04-20 13:08 61440 ----a-w- c:\documents and settings\cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26f4856c-n\decora-sse.dll
    2010-04-20 13:08 . 2010-04-20 13:08 12800 ----a-w- c:\documents and settings\cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26f4856c-n\decora-d3d.dll
    2010-04-20 05:30 . 2004-08-05 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-13 07:02 . 2010-05-02 09:54 922400 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\JRERunOnce.exe
    2010-04-12 15:29 . 2010-05-03 05:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-01 05:10 . 2010-04-01 05:10 503808 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3237f2e5-n\msvcp71.dll
    2010-04-01 05:10 . 2010-04-01 05:10 499712 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3237f2e5-n\jmc.dll
    2010-04-01 05:10 . 2010-04-01 05:10 348160 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3237f2e5-n\msvcr71.dll
    2010-04-01 05:10 . 2010-04-01 05:10 61440 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66da688e-n\decora-sse.dll
    2010-04-01 05:10 . 2010-04-01 05:10 12800 ----a-w- c:\documents and settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66da688e-n\decora-d3d.dll
    2010-03-26 08:33 . 2010-05-14 16:46 1496064 ----a-w- c:\documents and settings\cam\Application Data\Mozilla\Firefox\Profiles\kqqe41o0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-03-26 08:33 . 2010-05-01 10:17 1496064 ----a-w- c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-03-26 08:33 . 2010-05-14 16:46 43008 ----a-w- c:\documents and settings\cam\Application Data\Mozilla\Firefox\Profiles\kqqe41o0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-03-26 08:33 . 2010-05-14 16:46 339456 ----a-w- c:\documents and settings\cam\Application Data\Mozilla\Firefox\Profiles\kqqe41o0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-03-26 08:33 . 2010-05-01 10:17 43008 ----a-w- c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-03-26 08:33 . 2010-05-01 10:17 339456 ----a-w- c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-03-26 08:32 . 2010-05-14 16:46 346112 ----a-w- c:\documents and settings\cam\Application Data\Mozilla\Firefox\Profiles\kqqe41o0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-03-26 08:32 . 2010-05-01 10:17 346112 ----a-w- c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2008-04-29 16:47 . 2008-04-29 16:46 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe
    2008-04-29 16:46 . 2008-04-29 16:45 4265560 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
    2008-04-29 16:45 . 2008-04-29 16:45 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
    2008-02-04 21:35 . 2008-02-04 21:35 594944 ----a-w- c:\program files\mozilla firefox\plugins\MannequinPlayer2.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
    "PrtScr by FireStarter"="c:\program files\PrtScr\PrtScr.exe" [2009-05-16 1700864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 1626112]
    "SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
    "SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
    "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
    "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-23 198160]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\gg\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-3 110592]
    Diinote.lnk - c:\program files\Diinote\Diinote.exe [2010-1-12 621568]
    siszpe32.exe [2008-4-14 37376]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-3 110592]
    WiFi Station N.lnk - c:\program files\Hercules\WiFiStationN\WiFiN.exe [2009-11-19 124200]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);c:\windows\system32\drivers\pe3ajbeb.sys [22/08/2007 18:31 64632]
    R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);c:\windows\system32\drivers\ps7ajbeb.sys [22/08/2007 18:30 68736]
    R2 HerculesWiFi;HerculesWiFi;c:\windows\system32\HerculesWiFiService.exe [19/11/2009 22:04 53544]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [16/11/2009 21:16 583552]
    S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [14/10/2005 02:45 199384]
    S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);c:\windows\system32\pr2ajbeb.exe svc --> c:\windows\system32\pr2ajbeb.exe svc [?]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [13/06/2005 06:57 31579]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [09/12/2005 10:36 2799808]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {1AD245DC-9616-4AA1-AD17-41454883F14F} = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - www.yahoo.fr
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
    FF - plugin: c:\documents and settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\documents and settings\gg\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npredoute.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
    MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    AddRemove-Fissa - c:\documents and settings\gg\Application Data\FissaSearch\FissaUninstaller.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-23 20:38
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\gg\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Heure de fin: 2010-06-23 20:47:20
    ComboFix-quarantined-files.txt 2010-06-23 18:46

    Avant-CF: 23 871 664 128 octets libres
    Après-CF: 24 405 344 256 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    - - End Of File - - FCC62BF96AA469B18D337ED4BEF1C570




    le 2ème :
    Citation :

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-24 07:33:40
    Windows 5.1.2600 Service Pack 3
    Running: gdp1ude4.exe; Driver: C:\DOCUME~1\gg\LOCALS~1\Temp\awrcqpog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .xreloc C:\WINDOWS\system32\drivers\ps7ajbeb.sys unknown last section [0xF74F5000, 0x9FA, 0x40000040]

    ---- EOF - GMER 1.0.15 ----


    Contenus similaires
    24 Juin 2010 09:56:33

    re
    tu utilises toujours le logiciel "L Ile Noyee" de micro application?

    +++++++++++++++++

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    c:\documents and settings\gg\Application Data\Microsoft\Installer\{886894A4-EA7B-498E-B5B8-8EDCDF9475F3}\_2E3C788AF8A84889051BA1.exe
    c:\documents and settings\LocalService\Application Data\qcopjv.dat
    c:\documents and settings\gg\Menu Démarrer\Programmes\Démarrage\siszpe32.exe



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    +++++++++++++++++++


    refais un scan avec antivir et poste le rapport stp


    24 Juin 2010 14:43:29

    Est ce que cela gène si je le fait en mode dans echec ? Car la il a trop du mal mon ordinateur rame trop, rien que pour le démarrage il met 10 - 15 minutes à tout chargé.

    Pour l'ile noyé j'en ai plus besoin je l'ai désinstallé.
    24 Juin 2010 15:36:28

    re
    pas de souci, tu peux le faire en mode sans echec, comme suit et pas autrement:
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    24 Juin 2010 20:40:25

    En tout cas je voulais te remercié pour le temps que tu prends et l'aide que tu m'apporte :) 


    Voila le premier rapport combo fix:

    Citation :


    ComboFix 10-06-23.03 - gg 24/06/2010 12:59:58.2.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2419 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\gg\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\gg\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\documents and settings\gg\Application Data\Microsoft\Installer\{886894A4-EA7B-498E-B5B8-8EDCDF9475F3}\_2E3C788AF8A84889051BA1.exe"
    "c:\documents and settings\gg\Menu Démarrer\Programmes\Démarrage\siszpe32.exe"
    "c:\documents and settings\LocalService\Application Data\qcopjv.dat"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\gg\Application Data\Microsoft\Installer\{886894A4-EA7B-498E-B5B8-8EDCDF9475F3}\_2E3C788AF8A84889051BA1.exe
    c:\documents and settings\gg\Menu Démarrer\Programmes\Démarrage\siszpe32.exe
    c:\documents and settings\LocalService\Application Data\qcopjv.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-24 au 2010-06-24 ))))))))))))))))))))))))))))))))))))
    .

    2010-06-23 11:11:32 . 2010-06-23 11:07:53 72192 ----a-w- C:\WINDOWS\system32\tasklist.exe
    2010-06-22 11:23:07 . 2008-04-13 18:40:26 34688 -c--a-w- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
    2010-06-22 11:23:07 . 2008-04-13 18:40:26 34688 ----a-w- C:\WINDOWS\system32\drivers\lbrtfdc.sys
    2010-06-22 11:22:26 . 2008-04-13 18:41:22 8576 -c--a-w- C:\WINDOWS\system32\dllcache\i2omgmt.sys
    2010-06-22 11:22:26 . 2008-04-13 18:41:22 8576 ----a-w- C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010-06-22 11:21:58 . 2008-04-13 18:40:58 8192 -c--a-w- C:\WINDOWS\system32\dllcache\changer.sys
    2010-06-22 11:21:58 . 2008-04-13 18:40:58 8192 ----a-w- C:\WINDOWS\system32\drivers\changer.sys
    2010-06-22 11:21:37 . 2010-06-22 11:21:37 -------- d-----r- C:\Documents and Settings\LocalService\Favoris
    2010-06-17 17:09:13 . 2010-06-17 17:09:13 -------- d-----w- C:\Documents and Settings\gg\Local Settings\Application Data\zoug
    2010-06-17 16:32:21 . 2010-06-22 11:47:26 -------- d-----w- C:\Program Files\MediaCUB
    2010-06-10 22:27:37 . 2010-06-24 11:23:54 1447528 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-06-10 19:52:56 . 2010-05-06 10:33:33 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll
    2010-06-06 08:27:24 . 2010-06-06 08:27:25 -------- d-----w- C:\Program Files\PrtScr
    2010-06-05 18:51:14 . 2010-06-05 18:51:16 -------- d-----w- C:\Program Files\Comptes et Budget Free V6.0
    2010-06-05 18:51:14 . 2010-06-05 18:51:14 -------- d-----w- C:\Documents and Settings\gg\Application Data\AlauxSoft
    2010-06-05 06:55:42 . 2007-03-12 21:34:18 77312 ----a-w- C:\WINDOWS\system32\ztvunace26.dll
    2010-06-05 06:55:42 . 2007-03-12 21:34:16 69632 ----a-w- C:\WINDOWS\system32\ztvcabinet.dll
    2010-06-05 06:55:41 . 2007-03-12 21:34:20 162304 ----a-w- C:\WINDOWS\system32\ztvunrar36.dll
    2010-06-05 06:55:34 . 2010-06-06 08:10:07 -------- d-----w- C:\Program Files\TUGzip
    2010-06-05 06:55:08 . 2010-06-05 18:55:02 -------- d-----w- C:\Documents and Settings\gg\Application Data\OfferBox

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-22 15:00:02 . 2010-06-24 05:44:00 1496064 ----a-w- C:\Documents and Settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-06-22 14:59:48 . 2010-06-24 05:44:03 43008 ----a-w- C:\Documents and Settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-06-22 14:59:48 . 2010-06-24 05:44:02 339456 ----a-w- C:\Documents and Settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-06-22 14:59:32 . 2010-06-24 05:44:01 346112 ----a-w- C:\Documents and Settings\gg\Application Data\Mozilla\Firefox\Profiles\ysd87l1q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-06-15 21:22:07 . 2008-03-27 18:24:23 -------- d-----w- C:\Documents and Settings\gg\Application Data\BitTorrent
    2010-06-15 21:22:03 . 2008-03-27 18:28:57 -------- d-----w- C:\Documents and Settings\gg\Application Data\uTorrent
    2010-06-13 11:12:12 . 2004-08-05 12:00:00 623984 ----a-w- C:\WINDOWS\system32\perfh00C.dat
    2010-06-13 11:12:12 . 2004-08-05 12:00:00 129450 ----a-w- C:\WINDOWS\system32\perfc00C.dat
    2010-06-06 08:20:56 . 2008-07-30 19:56:35 -------- d-----w- C:\Program Files\Bible
    2010-06-06 07:32:23 . 2009-03-21 10:31:32 -------- d-----w- C:\Program Files\Microsoft Silverlight
    2010-06-02 09:31:35 . 2008-01-05 23:33:28 44944 ----a-w- C:\Documents and Settings\Cam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-26 05:28:06 . 2010-05-26 05:28:06 503808 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1805b2cb-n\msvcp71.dll
    2010-05-26 05:28:06 . 2010-05-26 05:28:06 499712 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1805b2cb-n\jmc.dll
    2010-05-26 05:28:06 . 2010-05-26 05:28:06 348160 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1805b2cb-n\msvcr71.dll
    2010-05-26 05:28:03 . 2010-05-26 05:28:03 61440 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4189ef0b-n\decora-sse.dll
    2010-05-26 05:28:03 . 2010-05-26 05:28:03 12800 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4189ef0b-n\decora-d3d.dll
    2010-05-06 10:33:44 . 2004-08-05 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-05-03 05:31:06 . 2007-12-28 22:00:18 -------- d-----w- C:\Program Files\Java
    2010-05-02 08:08:14 . 2004-08-05 12:00:00 1851392 ----a-w- C:\WINDOWS\system32\win32k.sys
    2010-04-23 05:23:50 . 2007-11-29 19:35:35 44944 ----a-w- C:\Documents and Settings\gg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-20 18:10:18 . 2009-11-30 13:28:47 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
    2010-04-20 13:08:17 . 2010-04-20 13:08:17 503808 ----a-w- C:\Documents and Settings\Cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-428637cf-n\msvcp71.dll
    2010-04-20 13:08:17 . 2010-04-20 13:08:17 499712 ----a-w- C:\Documents and Settings\Cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-428637cf-n\jmc.dll
    2010-04-20 13:08:17 . 2010-04-20 13:08:17 348160 ----a-w- C:\Documents and Settings\Cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-428637cf-n\msvcr71.dll
    2010-04-20 13:08:14 . 2010-04-20 13:08:14 61440 ----a-w- C:\Documents and Settings\Cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26f4856c-n\decora-sse.dll
    2010-04-20 13:08:14 . 2010-04-20 13:08:14 12800 ----a-w- C:\Documents and Settings\Cam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-26f4856c-n\decora-d3d.dll
    2010-04-20 05:30:54 . 2004-08-05 12:00:00 285696 ----a-w- C:\WINDOWS\system32\atmfd.dll
    2010-04-13 07:02:03 . 2010-05-02 09:54:34 922400 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\JRERunOnce.exe
    2010-04-12 15:29:19 . 2010-05-03 05:31:12 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll
    2010-04-01 05:10:52 . 2010-04-01 05:10:52 503808 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3237f2e5-n\msvcp71.dll
    2010-04-01 05:10:52 . 2010-04-01 05:10:52 499712 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3237f2e5-n\jmc.dll
    2010-04-01 05:10:52 . 2010-04-01 05:10:52 348160 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3237f2e5-n\msvcr71.dll
    2010-04-01 05:10:49 . 2010-04-01 05:10:49 61440 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66da688e-n\decora-sse.dll
    2010-04-01 05:10:49 . 2010-04-01 05:10:49 12800 ----a-w- C:\Documents and Settings\gg\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66da688e-n\decora-d3d.dll
    2008-04-29 16:47:09 . 2008-04-29 16:46:40 2725048 ----a-w- C:\Program Files\FLV PlayerFCSetup.exe
    2008-04-29 16:46:29 . 2008-04-29 16:45:43 4265560 ----a-w- C:\Program Files\FLV PlayerRCATSetup.exe
    2008-04-29 16:45:16 . 2008-04-29 16:45:10 411248 ----a-w- C:\Program Files\FLV PlayerRCSetup.exe
    2008-02-04 21:35:18 . 2008-02-04 21:35:07 594944 ----a-w- C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll
    .



    Et le rapport Antivir qui m'a d'ailleurs détecté des virus :
    Citation :



    Avira AntiVir Personal
    Report file date: jeudi 24 juin 2010 18:51

    Scanning for 2234139 virus strains and unwanted programs.

    Licensed to: Avira AntiVir Personal - FREE Antivirus
    Serial number: 0000149996-ADJIE-0000001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Save mode
    Username: gg
    Computer name: B_ggCAM

    Version information:
    BUILD.DAT : 8.2.0.354 17048 Bytes 23/10/2009 13:15:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 18:11:59
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 20:21:52
    LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 20:21:52
    LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 20:21:52
    ANTIVIR0.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:00:17
    ANTIVIR1.VDF : 7.10.7.224 11894128 Bytes 02/06/2010 05:45:24
    ANTIVIR2.VDF : 7.10.8.149 720800 Bytes 21/06/2010 10:37:51
    ANTIVIR3.VDF : 7.10.8.151 56320 Bytes 22/06/2010 10:37:51
    Engineversion : 8.2.2.6
    AEVDF.DLL : 8.1.2.0 106868 Bytes 24/04/2010 06:34:23
    AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 03/06/2010 05:45:59
    AESCN.DLL : 8.1.6.1 127347 Bytes 13/05/2010 16:04:10
    AESBX.DLL : 8.1.3.1 254324 Bytes 24/04/2010 06:34:20
    AERDL.DLL : 8.1.4.6 541043 Bytes 16/04/2010 05:17:04
    AEPACK.DLL : 8.2.1.1 426358 Bytes 20/03/2010 17:50:12
    AEOFFICE.DLL : 8.1.1.0 201081 Bytes 13/05/2010 16:04:09
    AEHEUR.DLL : 8.1.1.33 2724214 Bytes 05/06/2010 06:27:26
    AEHELP.DLL : 8.1.11.5 242038 Bytes 03/06/2010 05:45:33
    AEGEN.DLL : 8.1.3.10 377205 Bytes 03/06/2010 05:45:30
    AEEMU.DLL : 8.1.2.0 393588 Bytes 24/04/2010 06:34:19
    AECORE.DLL : 8.1.15.3 192886 Bytes 13/05/2010 16:04:06
    AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 06:34:18
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 20:21:52
    AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 20:21:52
    AVREP.DLL : 8.0.0.7 159784 Bytes 17/02/2010 11:33:21
    AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 20:21:52
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 20:21:52
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 20:21:53
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 20:21:50
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 20:21:50

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 24 juin 2010 18:51

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '66' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Qoobox\Quarantine\C\Documents and Settings\gg\Menu Démarrer\Programmes\Démarrage\siszpe32.exe.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP714\A0067519.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067570.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067571.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067572.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067573.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067574.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067575.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067576.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067578.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067579.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067580.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067581.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP716\A0070894.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was deleted!
    Begin scan in 'D:\'
    D:\Sauvegarde jon 2007-11-29\Bureau\Install_MSN_Messenger.EXE
    [0] Archive type: RSRC
    --> Object
    [1] Archive type: CAB (Microsoft)
    --> bootstrap.exe
    [WARNING] No further files can be extracted from this archive. The archive will be closed


    End of the scan: jeudi 24 juin 2010 20:33
    Used time: 1:42:19 Hour(s)

    The scan has been done completely.

    21487 Scanning directories
    1002471 Files were scanned
    14 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    14 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    1002456 Files not concerned
    5135 Archives were scanned
    2 Warnings
    14 Notes




    24 Juin 2010 22:34:01

    re
    antivir t'a détecté des virus dans la quarantaine de combofix :

    Citation :
    C:\Qoobox\Quarantine\C\Documents and Settings\gg\Menu Démarrer\Programmes\Démarrage\siszpe32.exe.vir

    et dans la restauration de windows. 'ce sont des fichiers que nous avons déjà supprimé)
    Citation :
    C:\System Volume Information\_restore{0340A0BE-4D00-46D3-ABF2-667EDB9274F4}\RP715\A0067579.sys
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan


    autant dire des queues de cerises :lol: 
    ++++

    comment se comporte ton pc?

    25 Juin 2010 07:45:59

    Des queus de cerises lol c'est à dire ?

    Sinon la depuis la dernière manipulation mon pc se comporte beaucoup mieux, mais je viens juste de l'allumer donc j'attends de voir plus longtemps merci en tout cas.
    25 Juin 2010 21:48:41

    re
    Des queues de cerises, ça veut dire que ce ne sont que des petites alertes inoffensives que l'on résout en fin de désinfection:
    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    ~Désactive puis réactive la restauration en suivant ce tuto:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
    Il faudra désactiver la restauration, redémarrer l'ordinateur et réactiver aussitôt la restauration.

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Edite ton premier message et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS