clemseb

J'ai vérifier également une nouvelle recherche de kapersky rien trouvé pourtant il y bien un truc qui lance automatiquement internet explorer !!!! Merci pour ton aide Bruce Lee

Voici le résultat: Service load: 0% 100% File: msntb.dll Status: INFECTED/MALWARE MD5 51023bdd2cac091c19274c02e2b5947e Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT Scanner results AntiVir Found Heuristic/Crypted (probable variant) ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found Possibly a new variant of W32/Threat-SysVenFakP-based!Maximus Fortinet Found WavenDl.B!tr Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found Trojan-Spy.Delf.17 (paranoid heuristics) (probable variant)

Voici le rapport: "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Allway Sync" = ""C:\Program Files\Allway Sync\bin\syncappw.exe" -m" ["SyncApp team"] "H/PC Connection Agent" = ""C:\PROGRA~1\MI3AA1~1\wcescomm.exe"" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Company"] "LSBWatcher" = "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" ["Hewlett-Packard Company"] "eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "] "Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "SSBkgdUpdate" = ""C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."] "PaperPort PTD" = ""C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"" ["ScanSoft, Inc."] "IndexSearch" = ""C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"" ["ScanSoft, Inc."] "ToUcamVProperty" = "C:\PROGRA~1\PHILIP~1\VProperty.exe" ["Philips PC Cameras"] "Status Monitor CLJ1500" = "C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe" ["Oak Technology, Inc."] "ChangeFilterMerit" = "C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [null data] "Presto! PVR Monitor" = "C:\Program Files\NewSoft\Presto! PVR\Monitor.exe" ["NewSoft"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "kis" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"] "(Default)" = "(empty string)" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {49E0E0F0-5C30-11D4-945D-000000000000}\(Default) = (no title provided) -> {HKLM...CLSID} = "MSNToolBandBHO" \InProcServer32\(Default) = "C:\WINDOWS\system32\msntb.dll" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] {C451C08A-EC37-45DF-AAAD-18B51AB5E837}\(Default) = (no title provided) -> {HKLM...CLSID} = "PDFCreator Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Favoris Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Appareil mobile" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" = "CopyToCD shell extension" -> {HKLM...CLSID} = "CopyToCD shell extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"] "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}" = "ImageResizer Shell Extension" -> {HKLM...CLSID} = "ImageResizer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Antivirus Internet" -> {HKLM...CLSID} = "Antivirus Internet" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" -> {HKLM...CLSID} = "CopyToCD shell extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" -> {HKLM...CLSID} = "CopyToCD shell extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" -> {HKLM...CLSID} = "CopyToCD shell extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"] ImageResizer\(Default) = "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}" -> {HKLM...CLSID} = "ImageResizer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "LETNBRU" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\LETNBRU\Menu Démarrer\Programmes\Démarrage "PopTray" -> shortcut to: "C:\Program Files\PopTray\PopTray.exe" ["Renier Crause"] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe" ["Broadcom Corporation."] "hp psc 1000 series" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."] "hpoddt01.exe" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"] "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Post-it® Software Notes" -> shortcut to: "C:\Program Files\3M\PSNotes\psn.exe -RegRun" ["3M"] Enabled Scheduled Tasks: ------------------------ "FRU Task #Hewlett-Packard#hp psc 1200 series#1143876709" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1143876709"" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" -> {HKLM...CLSID} = "PDFCreator Toolbar" \InProcServer32\(Default) = "C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar" -> {HKLM...CLSID} = "PDFCreator Toolbar" \InProcServer32\(Default) = "C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Antivirus Internet" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Antivirus Internet" {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Créer un favori mobile..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherche" Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.hp.com [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe" ["Broadcom Corporation."] HP WMI Interface, hpqwmi, "C:\Program Files\HPQ\SHARED\HPQWMI.exe" ["Hewlett-Packard Development Company, L.P."] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"] UFD Command Service, UFDSVC, "C:\WINDOWS\system32\ufdsvc.exe" ["Generic"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Color LaserJet Monitor\Driver = "HPPOUMON.dll" ["Oak Technology, Inc."] hpzsnt07\Driver = "hpzsnt07.dll" ["HP"] Ice Monitor C\Driver = "BiCMonNT.dll" ["Black Ice Software"] Ice Monitor M\Driver = "BiMMonNT.dll" ["Black Ice Software"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] PDFCreator\Driver = "pdfcmnnt.dll" [null data] Port imprimante Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 40 seconds, including 8 seconds for message boxes)

Rien à faire le trojan réapparait et kapersky me le signal toute les 5 minutes comme cela: cheval de troie Backdoor.win32.ICBot.oj dans le fichier c:\documents and Settings\LETNBRU\Local Settings\Temp\zedesh.dat/UPX Il le supprime puis il revient..... De plus il y a toujour ce truc bizard qui doit être lancé pas le trojan : précense de Internet explorer dans le gestionnaire de tache, Application alors que je ne l'ai pas lancé et si je fais fin de tache il reapparait de suite... Je deviens fou ce truc a l'air vraiment balaise!!!.????

Merci bruce Lee, je fais cela dès que la recherche de kapersky internet security soit terminer... Je viens en effet de virer PC-Cillin qui n'a pas été capable de détecter le trojan Ma licence PCcillin se termine fin mars mais je vais acheter une licence kapersky qui a l'air plus performant : la preuve il n'a pas encore fini et a deja detecté : cheval de troie Backdoor.win32.ICBot.oj dans le fichier c:\documents and Settings\LETNBRU\Local Settings\Temp\zedesh.dat/UPX J'espère pouvoir m'en debarasser Merci beaucoup pour ton aide et JOYEUX ANNIVERSAIRE!!!!!!!

Bonjour, Enfin ce matin l'analyse Ewido était terminée...presque 3 heures!!!! Voici le rapport: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 08:47:37 30/10/2006 + Résultat de l'analyse: C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP166\A0035600.exe -> Not-A-Virus.Hacktool.EvID : Nettoyé. :mozilla.24:C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.30:C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.21:C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.22:C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.23:C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.29:C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé. Fin du rapport j'ai essuite eteind puis ralumer le pc et dès que j'ai lancer IE pour faire le scan sur webscanner.kapresky voici le message de PC- Cillin: Scan en temps réel Trend Micro PC-cillin Internet Security 12 a détecté un virus, un programme espion ou une autre menace issue d'Internet et a effectué l'action de scan spécifiée. Fichier infecté : C:\DOCUME~1\LETNBRU\LOCALS~1\Temp\zedesh.dat Nom du virus : BKDR_IRCBOT.GL Nom de l'utilisateur : LETNBRU Résultat de l'action de scan : En quarantaine. Remarque : si la fonction Rechercher / supprimer chevaux de Troie est activée et exécutée après le scan, vous pouvez cliquer sur Suivant pour afficher des informations sur le résultat du scan final. et enfin voici le rapport de Kapersky: KASPERSKY ON-LINE SCANNER REPORT Monday, October 30, 2006 10:51:33 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 30/10/2006 Enregistrements dans la base antivirus Kaspersky : 236180 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ S:\ T:\ Statistiques de l'analyse Total d'objets analysés 55219 Nombre de virus trouvés 3 Nombre d'objets infectés 30 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:40:03 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\LETNBRU\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\3M\PSNotes\PSNData L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Application Data\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo Mail Berkeley mbox: infecté - 7 ignoré C:\Documents and Settings\LETNBRU\Bureau\CopyToDVD.v4.0.0.38b.WinALL.Incl.Crack-TE\copytodvd4_setup.exe Infecté : Trojan-Dropper.Win32.Agent.agp ignoré C:\Documents and Settings\LETNBRU\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Microsoft\Outlook Express\Wengo.dbx/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/tightvnc-1.2.9-setup.doc/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Microsoft\Outlook Express\Wengo.dbx/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/tightvnc-1.2.9-setup.doc/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Microsoft\Outlook Express\Wengo.dbx/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/tightvnc-1.2.9-setup.doc Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Microsoft\Outlook Express\Wengo.dbx/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Microsoft\Outlook Express\Wengo.dbx Mail MS Outlook 5: infecté - 4 ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4y3jjc3.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Historique\History.IE5\MSHist012006103020061031\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Temp\WCESLog.log L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Temp\~DF269B.tmp L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LETNBRU\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{9E5EAF85-0DFC-4D36-895E-9EAD5CE47033}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré S:\Fichier sauvegarde mail 032006\Outlook Express\Wengo.dbx/[From Clems ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/tightvnc-1.2.9-setup.doc/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré S:\Fichier sauvegarde mail 032006\Outlook Express\Wengo.dbx/[From Clems ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/tightvnc-1.2.9-setup.doc/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Fichier sauvegarde mail 032006\Outlook Express\Wengo.dbx/[From Clems ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/tightvnc-1.2.9-setup.doc Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Fichier sauvegarde mail 032006\Outlook Express\Wengo.dbx/[From Clems ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Fichier sauvegarde mail 032006\Outlook Express\Wengo.dbx Mail MS Outlook 5: infecté - 4 ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/data0002 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED/data0003 Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text/[From "Clems" ][Date Wed, 04 Jan 2006 21:45:17 +0100]/UNNAMED Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text/[From "Wengo - noreply" ][Date Thu, 8 Dec 2005 19:50:52 +0100]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text/[From "Wengo - Paiement" ][Date Tue, 1 Nov 2005 07:10:38 +0100]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text/[From "Wengo - Paiement" ][Date Sat, 1 Oct 2005 07:12:09 +0200]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo/[From "Wengo - Activation du compte" ][Date Wed, 10 Aug 2005 12:29:19 +0200]/text Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré S:\Sauvegarde Parents Firefox et Thunderbird\Thunderbird\Profiles\2raqoadu.default\Mail\Local Folders\Wengo Mail Berkeley mbox: infecté - 7 ignoré S:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré T:\EMULE\Incoming\CopyToDVD.v4.0.0.38b.WinALL.Incl.Crack-TE\copytodvd4_setup.exe Infecté : Trojan-Dropper.Win32.Agent.agp ignoré T:\EMULE\Incoming\CopyToDVD.v4.0.0.38b.WinALL.Incl.Crack-TE.rar/copytodvd4_setup.exe Infecté : Trojan-Dropper.Win32.Agent.agp ignoré T:\EMULE\Incoming\CopyToDVD.v4.0.0.38b.WinALL.Incl.Crack-TE.rar RAR: infecté - 1 ignoré T:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée. pour info j'ai effectivement installé CopytoDVD Comment puis-je le supprimer ce trojan maintenant??? Merci Beaucoup pour votre aide

Voici le rapport: Found nothing pour tous Une chose aussi très étrange: J'ai remarqué une activité reseau sans faire quoi que ce soit sur le pc et j'ai donc lancé le gestionnaire de tache...là surprise!!! internet explorer était lancé sans qu'il n'apparaisse dans la barre des taches et en faisant terminer le processus il s'enleve et revient comme si je lancé volotairement internet explorer que je n'utilise d'ailleur presque jamais!!!!??? et maintenant après un reboot de la machine cela n'apparait plus??!! Merci beaucoup pour votre aide

Bonjour, Depuis aujourd'hui pc cillin m'indique un virus BKDR_IRCBOT.GL dans le repertoire temp il le met en quarantaine , je l'efface et apres un redemarrage meme apres une extinction du pc il me le redetecte dans le temp (c:/document.../user/temp) et fichier zedesh.dat Ewido ne detecte rien et pccillin après un scan non plus..!!!??? Voici le rapport hijackthis: merci beaucoup pour votre aide.. Logfile of HijackThis v1.99.1 Scan saved at 18:47:02, on 29/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\oodag.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\ufdsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe C:\Program Files\NewSoft\Presto! PVR\Monitor.exe C:\Program Files\Allway Sync\bin\syncappw.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\3M\PSNotes\psn.exe C:\Program Files\PopTray\PopTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\3M\PSNotes\PSNGive.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\LETNBRU\LOCALS~1\Temp\mdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\LETNBRU\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSNToolBandBHO - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\msntb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\bin\syncappw.exe" -m O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143664167062 O17 - HKLM\System\CCS\Services\Tcpip\..\{67479454-F4DE-4F3C-843B-6877BFC8CD60}: NameServer = 80.10.246.2,80.10.246.129 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe