Votre question

infection d'un virus

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Décembre 2007 16:12:03

Bonjour,

J'ai des probléme avec mon pc, il s'éteint tout seule et des fenétre internet souvre toute seule. Pouve m'aidez? ci joint le rapport HijackThis.

Merci d'avance pour votre aide


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:15, on 24/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\XP\System32\smss.exe
C:\WINDOWS\XP\system32\winlogon.exe
C:\WINDOWS\XP\system32\services.exe
C:\WINDOWS\XP\system32\lsass.exe
C:\WINDOWS\XP\system32\svchost.exe
C:\WINDOWS\XP\System32\svchost.exe
C:\WINDOWS\XP\Explorer.EXE
C:\WINDOWS\XP\system32\spoolsv.exe
C:\WINDOWS\XP\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\XP\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Services en ligne\mexeji77798.exe
C:\WINDOWS\XP\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\XP\System32\RUNDLL32.EXE
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\Microsoft\Windows\duiap.exe
C:\WINDOWS\XP\System32\DOBE~1\fast.exe
C:\WINDOWS\XP\?icrosoft.NET\m?iexec.exe
C:\Program Files\Router\Router.exe
C:\WINDOWS\XP\ntfyapp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\XP\System32\nvsvc32.exe
C:\WINDOWS\XP\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\XP\System32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NICO~1.NIC\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C68BA111-60FA-1778-892D-3BE600855CB7} - C:\WINDOWS\XP\System32\yivas.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\XP\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\XP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\XP\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\XP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\XP\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\XP\TEMP\E_SB7.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\XP\svchost.exe
O4 - HKLM\..\Run: [mexeji] C:\Program Files\Services en ligne\mexeji77798.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\XP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\XP\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\Microsoft\Windows\duiap.exe
O4 - HKCU\..\Run: [Abwc] "C:\WINDOWS\XP\System32\DOBE~1\fast.exe" -vt yazb
O4 - HKCU\..\Run: [Yqcf] C:\WINDOWS\XP\?icrosoft.NET\m?iexec.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\XP\ntfyapp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\XP\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\XP\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\XP\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\XP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5e6b04d986064e6c988a4bfbb5cfbf78
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5e6b04d986064e6c988a4bfbb5cfbf78
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\XP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\XP\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\XP\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\rtele.html

Autres pages sur : infection virus

25 Décembre 2007 02:49:03

Bonsoir , tu es très infecté !

Pas de SP2 , ni même de SP1 ... = INFECTION ! ton Windows est légal ?

Télécharge ComboFix <- ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape 1 puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Un rapport est généré , Copie / Colle le dans ta réponse
Tu peux aussi trouver ce rapport ici : C:\Combofix.txt
25 Décembre 2007 03:59:07

Bonsoir Eric : Quelle heure pour prendre un sujet :lol:  :lol:  Je m'en vais :) 
Contenus similaires
25 Décembre 2007 14:38:39

Salut

Non mon window n'est pas légal.

ci joint mon rapport:


ComboFix 07-12-21.4 - nico 2007-12-25 14:08:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.152 [GMT 1:00]
Running from: C:\Documents and Settings\nico.NICO-JA15Z54OX3\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\WinTouch\_install.exe
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\nico\Application Data\MessengerSkinner
C:\Documents and Settings\nico\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\nico\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\nico\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\nico\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.lnk
C:\Documents and Settings\nico\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.lnk
C:\Documents and Settings\nico\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\nico\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
C:\Program Files\ComPlus Applications\rtele.html
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\_install.exe
C:\Program Files\messengerskinner\Conditions générales.url
C:\Program Files\messengerskinner\Confidentialité.url
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\messengerskinner\Website.url
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\XP\icroso~1.net
C:\WINDOWS\XP\icroso~1.net\m?iexec.exe
C:\WINDOWS\XP\system32\6_exception.nls
C:\WINDOWS\XP\system32\dobe~1
C:\WINDOWS\XP\system32\dobe~1\?dobe\
C:\WINDOWS\XP\system32\dobe~1\fast.exe
C:\WINDOWS\XP\system32\drivers\CGVK67.sys
C:\WINDOWS\XP\system32\drivers\secdrv.sys
C:\WINDOWS\XP\system32\drivers\symavc32.sys
C:\WINDOWS\XP\system32\shift.exe.exe
C:\WINDOWS\XP\system32\svcp.csv
C:\WINDOWS\XP\system32\wcpsvtr32.exe
C:\WINDOWS\XP\system32\winsub.xml
C:\WINDOWS\XP\system32\yivas.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CGVK67
-------\LEGACY_RUNTIME


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))))))))
.

2007-12-25 11:21 . 2001-08-23 17:47 19,456 --a------ C:\WINDOWS\XP\system32\hidserv.dll
2007-12-25 11:21 . 2001-08-23 17:47 19,456 --a--c--- C:\WINDOWS\XP\system32\dllcache\hidserv.dll
2007-12-25 11:21 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\XP\system32\drivers\hidusb.sys
2007-12-25 11:21 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\XP\system32\dllcache\hidusb.sys
2007-12-24 00:23 . 2007-12-25 14:16 21,760 --a------ C:\WINDOWS\XP\Ins61.sys
2007-12-22 14:07 . 2007-12-22 13:38 129,536 --a--c--- C:\WINDOWS\XP\system32\dllcache\_install.exe
2007-12-22 14:07 . 2007-12-22 13:38 129,536 --a------ C:\WINDOWS\XP\system32\_install.exe
2007-12-22 14:06 . 2007-12-22 13:38 129,536 --a------ C:\WINDOWS\XP\_install.exe
2007-12-22 13:40 . 2007-12-22 13:40 29 --a------ C:\WINDOWS\XP\system32\etysoghw.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\34.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\33.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\32.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\31.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\30.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\2F.tmp
2007-12-22 13:39 . 2007-12-25 14:08 38,814 --a------ C:\WINDOWS\XP\ntfyapp.config
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2E.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2D.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2C.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2B.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2A.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\29.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\28.tmp
2007-12-16 14:37 . 2007-12-22 14:05 <REP> d-------- C:\Program Files\Toolbar Uninstaller
2007-12-16 14:18 . 2007-12-16 14:18 <REP> d-------- C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\Yahoo!
2007-12-16 13:25 . 2007-12-22 14:04 <REP> d-------- C:\Program Files\Router

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 13:05 --------- d-----w C:\Program Files\XviD
2007-12-22 13:05 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-22 13:05 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-22 13:05 --------- d-----w C:\Program Files\Tsunami_Filter_Pack_Mini
2007-12-22 13:05 --------- d-----w C:\Program Files\StuffPlug3
2007-12-22 13:05 --------- d-----w C:\Program Files\Services en ligne
2007-12-22 13:04 --------- d-----w C:\Program Files\SecondLife
2007-12-22 13:04 --------- d-----w C:\Program Files\QuickTime
2007-12-22 13:04 --------- d-----w C:\Program Files\NimoCodec Pack
2007-12-22 13:04 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 13:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-22 13:03 --------- d-----w C:\Program Files\GordianKnot
2007-12-22 13:02 --------- d-----w C:\Program Files\DivXCodec
2007-12-22 13:02 --------- d-----w C:\Program Files\DivX_311alpha
2007-12-22 13:02 --------- d-----w C:\Program Files\DivX
2007-12-22 13:02 --------- d-----w C:\Program Files\D-Tools
2007-12-22 13:02 --------- d-----w C:\Program Files\BarreConfCMCIC
2007-12-22 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-12-22 12:38 21,760 ----a-w C:\WINDOWS\XP\system32\drivers\Ins61.sys
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\PCHEALTH\UploadLB\Binaries\_install.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\PCHEALTH\HELPCTR\Binaries\_install.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\ntfyapp.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\inf\_install.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\Help\Tours\mmTour\_install.exe
2007-12-16 13:38 --------- d-----w C:\Program Files\Yahoo!
2007-12-16 12:15 44,032 ----a-w C:\WINDOWS\XP\system32\ftp.exe
2007-12-16 12:15 10 ----a-w C:\Program Files\.autoreg
2007-11-11 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 19:14 --------- d-----w C:\Program Files\Veoh Networks
2007-11-08 21:07 --------- d-----w C:\Documents and Settings\All Users.XP\Application Data\InstallShield
2007-11-08 21:06 --------- d-----w C:\Documents and Settings\All Users.XP\Application Data\UDL
2007-11-08 21:03 --------- d-----w C:\Program Files\epson
2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-06-08 07:02 2,048 ----a-w C:\Program Files\func.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\ctfmon.exe" [2001-08-28 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\XP\system32\rundll32.exe]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 13:22]
"Abwc"="C:\WINDOWS\XP\System32\DOBE~1\fast.exe" []
"Yqcf"="C:\WINDOWS\XP\?icrosoft.NET\m?iexec.exe" []
"Router"="C:\Program Files\Router\Router.exe" [2007-12-16 13:25]
"ntfyapp"="C:\WINDOWS\XP\ntfyapp.exe" [2007-12-22 13:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\XP\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\XP\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"LVCOMSX"="C:\WINDOWS\XP\System32\LVCOMSX.EXE" [2004-05-21 18:11]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03]
"NeroCheck"="C:\WINDOWS\XP\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-23 21:25]
"svchost.exe"="C:\WINDOWS\XP\svchost.exe" []
"mexeji"="C:\Program Files\Services en ligne\mexeji77798.exe" [2007-08-07 21:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\CTFMON.EXE" [2001-08-28 13:00]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\ComPlus Applications\rtele.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ins61.sys]
@="Driver"

R0 Ins61;Ins61;C:\WINDOWS\XP\System32\Drivers\Ins61.sys [2007-12-22 13:38]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\XP\System32\DRIVERS\SI3112r.sys [2005-11-10 16:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-25 12:29:00 C:\WINDOWS\XP\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 14:18:28
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25 14:19:24 - machine was rebooted
25 Décembre 2007 23:22:01

Re ,

il à fait un gros ménage

Repasse un coup de Combofix
28 Décembre 2007 20:43:41

Bonsoir

j'ai repassé un coup de combofix, mais j'ai tjrs des problemes avec internet IEXPLORER. exe en majuscule qui monte à 90 000 ko il s'ouvre deux fois méme parfois en plus de iexplorer.exe en minuscule.
Pouvez vous m'aider pour ce probléme. Quel est le meilleur anti virus gratuit?

Merci pour votre aide

ComboFix 07-12-21.4 - nico 2007-12-26 12:56:20.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.239 [GMT 1:00]
Running from: C:\Documents and Settings\nico.NICO-JA15Z54OX3\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ComPlus Applications\rtele.html
C:\WINDOWS\XP\system32\0_exception.nls

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))))))))
.

2007-12-25 11:21 . 2001-08-23 17:47 19,456 --a------ C:\WINDOWS\XP\system32\hidserv.dll
2007-12-25 11:21 . 2001-08-23 17:47 19,456 --a--c--- C:\WINDOWS\XP\system32\dllcache\hidserv.dll
2007-12-25 11:21 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\XP\system32\drivers\hidusb.sys
2007-12-25 11:21 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\XP\system32\dllcache\hidusb.sys
2007-12-24 00:23 . 2007-12-25 23:12 21,760 --a------ C:\WINDOWS\XP\Ins61.sys
2007-12-22 14:07 . 2007-12-22 13:38 129,536 --a--c--- C:\WINDOWS\XP\system32\dllcache\_install.exe
2007-12-22 14:07 . 2007-12-22 13:38 129,536 --a------ C:\WINDOWS\XP\system32\_install.exe
2007-12-22 14:06 . 2007-12-22 13:38 129,536 --a------ C:\WINDOWS\XP\_install.exe
2007-12-22 13:40 . 2007-12-22 13:40 29 --a------ C:\WINDOWS\XP\system32\etysoghw.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\34.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\33.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\32.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\31.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\30.tmp
2007-12-22 13:40 . 2007-12-22 13:40 0 --a------ C:\2F.tmp
2007-12-22 13:39 . 2007-12-26 12:56 35,482 --a------ C:\WINDOWS\XP\ntfyapp.config
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2E.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2D.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2C.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2B.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\2A.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\29.tmp
2007-12-22 13:39 . 2007-12-22 13:39 0 --a------ C:\28.tmp
2007-12-16 14:37 . 2007-12-22 14:05 <REP> d-------- C:\Program Files\Toolbar Uninstaller
2007-12-16 14:18 . 2007-12-16 14:18 <REP> d-------- C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\Yahoo!
2007-12-16 13:25 . 2007-12-22 14:04 <REP> d-------- C:\Program Files\Router

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 13:05 --------- d-----w C:\Program Files\XviD
2007-12-22 13:05 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-22 13:05 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-22 13:05 --------- d-----w C:\Program Files\Tsunami_Filter_Pack_Mini
2007-12-22 13:05 --------- d-----w C:\Program Files\StuffPlug3
2007-12-22 13:05 --------- d-----w C:\Program Files\Services en ligne
2007-12-22 13:04 --------- d-----w C:\Program Files\SecondLife
2007-12-22 13:04 --------- d-----w C:\Program Files\QuickTime
2007-12-22 13:04 --------- d-----w C:\Program Files\NimoCodec Pack
2007-12-22 13:04 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 13:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-22 13:03 --------- d-----w C:\Program Files\GordianKnot
2007-12-22 13:02 --------- d-----w C:\Program Files\DivXCodec
2007-12-22 13:02 --------- d-----w C:\Program Files\DivX_311alpha
2007-12-22 13:02 --------- d-----w C:\Program Files\DivX
2007-12-22 13:02 --------- d-----w C:\Program Files\D-Tools
2007-12-22 13:02 --------- d-----w C:\Program Files\BarreConfCMCIC
2007-12-22 12:55 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-12-22 12:38 21,760 ----a-w C:\WINDOWS\XP\system32\drivers\Ins61.sys
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\PCHEALTH\UploadLB\Binaries\_install.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\PCHEALTH\HELPCTR\Binaries\_install.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\ntfyapp.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\inf\_install.exe
2007-12-22 12:38 129,536 ----a-w C:\WINDOWS\XP\Help\Tours\mmTour\_install.exe
2007-12-16 13:38 --------- d-----w C:\Program Files\Yahoo!
2007-12-16 12:15 44,032 ----a-w C:\WINDOWS\XP\system32\ftp.exe
2007-12-16 12:15 10 ----a-w C:\Program Files\.autoreg
2007-11-11 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 19:14 --------- d-----w C:\Program Files\Veoh Networks
2007-11-08 21:07 --------- d-----w C:\Documents and Settings\All Users.XP\Application Data\InstallShield
2007-11-08 21:06 --------- d-----w C:\Documents and Settings\All Users.XP\Application Data\UDL
2007-11-08 21:03 --------- d-----w C:\Program Files\epson
.

((((((((((((((((((((((((((((( snapshot@2007-12-25_14.18.34.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-25 13:06:37 16,384 ----a-w C:\WINDOWS\XP\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-26 11:45:51 16,384 ----a-w C:\WINDOWS\XP\system32\config\systemprofile\Cookies\index.dat
- 2007-12-25 13:06:37 32,768 ----a-w C:\WINDOWS\XP\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-26 11:45:51 32,768 ----a-w C:\WINDOWS\XP\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-25 13:06:37 32,768 ----a-w C:\WINDOWS\XP\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-26 11:45:51 32,768 ----a-w C:\WINDOWS\XP\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\ctfmon.exe" [2001-08-28 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\XP\system32\rundll32.exe]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 13:22]
"Abwc"="C:\WINDOWS\XP\System32\DOBE~1\fast.exe" []
"Yqcf"="C:\WINDOWS\XP\?icrosoft.NET\m?iexec.exe" []
"Router"="C:\Program Files\Router\Router.exe" [2007-12-16 13:25]
"ntfyapp"="C:\WINDOWS\XP\ntfyapp.exe" [2007-12-22 13:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\XP\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\XP\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"LVCOMSX"="C:\WINDOWS\XP\System32\LVCOMSX.EXE" [2004-05-21 18:11]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03]
"NeroCheck"="C:\WINDOWS\XP\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-23 21:25]
"svchost.exe"="C:\WINDOWS\XP\svchost.exe" []
"mexeji"="C:\Program Files\Services en ligne\mexeji77798.exe" [2007-08-07 21:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\CTFMON.EXE" [2001-08-28 13:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ins61.sys]
@="Driver"

R0 Ins61;Ins61;C:\WINDOWS\XP\System32\Drivers\Ins61.sys [2007-12-22 13:38]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\XP\System32\DRIVERS\SI3112r.sys [2005-11-10 16:00]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-25 21:29:03 C:\WINDOWS\XP\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 12:59:40
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 13:00:49
C:\ComboFix2.txt ... 2007-12-25 14:19
30 Décembre 2007 15:32:06

Re ,


Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

File::
C:\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\Microsoft\Windows\duiap.exe
C:\WINDOWS\XP\System32\DOBE~1\fast.exe
C:\WINDOWS\XP\?icrosoft.NET\m?iexec.exe
C:\Program Files\Router\Router.exe
C:\WINDOWS\XP\System32\yivas.dll
C:\WINDOWS\XP\system32\etysoghw.tmp
C:\WINDOWS\XP\ntfyapp.config
C:\WINDOWS\XP\ntfyapp.exe
C:\WINDOWS\XP\Ins61.sys
C:\WINDOWS\XP\system32\drivers\Ins61.sys
C:\28.tmp
C:\29.tmp
C:\30.tmp
C:\31.tmp
C:\32.tmp
C:\33.tmp
C:\34.tmp
C:\2A.tmp
C:\2B.tmp
C:\2C.tmp
C:\2D.tmp
C:\2E.tmp
C:\2F.tmp

DirLook::
C:\WINDOWS\XP\inf
C:\WINDOWS\XP\System32\DOBE~1
C:\WINDOWS\XP\?icrosoft.NET
C:\Program Files\Router

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Abwc"=-
"Yqcf"=-
"ntfyapp"=-

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

----------------------------------------------------------------------------

Installe un Antivirus et un pare feu ( Antivir et Zone Alarm c'est un bon choix , gratuit et performant ) :
Regarde dans cette page : > Sécuriser son ordinateur <

Fais un scan avec Antivir et poste le rapport
30 Décembre 2007 23:09:55


Bonsoir,

ci-joint le rapport antivar


AntiVir PersonalEdition Classic
Report file date: dimanche 30 décembre 2007 18:50

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: SYSTEM
Computer name: NICO-JA15Z54OX3

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 30 décembre 2007 18:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'logonui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\catchme2007-12-30_162809.40.zip
[0] Archive type: ZIP
--> Ins61.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> Ins61.sys.1
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\nico.NICO-JA15Z54OX3\Application Data\WinTouch\WinTouch.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP72\A0016163.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a7e1b7.qua'!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP72\A0016165.exe
[DETECTION] Is the Trojan horse TR/Dldr.AW.awm
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP72\A0016188.exe
[DETECTION] Is the Trojan horse TR/Dldr.AW.awm
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP72\A0016189.exe
[DETECTION] Is the Trojan horse TR/Dldr.AW.awm
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP72\A0016206.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a7e1c7.qua'!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP77\A0019323.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP77\A0019331.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP78\A0019434.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP78\A0019435.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP78\A0019494.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP80\A0021562.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP80\A0021572.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP80\A0021578.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP80\A0022587.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP80\A0022676.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP80\A0022881.sys
[DETECTION] Is the Trojan horse TR/Pandex.L.2
[INFO] The file was deleted!
Begin scan in 'D:\'
Begin scan in 'E:\'
E:\logiciel\Nero 6.0.0.11 Francais Plus Sa Suite Fonction Complete Sans Bug Repakager Avec Indispensable.rar
[0] Archive type: RAR
--> Nero 6.0.0.11 Francais Plus Sa Suite Fonction Complete Sans Bug Repakager Avec Indispensable\Quick Menu Builder v1.31\keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
E:\logiciel\Nero 6.0.0.11 Francais Plus Sa Suite Fonction Complete Sans Bug Repakager Avec Indispensable\Quick Menu Builder v1.31\keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
E:\logiciel\Winace 2.5\keygen.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47f0e787.qua'!
E:\logiciel\Winace 2.5\WinAce_Archiver_2[1].5_beta_5_by_TSRh.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was deleted!
E:\logiciel\winace 211\w211_fr.exe
[0] Archive type: ACE SFX (self extracting)
--> file_id_fra.diz
[WARNING] Error creating the file
--> acetools.fra
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
E:\logiciel\winace 211\wace211.exe
[0] Archive type: ACE SFX (self extracting)
--> winace.cnt
[WARNING] Error creating the file
--> winace_enu.cnt
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
E:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP83\A0023304.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{623E0F7C-4C16-4BFC-8EF0-55B819B2E448}\RP83\A0023305.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47a7eb5d.qua'!
Begin scan in 'G:\' <sauvegarde>
G:\eMule\Temp\003.part
[0] Archive type: ACE
--> Prison break.Saison2 complete VF\Prison.Break.S02E15.FRENCH.HDTV.XviD-JMT-AceBot.avi
[WARNING] Error creating the file
--> Prison break.Saison2 complete VF\Prison.Break.S02E14.FRENCH.DVTV.XviD-JMT-CAROLINE.avi
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
G:\logiciel\Real Guitar Vst Instrument.rar
[0] Archive type: RAR
--> CrcCheck.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
G:\logiciel\logiciel\Atomix Virtual DJ 2.06.zip
[0] Archive type: ZIP
--> Atomix Virtual DJ 2.06 complet table de mixage 2005 multilangage et gagner argent/Comment Gagner gros sur internet by ANGE.zip
[1] Archive type: ZIP
--> Comment Gagner gros sur internet by ANGE/La 1Šre astuce pour tricher avec eurobarre.zip
[2] Archive type: ZIP
--> La 1Šre astuce pour tricher avec eurobarre/Eurofake.exe
[DETECTION] Contains detection pattern of the worm WORM/MSN.Kelvir.AC
[INFO] The file was deleted!
G:\logiciel\logiciel\Atomix Virtual DJ 2.06\Atomix Virtual DJ 2.06 complet table de mixage 2005 multilangage et gagner argent\Comment Gagner gros sur internet by ANGE.zip
[0] Archive type: ZIP
--> Comment Gagner gros sur internet by ANGE/La 1Šre astuce pour tricher avec eurobarre.zip
[1] Archive type: ZIP
--> La 1Šre astuce pour tricher avec eurobarre/Eurofake.exe
[DETECTION] Contains detection pattern of the worm WORM/MSN.Kelvir.AC
[INFO] The file was deleted!
G:\logiciel\logiciel\Atomix Virtual DJ 2.06 complet table de mixage 2005 multilangage et gagner argent\Atomix Virtual DJ 2.06 complet table de mixage 2005 multilangage et gagner argent\Comment Gagner gros sur internet by ANGE.zip
[0] Archive type: ZIP
--> Comment Gagner gros sur internet by ANGE/La 1Šre astuce pour tricher avec eurobarre.zip
[1] Archive type: ZIP
--> La 1Šre astuce pour tricher avec eurobarre/Eurofake.exe
[DETECTION] Contains detection pattern of the worm WORM/MSN.Kelvir.AC
[INFO] The file was deleted!
G:\logiciel\logiciel photo\Paint_Shop_Pro_X_FR_crack_keygen.zip
[0] Archive type: ZIP
--> Corel Paint Shop Pro X - Installation Files/replacer.exe
[DETECTION] Is the Trojan horse TR/Crackpai.A.19
--> crack/replacer.exe
[DETECTION] Is the Trojan horse TR/Crackpai.A.19
[INFO] The file was deleted!
G:\Mes documents100106\Catia_v5r14_P3.zip
[0] Archive type: ZIP
--> crack.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.IstBar.IS.1
[1] Archive type: ZIP SFX (self extracting)
--> ist1.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.IQ
[INFO] The file was deleted!
G:\MSN\Logiciel msn\MSN6.EmoPackV3.zip
[0] Archive type: ZIP
--> Extract.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.A
[INFO] The file was deleted!


End of the scan: dimanche 30 décembre 2007 22:02
Used time: 3:12:32 min

The scan has been done completely.

10154 Scanning directories
1036053 Files were scanned
29 viruses and/or unwanted programs were found
5 Files were classified as suspicious:
27 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
1036024 Files not concerned
11173 Archives were scanned
10 Warnings
90 Notes
30 Décembre 2007 23:16:04

Ouai , forcément quand on télécharge des Cracks , Keygens ...

Poste le rapport Combofix
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS