Se connecter / S'enregistrer
Votre question

sos virus nokia - résolu merci

Tags :
  • Scan
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Novembre 2007 15:29:47

sos j ai déja passé un message sans réponse, je joint un scan activir et un rappot hitjakis pouvez vous m aider svp

Trend Micro HijackThis v2.0.2
Scan saved at 19:10:14, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 5654 bytes





AntiVir PersonalEdition Classic
Report file date: mercredi 21 novembre 2007 18:21

Scanning for 939156 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SN119788980319

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 17:21:05
ANTIVIR3.VDF : 7.0.0.243 190464 Bytes 21/11/2007 17:21:05
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 21/11/2007 17:21:05
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 21 novembre 2007 18:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'ihdjiq.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '11' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47776998.qua'!
C:\er-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477169b5.qua'!
C:\ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477169b9.qua'!
C:\or-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477169bf.qua'!
C:\p6g7j3w2g3f5.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47ab6985.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Carlson\carlton
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47b66ba0.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP201\A0040853.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746cef.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP201\A0041856.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746cf1.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP201\A0042856.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746cf3.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP201\A0042954.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746cf6.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP201\A0042971.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746cf8.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP202\A0042987.exe
[DETECTION] Is the Trojan horse TR/Dldr.AW.awm
[INFO] The file was moved to '47746cfc.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP202\A0042988.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746cfd.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP202\A0042989.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d00.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP202\A0043007.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d03.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP203\A0043010.exe
[DETECTION] Is the Trojan horse TR/Agent.crf.1
[INFO] The file was moved to '47746d05.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP205\A0043144.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d0c.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP206\A0044119.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d12.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP207\A0044124.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d15.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP207\A0044166.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d17.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP207\A0044322.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d1d.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP207\A0044324.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
[INFO] The file was moved to '47746d1f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP207\A0044403.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '47746d24.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP207\A0044404.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d26.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP207\A0044405.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47746d27.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP208\A0044589.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d2f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP208\A0044880.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d36.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP209\A0044902.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d3e.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP210\A0044911.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e54f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP210\A0044912.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d3f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP211\A0044918.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d40.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP211\A0044919.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e531.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP211\A0044944.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d41.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP211\A0044952.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e532.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP212\A0044972.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d42.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP212\A0044973.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d43.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP215\A0045290.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d4c.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP215\A0045291.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e53d.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP216\A0045367.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d4e.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP216\A0045368.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e53f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP218\A0045646.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d53.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP219\A0045723.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d55.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP219\A0045739.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d56.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP221\A0045762.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d57.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP221\A0045766.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d58.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP221\A0045823.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d59.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP221\A0045825.exe
[DETECTION] Is the Trojan horse TR/FakeAV.15.A
[INFO] The file was moved to '47746d5a.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP226\A0046827.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d5f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP226\A0046829.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e510.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP226\A0046830.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d60.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP226\A0046855.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d61.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP226\A0047081.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d64.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP226\A0048082.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d65.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048085.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d66.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048093.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e517.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048109.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d68.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048111.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e519.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048114.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d67.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048120.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '46d6e518.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048138.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d69.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048143.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '47746d6a.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048162.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e51b.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP227\A0048163.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d6c.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP228\A0048184.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '46d6e51a.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP228\A0051184.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e51d.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP228\A0051185.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d6e.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP228\A0051187.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
[INFO] The file was moved to '46d6e51f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP229\A0051258.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d6d.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP229\A0052185.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d81.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP229\A0052213.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '46d6e5f2.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP229\A0052238.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d83.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP232\A0053489.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d87.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP232\A0053589.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d88.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP233\A0053802.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d8c.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP236\A0053885.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d90.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP236\A0053890.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e5e1.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP236\A0053891.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d91.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP237\A0053976.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d93.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP237\A0053994.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746d94.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP237\A0054009.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '46d6e5e5.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP237\A0054071.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746d95.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP248\A0055438.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746da4.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP255\A0056872.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746db1.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP255\A0056873.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e5c2.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP255\A0056874.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47746db3.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP255\A0056875.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46d6e5c4.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP255\A0056876.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47746db2.qua'!
C:\WINDOWS\b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '47766db4.qua'!
C:\WINDOWS\b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc
[INFO] The file was moved to '47766db5.qua'!
C:\WINDOWS\ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[INFO] The file was moved to '47976de7.qua'!
C:\WINDOWS\LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47986dc7.qua'!
Begin scan in 'D:\' <DATA>
D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP201\A0040819.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47747133.qua'!


End of the scan: mercredi 21 novembre 2007 18:55
Used time: 33:42 min

The scan has been done completely.

8075 Scanning directories
299173 Files were scanned
92 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
92 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
299081 Files not concerned
9794 Archives were scanned
1 Warnings
2 Notes

Autres pages sur : sos virus nokia resolu merci

22 Novembre 2007 17:09:37

Bonjours,

Ouah! Belle infection !! j'ai pu le constater grace au rapport de avira antivir que vous avez laisser sur le forum

Apparament rien de grave a constater sur votre rapport HiJackThis mais je pense qu'il faut supprimer une ligne mais attendez l'avie d'un expert( ce que je souhaite bien l'etre) mais apparament vous avez supprimer le plus gros avec Avira antivir. Vous aviez 98 trojan ! ce qui est enorme

Cordialement
22 Novembre 2007 17:15:00

Merci de votre réponse et j attends votre aide - en ce qui concerne les trojean, je les ai mis en quarantaine, comment puis je les supprimer - merci de votre aide jacgeo
Contenus similaires
23 Novembre 2007 10:44:00

sos ne m oubliez pas que dois je faire avec ce virus nokia -- merci jacgeo
23 Novembre 2007 11:17:06

Bonjour


Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le ainsi qu'un nouveau scan HijackThis fait en mode normal.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
23 Novembre 2007 11:30:58

Merci beaucoup de votre aide ci-joint le résultat -



D:\Documents and Settings\JACQUELINE\Bureau\MSNFix\MSNFix
Fix exécuté le 23/11/2007 - 11:26:56,39 By JACQUELINE
mode normal

************************ Recherche les fichiers présents

... D:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\Temporary\
... C:\PROGRA~1\WinAble\




************************ Suppression des fichiers

.. OK ... D:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp


************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\PROGRA~1\Temporary\
.. OK ... C:\PROGRA~1\WinAble\


************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\DXSETUP.exe] 4A7AAB270DE5492330FF7A82DDF29676

==> SVP merci d'envoyer le fichier D:\DOCUME~1\JACQUE~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 23112007_11275546.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
Merci pour tout aplus

jacgeo
23 Novembre 2007 12:09:35

est ce je dois extraire tous ces fichiers ??
23 Novembre 2007 12:27:44

je ne sais pas faire comment faire svp merci
23 Novembre 2007 12:47:35

Faire quoi ?

Si c'est pour le fichier à envoyer, tu l'envoie sans y toucher, tel quel.
23 Novembre 2007 14:29:53

je n y arrive pas quelle est la marche à suivre pour envoyer ce fichier ?
Quand je veux lancer combofix, search et destroy se mets en route est ce normal???
23 Novembre 2007 15:11:18

Tant pis pour le fichier.

Combofix comporte de puissants processus, c'est pour cela que les protections réagissent.

Désactive Spybot et Antivir le temps du scan.
23 Novembre 2007 17:05:40

je regrette mais combofix se lance, et après il me dit compte rendu en cours et mais après 20 minutes - rien il est bloqué
23 Novembre 2007 17:19:13

Je suis une nulle je vous envoie un fichier hijacthis

Merci en tout cas de votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 6054 bytes
23 Novembre 2007 17:40:12

Tu vas faire la manip en mode sans échec.

Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


Lance Combofix.


Redémarre normalement.

Poste le rapport.
23 Novembre 2007 18:02:33

ci-joint rapport j espère que c est le bon -

ComboFix 07-11-19.3 - JACQUELINE 2007-11-23 17:51:54.4 - NTFSx86 MINIMAL
Running from: D:\Documents and Settings\JACQUELINE\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\_000006_.tmp.dll
c:\WINDOWS\system32\ihdjiq.dat
C:\WINDOWS\system32\ihdjiq.exe
C:\WINDOWS\system32\ihdjiq_nav.dat
C:\WINDOWS\system32\ihdjiq_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.

2007-11-23 11:27 3,377 --a------ C:\WINDOWS\msnchk.exe
2007-11-23 10:47 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-22 15:34 <REP> d-------- C:\Program Files\Microids
2007-11-21 18:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2007-11-21 18:18 <REP> d-------- C:\Program Files\Avira
2007-11-21 09:53 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-21 09:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-19 17:23 <REP> d-------- C:\Program Files\New York Police Judiciaire
2007-11-16 09:41 <REP> d-------- C:\Program Files\Hitchcock
2007-11-15 08:55 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-11-15 08:51 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-15 08:51 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-15 08:51 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-15 08:51 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-15 08:51 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-15 08:51 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-15 08:51 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-15 08:51 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-15 08:51 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-12 10:02 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-11-12 10:02 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2007-11-12 08:40 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2007-11-12 08:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-10 11:15 <REP> d-------- C:\Program Files\RegCleaner
2007-11-04 20:32 <REP> d-------- D:\Documents and Settings\JACQUELINE.SN119788980319\Modèles
2007-11-04 20:32 <REP> d-------- D:\Documents and Settings\JACQUELINE.SN119788980319\Mes documents
2007-11-04 20:32 <REP> d-------- D:\Documents and Settings\JACQUELINE.SN119788980319\Favoris
2007-11-02 18:10 <REP> dr------- D:\Documents and Settings\LocalService.AUTORITE NT\Favoris
2007-11-02 17:44 <REP> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 14:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 08:54 --------- d-----w C:\Program Files\Windows Live
2007-11-21 08:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-18 08:08 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 16:07 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2007-11-14 06:47 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-12 08:26 --------- d-----w C:\Program Files\IncrediMail
2007-11-11 17:27 --------- d-----w C:\Program Files\SDLL
2007-11-10 12:55 --------- d-----w C:\Program Files\GamesBar
2007-11-05 13:28 --------- d-----w C:\Program Files\Micro Application
2007-11-05 13:26 --------- d-----w C:\Program Files\Trust
2007-11-05 13:25 --------- d-----w C:\Program Files\BoontyGames
2007-11-05 13:25 --------- d-----w C:\Program Files\Boonty
2007-11-03 17:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-19 11:44 --------- d-----w D:\Documents and Settings\JACQUELINE\Application Data\OD2
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 14:38 --------- d-----w D:\Documents and Settings\JACQUELINE\Application Data\Magic Academy
2007-10-17 07:18 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-17 07:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-17 07:14 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-16 06:53 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2007-10-15 06:23 --------- d-----w D:\Documents and Settings\JACQUELINE\Application Data\AdobeUM
2007-09-25 16:27 --------- d-----w D:\Documents and Settings\JACQUELINE\Application Data\Smart Panel
2007-09-15 07:19 284 -c--a-w D:\Documents and Settings\JACQUELINE\Application Data\ViewerApp.dat
2007-09-10 11:40 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-09-10 11:40 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-07-13 10:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 08:18]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-21 18:21]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=C:\WINDOWS\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\khygsj]
c:\windows\system32\khygsj.exe khygsj

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)
"UleadBurningHelper"=2 (0x2)

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S2 athsgt;athsgt;C:\WINDOWS\system32\DRIVERS\athsgt.sys
S2 limsgt;limsgt;C:\WINDOWS\system32\DRIVERS\limsgt.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 17:55:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 17:56:57
.
--- E O F ---
24 Novembre 2007 12:58:02

ci-joint rapport

KASPERSKY ON-LINE SCANNER REPORT
Saturday, November 24, 2007 12:55:53 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 24/11/2007
Enregistrements dans la base antivirus Kaspersky : 435841


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Statistiques de l'analyse
Total d'objets analysés 91997
Nombre de virus trouvés 1
Nombre d'objets infectés 2 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:52:49

Nom de l'objet infecté Nom du virus Dernière action
C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE/300.exe Infecté : Trojan-Spy.Win32.Delf.wh ignoré

C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE SetupSpecialist: infecté - 1 ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP257\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6CC30758-ED29-4F2D-8159-057E04658FBD}.crmlog L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\EventCache\{517FA458-4C0C-46F5-B947-626185C494E4}.bin L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Cookies\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Microsoft\Windows Live Contacts\jacgeo@hotmail.fr\real\members.stg L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Microsoft\Windows Live Contacts\jacgeo@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Historique\History.IE5\MSHist012007112420071125\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Temp\~DF207A.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Temp\~DF208E.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Temp\~DFC25A.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Temp\~DFC560.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\ntuser.dat L'objet est verrouillé ignoré

D:\Documents and Settings\JACQUELINE\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService.AUTORITE NT.003\Cookies\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService.AUTORITE NT.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService.AUTORITE NT.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService.AUTORITE NT.003\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService.AUTORITE NT.003\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService.AUTORITE NT.003\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService.AUTORITE NT.003\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService.AUTORITE NT.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService.AUTORITE NT.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService.AUTORITE NT.003\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService.AUTORITE NT.003\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP257\change.log L'objet est verrouillé ignoré
24 Novembre 2007 15:19:34

j espère que c est le bon rapport que j ai envoyé - merci
24 Novembre 2007 20:46:58

Bonjour

C'est le bon rapport.

Supprime ce fichier
C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE


As tu encore des dysfonctionnements ?
25 Novembre 2007 08:42:53

Comment dois je supprimer ce fichier - je fais rechercher et je supprime ? Mais autrement cela va bien - merci
25 Novembre 2007 09:03:59

enfin de compte je pense l a voir supprimé merci beaucoup de l aide - que j ai trouvé sur ce site - a plus jacgeo
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS