 
         
					
                
                
            model35
Membres- 
                Compteur de contenus12
- 
                Inscription
- 
                Dernière visite
model35's Achievements
 
									Junior Member (3/12)
0
Réputation sur la communauté
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares C'est fait, infection signalée, encore tous mes remerciements.
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Wow, impressionné je suis ! Faut dire que mon boulot n'est pas dans ce secteur... Je vais faire tout ça, je te dois bien ce ... service !
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares En fait j'ai réussi à installer ZA, qui fonctionne très bien. Antivir aussi. Le service qui merdouillait, j'ai oublié son nom mais manifestement c'est un service de ZA. Voici le rapport, fait à l'instant (mais dit donc, qu'est ce que c'est rapide, il me semblait me souvenir que c'était bien plus long !) Il me semble que tout est ok...? Sinon, question transcendante (enfin pour moi): payer pour antivir (avec parefeu et antispyware et tout et tout) vaut il reellement le coup ? Encore tous mes remerciements. ************************************************************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:26:27, on 16/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\hp\KBD\kbd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Astase\UltraBackup\4.0\bin\ubTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Franck\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [WellPhone XT Sagem] "C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...istaADP-1.0.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdat...PSUploader4.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3A7BBB0-4520-4FDC-9116-96BC6188149C}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: DVRMSFileWatcherService - Unknown owner - C:\Program Files\DVRMSToolbox\DVRMSFileWatcherService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: M-Audio Audiophile Installer (MAudioAudiophileService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10766 bytes
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Et bien voilà, NIS 2007 a été desinstallé (sauf qu'il indique tjrs à vista qu'il le protège, j'ai réactivé le parefeu de vista en attendant). Par contre pas moyen d'installer zone alarm, il parait que je suis sous windows 95 et ensuite malgré l'installation qui se lance, il se bloque. Un service reste ouvert et je ne le trouve pas dans services.msc. Mais je progresse...grâce à vous ! Donc pour l'instant...parefeu de vista et antivir. Scan hier, tout est normal. On avance...
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Chers amis bonsoir ! Après le scan en ligne de panda, il apparait que j'ai pas mal de cookies traceurs, et rien d'autre. Un éradiqueur de spyware que je ne saurais tarder à installer (un conseil ???) va résoudre ça. Un autre hikjackthis (étrangement rapide ???) me donne le fichier ci dessous. Tout me semble normal (sauf l section 13, le Gopher). J'en profite pour demander conseil: je peux installer ZA avant de désinstaller NIS2007 ? Y a-til un intérêt à prendre la version payante de antivir ? Merci encore de votre attention. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:08:03, on 13/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\hp\KBD\kbd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Astase\UltraBackup\4.0\bin\ubTray.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Mail\WinMail.exe C:\Users\Franck\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [WellPhone XT Sagem] "C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...istaADP-1.0.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdat...PSUploader4.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3A7BBB0-4520-4FDC-9116-96BC6188149C}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: DVRMSFileWatcherService - Unknown owner - C:\Program Files\DVRMSToolbox\DVRMSFileWatcherService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: M-Audio Audiophile Installer (MAudioAudiophileService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12526 bytes
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Je suis toujours aussi épaté de votre disponibilité ! J'en connais qui devraient prendre des leçons (ailleurs, sur d'autres forums que je fréquente, sans rapports avec celui ci)... veuillez tous 2 être sûrs de ma reconnaissance ! Pour le centre de sécurité: oui, je l'ai fait dès que j'ai acheté le pc, marre de devoir dire oui à chaque fois que je devais faire quelque chose. J'ai dans l'intention de virer norton (même pas fichu de voir bagle ce plouc): il me reste 2 mois d'abonnement, mais tant pis (tant qu'à payer, j'irai chez antivir). J'ai 4 pc en réseau chez moi; j'ai installé antivir sur 1 du haut, l'autre va suivre; le pc de madame est prêt à recevoir antivir aussi, j'ai téléchargé le truc norton pour virer le nis 2005. J'ai déjà sur le mien antivir, je vais virer nis 2007, mais ... quel pare feu choisir (pour les 4 pc) ?? Il me semble que le kaspersky en ligne ne fonctionne pas encore avec vista. Pour le rapport antivir le voici (j'ai fait éliminer les fichiers que je connaissais, les autres (system machin chose) je n'ai pas osé): AntiVir PersonalEdition Classic Report file date: mardi 11 mars 2008 20:55 Scanning for 1142609 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Username: SYSTEM Computer name: PC-DE-FRANCK Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:54:27 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 19:54:27 ANTIVIR3.VDF : 7.0.3.17 79360 Bytes 11/03/2008 19:54:27 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 11/03/2008 19:54:27 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/03/2008 19:54:27 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: L:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 11 mars 2008 20:55 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'VSSVC.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned Scan process 'WinMail.exe' - '1' Module(s) have been scanned Scan process 'conime.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'ehsched.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'ndasmgmt.exe' - '1' Module(s) have been scanned Scan process 'XAudio.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'winvnc4.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'scsiaccess.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'ndassvc.exe' - '1' Module(s) have been scanned Scan process 'MAUSBAPInst.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'DVRMSFileWatcherService.exe' - '1' Module(s) have been scanned Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'ubTray.exe' - '1' Module(s) have been scanned Scan process 'MOM.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'M-AudioTaskBarIcon.exe' - '1' Module(s) have been scanned Scan process 'wmdc.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'ccApp.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'kbd.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'AppSvc32.exe' - '1' Module(s) have been scanned Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 78 processes with 78 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'L:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '14' files ). Starting the file scan: Begin scan in 'C:\' <HP> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\AV Music Morpher Gold\patch.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '484af59c.qua'! C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll [WARNING] The file could not be opened! C:\QooBox\Quarantine\catchme2008-03-08_132925.82.zip [0] Archive type: ZIP --> srosa.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen --> wintems.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> mdelk.exe [DETECTION] Is the Trojan horse TR/Bagle.Gen.B --> hldrrr.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.ix [iNFO] The file was moved to '484b7230.qua'! C:\QooBox\Quarantine\C\Windows\System32\mdelk.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '483c7234.qua'! C:\QooBox\Quarantine\C\Windows\System32\wintems.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '48457239.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\hldrrr.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '483b723c.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\srosa.sys.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '48467242.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\116563.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '480d7202.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\122866.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '48097203.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\142756.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '48097206.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14673844.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '480d7206.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14705637.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '480e7207.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\18207438.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '4809720c.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\43588052.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '480c720a.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\43758608.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '480e720a.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\62219204.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '4809720b.qua'! C:\QooBox\Quarantine\C\Windows\System32\drivers\down\76740277.exe.vir [DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen [iNFO] The file was moved to '480e720f.qua'! C:\Users\Franck\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\52BA68C4-00000037.eml [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.5 [iNFO] The file was moved to '481972f4.qua'! C:\Users\Franck\Desktop\ROMS DS\nds lea passion bebe Theme.zip [0] Archive type: ZIP --> Setup.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.fct [iNFO] The file was moved to '484a790c.qua'! Begin scan in 'D:\' <Recovery> Begin scan in 'F:\' <Disque suspect> F:\Documents\iufm\rspear-nocdversiongb.zip [0] Archive type: ZIP --> rs-nocd.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Theef.DO Backdoor server programs [iNFO] The file was moved to '48477d45.qua'! Begin scan in 'L:\' <Disque Docs> L:\Documents\iufm\rspear-nocdversiongb.zip [0] Archive type: ZIP --> rs-nocd.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Theef.DO Backdoor server programs [iNFO] The file was moved to '48477f80.qua'! L:\save virus mars 2008\ROMS DS\nds lea passion bebe Theme.zip [0] Archive type: ZIP --> Setup.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.fct [iNFO] The file was moved to '484a83cc.qua'! L:\save virus mars 2008\Windows Mail\Local Folders\Deleted Items\52BA68C4-00000037.eml [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud.5 [iNFO] The file was moved to '481984b9.qua'! End of the scan: mercredi 12 mars 2008 08:31 Used time: 11:36:21 min The scan has been done completely. 22190 Scanning directories 670989 Files were scanned 24 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 22 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 670965 Files not concerned 26886 Archives were scanned 3 Warnings 10 Notes
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Ah et bien merci, mais j'ai peur d'avoir fait "de travers": j'ai installé antivir, fait un scan, il m'a mis plein de fichiers en quarantaine... Il n'a pas fini (oublié avant d'aller au pieu de cocher de "faire pareil pour tous les autres fichiers" lorsqu'il trouve un beurk beurk ) Cela ne va-t-il pas court-circuiter vos procédures ??
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Oulà mais c'est que vous m'inquiétez ! Ne pas surfer sans ce pc...hem... Le combofix a été utilisé, mais a planté; au bout d'un moment je ne sais ce qui s'est passé, mais combofix et le truc espagnol (qui plantait aussi) se sont lancés en même temps ! Résultat l'espagnol a supprimé des fichiers (si j'ai bien suivi) et c'est de là que j'ai pu relancer une restauration. Notez au passage le nom poétique avec lequel j'avais renommé le scanneur (je ne sais plus lequel des 2)... Et merci encore de cette aide et de ce temps que vous m'accordez. Voici le combofix.txt : ComboFix 08-03-07.4 - Franck 2008-03-08 13:21:50.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2418 [GMT 1:00] Endroit: C:\Users\Franck\Desktop\jvatavoir.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\down C:\Windows\system32\drivers\down\106158.exe C:\Windows\system32\drivers\down\106969.exe C:\Windows\system32\drivers\down\109653.exe C:\Windows\system32\drivers\down\110167.exe C:\Windows\system32\drivers\down\113880.exe C:\Windows\system32\drivers\down\116563.exe C:\Windows\system32\drivers\down\117609.exe C:\Windows\system32\drivers\down\117905.exe C:\Windows\system32\drivers\down\121150.exe C:\Windows\system32\drivers\down\122725.exe C:\Windows\system32\drivers\down\122866.exe C:\Windows\system32\drivers\down\125783.exe C:\Windows\system32\drivers\down\126797.exe C:\Windows\system32\drivers\down\127218.exe C:\Windows\system32\drivers\down\130260.exe C:\Windows\system32\drivers\down\130323.exe C:\Windows\system32\drivers\down\134691.exe C:\Windows\system32\drivers\down\135814.exe C:\Windows\system32\drivers\down\136017.exe C:\Windows\system32\drivers\down\136438.exe C:\Windows\system32\drivers\down\139449.exe C:\Windows\system32\drivers\down\142023.exe C:\Windows\system32\drivers\down\142647.exe C:\Windows\system32\drivers\down\142756.exe C:\Windows\system32\drivers\down\144378.exe C:\Windows\system32\drivers\down\14604267.exe C:\Windows\system32\drivers\down\14609337.exe C:\Windows\system32\drivers\down\14611303.exe C:\Windows\system32\drivers\down\14614641.exe C:\Windows\system32\drivers\down\14615764.exe C:\Windows\system32\drivers\down\14617543.exe C:\Windows\system32\drivers\down\14618557.exe C:\Windows\system32\drivers\down\14618635.exe C:\Windows\system32\drivers\down\14619462.exe C:\Windows\system32\drivers\down\14622004.exe C:\Windows\system32\drivers\down\14623939.exe C:\Windows\system32\drivers\down\14626092.exe C:\Windows\system32\drivers\down\14627371.exe C:\Windows\system32\drivers\down\14629024.exe C:\Windows\system32\drivers\down\14635311.exe C:\Windows\system32\drivers\down\14638962.exe C:\Windows\system32\drivers\down\14641645.exe C:\Windows\system32\drivers\down\14643486.exe C:\Windows\system32\drivers\down\14645654.exe C:\Windows\system32\drivers\down\14648993.exe C:\Windows\system32\drivers\down\14650631.exe C:\Windows\system32\drivers\down\14651067.exe C:\Windows\system32\drivers\down\14651442.exe C:\Windows\system32\drivers\down\14651801.exe C:\Windows\system32\drivers\down\14653127.exe C:\Windows\system32\drivers\down\14654702.exe C:\Windows\system32\drivers\down\14656449.exe C:\Windows\system32\drivers\down\14657495.exe C:\Windows\system32\drivers\down\14666667.exe C:\Windows\system32\drivers\down\14669054.exe C:\Windows\system32\drivers\down\14673844.exe C:\Windows\system32\drivers\down\14677369.exe C:\Windows\system32\drivers\down\14679865.exe C:\Windows\system32\drivers\down\14680006.exe C:\Windows\system32\drivers\down\14680162.exe C:\Windows\system32\drivers\down\14681737.exe C:\Windows\system32\drivers\down\14682814.exe C:\Windows\system32\drivers\down\14688820.exe C:\Windows\system32\drivers\down\14689849.exe C:\Windows\system32\drivers\down\14691284.exe C:\Windows\system32\drivers\down\14705637.exe C:\Windows\system32\drivers\down\14706385.exe C:\Windows\system32\drivers\down\14713702.exe C:\Windows\system32\drivers\down\14718585.exe C:\Windows\system32\drivers\down\14720316.exe C:\Windows\system32\drivers\down\14721408.exe C:\Windows\system32\drivers\down\14721892.exe C:\Windows\system32\drivers\down\14728179.exe C:\Windows\system32\drivers\down\14730129.exe C:\Windows\system32\drivers\down\14742344.exe C:\Windows\system32\drivers\down\14744574.exe C:\Windows\system32\drivers\down\14745744.exe C:\Windows\system32\drivers\down\14755370.exe C:\Windows\system32\drivers\down\14756742.exe C:\Windows\system32\drivers\down\147592.exe C:\Windows\system32\drivers\down\14760674.exe C:\Windows\system32\drivers\down\14763607.exe C:\Windows\system32\drivers\down\14768099.exe C:\Windows\system32\drivers\down\14770377.exe C:\Windows\system32\drivers\down\14770627.exe C:\Windows\system32\drivers\down\14770783.exe C:\Windows\system32\drivers\down\14772655.exe C:\Windows\system32\drivers\down\14773918.exe C:\Windows\system32\drivers\down\14776383.exe C:\Windows\system32\drivers\down\14776414.exe C:\Windows\system32\drivers\down\14777397.exe C:\Windows\system32\drivers\down\14778817.exe C:\Windows\system32\drivers\down\14779160.exe C:\Windows\system32\drivers\down\14781250.exe C:\Windows\system32\drivers\down\14782046.exe C:\Windows\system32\drivers\down\14784121.exe C:\Windows\system32\drivers\down\14787319.exe C:\Windows\system32\drivers\down\14790875.exe C:\Windows\system32\drivers\down\14791546.exe C:\Windows\system32\drivers\down\14791952.exe C:\Windows\system32\drivers\down\14795400.exe C:\Windows\system32\drivers\down\14796429.exe C:\Windows\system32\drivers\down\14805711.exe C:\Windows\system32\drivers\down\14817177.exe C:\Windows\system32\drivers\down\14829486.exe C:\Windows\system32\drivers\down\150260.exe C:\Windows\system32\drivers\down\152537.exe C:\Windows\system32\drivers\down\152927.exe C:\Windows\system32\drivers\down\153208.exe C:\Windows\system32\drivers\down\155267.exe C:\Windows\system32\drivers\down\157124.exe C:\Windows\system32\drivers\down\157186.exe C:\Windows\system32\drivers\down\157982.exe C:\Windows\system32\drivers\down\159323.exe C:\Windows\system32\drivers\down\160010.exe C:\Windows\system32\drivers\down\164705.exe C:\Windows\system32\drivers\down\164986.exe C:\Windows\system32\drivers\down\167326.exe C:\Windows\system32\drivers\down\169401.exe C:\Windows\system32\drivers\down\169479.exe C:\Windows\system32\drivers\down\169791.exe C:\Windows\system32\drivers\down\173363.exe C:\Windows\system32\drivers\down\174190.exe C:\Windows\system32\drivers\down\175126.exe C:\Windows\system32\drivers\down\179260.exe C:\Windows\system32\drivers\down\18207438.exe C:\Windows\system32\drivers\down\18225269.exe C:\Windows\system32\drivers\down\18227172.exe C:\Windows\system32\drivers\down\18228014.exe C:\Windows\system32\drivers\down\18501578.exe C:\Windows\system32\drivers\down\18585194.exe C:\Windows\system32\drivers\down\18662321.exe C:\Windows\system32\drivers\down\18687094.exe C:\Windows\system32\drivers\down\18689013.exe C:\Windows\system32\drivers\down\18696579.exe C:\Windows\system32\drivers\down\18698825.exe C:\Windows\system32\drivers\down\18719963.exe C:\Windows\system32\drivers\down\18722959.exe C:\Windows\system32\drivers\down\18756468.exe C:\Windows\system32\drivers\down\187856.exe C:\Windows\system32\drivers\down\189338.exe C:\Windows\system32\drivers\down\192364.exe C:\Windows\system32\drivers\down\192489.exe C:\Windows\system32\drivers\down\193519.exe C:\Windows\system32\drivers\down\194268.exe C:\Windows\system32\drivers\down\194314.exe C:\Windows\system32\drivers\down\197138.exe C:\Windows\system32\drivers\down\198214.exe C:\Windows\system32\drivers\down\199915.exe C:\Windows\system32\drivers\down\200773.exe C:\Windows\system32\drivers\down\201022.exe C:\Windows\system32\drivers\down\203784.exe C:\Windows\system32\drivers\down\206092.exe C:\Windows\system32\drivers\down\207481.exe C:\Windows\system32\drivers\down\208308.exe C:\Windows\system32\drivers\down\210367.exe C:\Windows\system32\drivers\down\211131.exe C:\Windows\system32\drivers\down\212566.exe C:\Windows\system32\drivers\down\213050.exe C:\Windows\system32\drivers\down\213237.exe C:\Windows\system32\drivers\down\215234.exe C:\Windows\system32\drivers\down\217964.exe C:\Windows\system32\drivers\down\218198.exe C:\Windows\system32\drivers\down\219945.exe C:\Windows\system32\drivers\down\220476.exe C:\Windows\system32\drivers\down\220538.exe C:\Windows\system32\drivers\down\223518.exe C:\Windows\system32\drivers\down\224594.exe C:\Windows\system32\drivers\down\228042.exe C:\Windows\system32\drivers\down\228510.exe C:\Windows\system32\drivers\down\230257.exe C:\Windows\system32\drivers\down\235374.exe C:\Windows\system32\drivers\down\245467.exe C:\Windows\system32\drivers\down\247947.exe C:\Windows\system32\drivers\down\248041.exe C:\Windows\system32\drivers\down\249866.exe C:\Windows\system32\drivers\down\250319.exe C:\Windows\system32\drivers\down\253532.exe C:\Windows\system32\drivers\down\254234.exe C:\Windows\system32\drivers\down\254359.exe C:\Windows\system32\drivers\down\254921.exe C:\Windows\system32\drivers\down\257464.exe C:\Windows\system32\drivers\down\261301.exe C:\Windows\system32\drivers\down\262861.exe C:\Windows\system32\drivers\down\290224.exe C:\Windows\system32\drivers\down\29097212.exe C:\Windows\system32\drivers\down\29107898.exe C:\Windows\system32\drivers\down\29108819.exe C:\Windows\system32\drivers\down\291160.exe C:\Windows\system32\drivers\down\29122531.exe C:\Windows\system32\drivers\down\29123608.exe C:\Windows\system32\drivers\down\29128225.exe C:\Windows\system32\drivers\down\29128319.exe C:\Windows\system32\drivers\down\29129895.exe C:\Windows\system32\drivers\down\29130862.exe C:\Windows\system32\drivers\down\29132593.exe C:\Windows\system32\drivers\down\29132687.exe C:\Windows\system32\drivers\down\29134543.exe C:\Windows\system32\drivers\down\29138100.exe C:\Windows\system32\drivers\down\29141205.exe C:\Windows\system32\drivers\down\29141329.exe C:\Windows\system32\drivers\down\29144434.exe C:\Windows\system32\drivers\down\29146712.exe C:\Windows\system32\drivers\down\29147741.exe C:\Windows\system32\drivers\down\29148365.exe C:\Windows\system32\drivers\down\29156774.exe C:\Windows\system32\drivers\down\29158178.exe C:\Windows\system32\drivers\down\29160518.exe C:\Windows\system32\drivers\down\29162733.exe C:\Windows\system32\drivers\down\29168739.exe C:\Windows\system32\drivers\down\29172623.exe C:\Windows\system32\drivers\down\29173980.exe C:\Windows\system32\drivers\down\29174105.exe C:\Windows\system32\drivers\down\29175416.exe C:\Windows\system32\drivers\down\29176461.exe C:\Windows\system32\drivers\down\29178302.exe C:\Windows\system32\drivers\down\29205321.exe C:\Windows\system32\drivers\down\29244009.exe C:\Windows\system32\drivers\down\29249033.exe C:\Windows\system32\drivers\down\29249298.exe C:\Windows\system32\drivers\down\29249953.exe C:\Windows\system32\drivers\down\29251341.exe C:\Windows\system32\drivers\down\29256396.exe C:\Windows\system32\drivers\down\29258627.exe C:\Windows\system32\drivers\down\29260265.exe C:\Windows\system32\drivers\down\29269484.exe C:\Windows\system32\drivers\down\29276801.exe C:\Windows\system32\drivers\down\29277971.exe C:\Windows\system32\drivers\down\29279515.exe C:\Windows\system32\drivers\down\29280311.exe C:\Windows\system32\drivers\down\29282526.exe C:\Windows\system32\drivers\down\29283836.exe C:\Windows\system32\drivers\down\29287424.exe C:\Windows\system32\drivers\down\29289640.exe C:\Windows\system32\drivers\down\29289764.exe C:\Windows\system32\drivers\down\29289905.exe C:\Windows\system32\drivers\down\29292307.exe C:\Windows\system32\drivers\down\29292791.exe C:\Windows\system32\drivers\down\29293337.exe C:\Windows\system32\drivers\down\29294897.exe C:\Windows\system32\drivers\down\29322369.exe C:\Windows\system32\drivers\down\29325161.exe C:\Windows\system32\drivers\down\29326331.exe C:\Windows\system32\drivers\down\29327017.exe C:\Windows\system32\drivers\down\29327236.exe C:\Windows\system32\drivers\down\29328593.exe C:\Windows\system32\drivers\down\29329638.exe C:\Windows\system32\drivers\down\29360214.exe C:\Windows\system32\drivers\down\33177029.exe C:\Windows\system32\drivers\down\33177980.exe C:\Windows\system32\drivers\down\33193861.exe C:\Windows\system32\drivers\down\33198354.exe C:\Windows\system32\drivers\down\33200663.exe C:\Windows\system32\drivers\down\33202815.exe C:\Windows\system32\drivers\down\33220584.exe C:\Windows\system32\drivers\down\33243220.exe C:\Windows\system32\drivers\down\33243454.exe C:\Windows\system32\drivers\down\33246870.exe C:\Windows\system32\drivers\down\33247978.exe C:\Windows\system32\drivers\down\33277899.exe C:\Windows\system32\drivers\down\3694056.exe C:\Windows\system32\drivers\down\3711232.exe C:\Windows\system32\drivers\down\3715756.exe C:\Windows\system32\drivers\down\3725397.exe C:\Windows\system32\drivers\down\3729047.exe C:\Windows\system32\drivers\down\3734726.exe C:\Windows\system32\drivers\down\3738439.exe C:\Windows\system32\drivers\down\3738751.exe C:\Windows\system32\drivers\down\3739375.exe C:\Windows\system32\drivers\down\3741699.exe C:\Windows\system32\drivers\down\3778250.exe C:\Windows\system32\drivers\down\403434.exe C:\Windows\system32\drivers\down\406070.exe C:\Windows\system32\drivers\down\410204.exe C:\Windows\system32\drivers\down\413933.exe C:\Windows\system32\drivers\down\433901.exe C:\Windows\system32\drivers\down\43588052.exe C:\Windows\system32\drivers\down\43623386.exe C:\Windows\system32\drivers\down\43625008.exe C:\Windows\system32\drivers\down\43629844.exe C:\Windows\system32\drivers\down\43633588.exe C:\Windows\system32\drivers\down\43647238.exe C:\Windows\system32\drivers\down\43653978.exe C:\Windows\system32\drivers\down\43677222.exe C:\Windows\system32\drivers\down\43679702.exe C:\Windows\system32\drivers\down\43685490.exe C:\Windows\system32\drivers\down\43693415.exe C:\Windows\system32\drivers\down\43695583.exe C:\Windows\system32\drivers\down\43696285.exe C:\Windows\system32\drivers\down\43697783.exe C:\Windows\system32\drivers\down\43706254.exe C:\Windows\system32\drivers\down\43707829.exe C:\Windows\system32\drivers\down\43711261.exe C:\Windows\system32\drivers\down\43735457.exe C:\Windows\system32\drivers\down\43742227.exe C:\Windows\system32\drivers\down\43746471.exe C:\Windows\system32\drivers\down\43749403.exe C:\Windows\system32\drivers\down\43750480.exe C:\Windows\system32\drivers\down\43753740.exe C:\Windows\system32\drivers\down\43756127.exe C:\Windows\system32\drivers\down\43758608.exe C:\Windows\system32\drivers\down\43763459.exe C:\Windows\system32\drivers\down\43763693.exe C:\Windows\system32\drivers\down\43763802.exe C:\Windows\system32\drivers\down\43775300.exe C:\Windows\system32\drivers\down\43776173.exe C:\Windows\system32\drivers\down\43777608.exe C:\Windows\system32\drivers\down\43778279.exe C:\Windows\system32\drivers\down\43779621.exe C:\Windows\system32\drivers\down\43780838.exe C:\Windows\system32\drivers\down\43782772.exe C:\Windows\system32\drivers\down\43783505.exe C:\Windows\system32\drivers\down\43786485.exe C:\Windows\system32\drivers\down\43796313.exe C:\Windows\system32\drivers\down\43799854.exe C:\Windows\system32\drivers\down\43805439.exe C:\Windows\system32\drivers\down\43821133.exe C:\Windows\system32\drivers\down\43824112.exe C:\Windows\system32\drivers\down\43825470.exe C:\Windows\system32\drivers\down\43827108.exe C:\Windows\system32\drivers\down\43829432.exe C:\Windows\system32\drivers\down\43829822.exe C:\Windows\system32\drivers\down\43832599.exe C:\Windows\system32\drivers\down\43834564.exe C:\Windows\system32\drivers\down\43838246.exe C:\Windows\system32\drivers\down\43838496.exe C:\Windows\system32\drivers\down\43838776.exe C:\Windows\system32\drivers\down\43839182.exe C:\Windows\system32\drivers\down\43844564.exe C:\Windows\system32\drivers\down\43846904.exe C:\Windows\system32\drivers\down\43847154.exe C:\Windows\system32\drivers\down\43847809.exe C:\Windows\system32\drivers\down\43848168.exe C:\Windows\system32\drivers\down\43853893.exe C:\Windows\system32\drivers\down\43856623.exe C:\Windows\system32\drivers\down\43877449.exe C:\Windows\system32\drivers\down\43885811.exe C:\Windows\system32\drivers\down\440968.exe C:\Windows\system32\drivers\down\465241.exe C:\Windows\system32\drivers\down\467909.exe C:\Windows\system32\drivers\down\476255.exe C:\Windows\system32\drivers\down\47703764.exe C:\Windows\system32\drivers\down\47705136.exe C:\Windows\system32\drivers\down\47714762.exe C:\Windows\system32\drivers\down\47733310.exe C:\Windows\system32\drivers\down\47735837.exe C:\Windows\system32\drivers\down\47744698.exe C:\Windows\system32\drivers\down\47747210.exe C:\Windows\system32\drivers\down\47751609.exe C:\Windows\system32\drivers\down\47754090.exe C:\Windows\system32\drivers\down\47775727.exe C:\Windows\system32\drivers\down\47777505.exe C:\Windows\system32\drivers\down\47808893.exe C:\Windows\system32\drivers\down\478938.exe C:\Windows\system32\drivers\down\479328.exe C:\Windows\system32\drivers\down\479718.exe C:\Windows\system32\drivers\down\483431.exe C:\Windows\system32\drivers\down\486598.exe C:\Windows\system32\drivers\down\521760.exe C:\Windows\system32\drivers\down\58172.exe C:\Windows\system32\drivers\down\58202085.exe C:\Windows\system32\drivers\down\58211897.exe C:\Windows\system32\drivers\down\58213801.exe C:\Windows\system32\drivers\down\58216203.exe C:\Windows\system32\drivers\down\58218481.exe C:\Windows\system32\drivers\down\58237310.exe C:\Windows\system32\drivers\down\58247965.exe C:\Windows\system32\drivers\down\58249384.exe C:\Windows\system32\drivers\down\58259821.exe C:\Windows\system32\drivers\down\58262333.exe C:\Windows\system32\drivers\down\58267371.exe C:\Windows\system32\drivers\down\58270257.exe C:\Windows\system32\drivers\down\58270569.exe C:\Windows\system32\drivers\down\58271427.exe C:\Windows\system32\drivers\down\58277184.exe C:\Windows\system32\drivers\down\58280725.exe C:\Windows\system32\drivers\down\58310022.exe C:\Windows\system32\drivers\down\62219204.exe C:\Windows\system32\drivers\down\62232230.exe C:\Windows\system32\drivers\down\62234180.exe C:\Windows\system32\drivers\down\62235772.exe C:\Windows\system32\drivers\down\62244726.exe C:\Windows\system32\drivers\down\62266207.exe C:\Windows\system32\drivers\down\62273992.exe C:\Windows\system32\drivers\down\62277907.exe C:\Windows\system32\drivers\down\62280294.exe C:\Windows\system32\drivers\down\62285005.exe C:\Windows\system32\drivers\down\62287689.exe C:\Windows\system32\drivers\down\62287938.exe C:\Windows\system32\drivers\down\62291199.exe C:\Windows\system32\drivers\down\62292759.exe C:\Windows\system32\drivers\down\62323101.exe C:\Windows\system32\drivers\down\65208.exe C:\Windows\system32\drivers\down\68812.exe C:\Windows\system32\drivers\down\69810.exe C:\Windows\system32\drivers\down\70496.exe C:\Windows\system32\drivers\down\70730.exe C:\Windows\system32\drivers\down\71089.exe C:\Windows\system32\drivers\down\73070.exe C:\Windows\system32\drivers\down\73835.exe C:\Windows\system32\drivers\down\75941.exe C:\Windows\system32\drivers\down\76331.exe C:\Windows\system32\drivers\down\76740277.exe C:\Windows\system32\drivers\down\76752959.exe C:\Windows\system32\drivers\down\76754878.exe C:\Windows\system32\drivers\down\76812037.exe C:\Windows\system32\drivers\down\76830882.exe C:\Windows\system32\drivers\down\76836264.exe C:\Windows\system32\drivers\down\76838963.exe C:\Windows\system32\drivers\down\76840928.exe C:\Windows\system32\drivers\down\76844470.exe C:\Windows\system32\drivers\down\76846685.exe C:\Windows\system32\drivers\down\76848198.exe C:\Windows\system32\drivers\down\76853299.exe C:\Windows\system32\drivers\down\76979161.exe C:\Windows\system32\drivers\down\78702.exe C:\Windows\system32\drivers\down\79248.exe C:\Windows\system32\drivers\down\80980.exe C:\Windows\system32\drivers\down\94224.exe C:\Windows\system32\drivers\down\99310.exe C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\srosa.sys C:\Windows\system32\koos.exe C:\Windows\system32\kprof C:\Windows\system32\mdelk.exe C:\Windows\system32\poof C:\Windows\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier créé dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 05:35 --------- d-----w C:\Program Files\Norton Internet Security 2008-03-08 05:35 --------- d-----w C:\Program Files\Natso Backup 2008-03-08 05:35 --------- d-----w C:\Program Files\Microsoft Works 2008-03-08 05:35 --------- d-----w C:\Program Files\Microsoft Digital Image 2006 2008-03-08 05:35 --------- d-----w C:\Program Files\Google 2008-03-08 05:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-08 05:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-03-07 19:26 262,144 ----a-w C:\ntuser.dat 2008-03-07 19:06 --------- d-----w C:\Program Files\Emule Extreme 2008-03-02 19:48 --------- d-----w C:\PROGRA~2\Symantec 2008-03-02 18:43 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-02-17 10:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-17 10:46 --------- d-----w C:\Program Files\Micro Application 2008-02-16 10:30 --------- d-----w C:\Users\Franck\AppData\Roaming\Vso 2008-02-14 10:11 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-02-14 08:24 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 08:23 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-02-14 08:23 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-02-14 08:23 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-02-14 08:23 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-02-14 08:23 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-02-14 08:22 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-02-14 08:22 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-02-14 08:22 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-02-14 08:20 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 08:20 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 08:20 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 08:20 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 08:20 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 08:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 08:19 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 08:18 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 08:18 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 08:18 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 08:18 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 08:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-01-28 06:26 --------- d-----w C:\Program Files\DVRMSToolbox 2008-01-28 06:26 --------- d-----w C:\Program Files\Dragon Global 2008-01-28 06:26 --------- d-----w C:\Program Files\Common Files\Moonlight 2008-01-25 17:27 --------- d-----w C:\Program Files\DivX 2008-01-21 17:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-19 15:53 --------- d-----w C:\Users\Franck\AppData\Roaming\natso Backup WORKSTATION 2008-01-16 08:20 --------- d-----w C:\Program Files\M-Audio 2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-01-14 17:58 --------- d-----w C:\Program Files\Astase 2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-01-09 19:50 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-09 19:50 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 19:38 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-09 19:37 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2007-11-24 16:37 22,328 ----a-w C:\Users\Franck\AppData\Roaming\PnkBstrK.sys 2007-08-30 01:10 174 --sha-w C:\Program Files\desktop.ini 2007-03-03 09:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-03-03 09:00 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-03-03 09:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-07-05 07:50 22 --sha-w C:\Windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 20:37 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 17:15 221184] "WellPhone XT Sagem"="C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" [2007-11-07 15:28 1577624] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] "Ub4TrayApp"="C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" [2007-02-18 21:22 1392128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-13 02:01 1006264] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe] "CCUTRAYICON"="FactoryMode" [] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-03-08 13:24 115816] "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-03-08 13:24 22696] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [ ] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "M-Audio Taskbar Icon"="C:\Windows\System32\M-AudioTaskBarIcon.exe" [2007-06-27 09:28 189440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe [2007-11-27 17:06:54 236520] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1845801175-2277611261-279175692-1001] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D0DE29EB-C89E-4ACC-B560-9982A7EFE1A3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{D30C5346-CBBD-4B20-906F-86E63C0BC6AA}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{FC097167-2FD7-49EA-AD71-C000419C381F}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{2DBDD6CD-6205-408F-83E6-0766BEA989FE}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{B4FE0CB6-5A4E-4A42-BBC1-FDE19464C42F}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{61E766C9-6752-483B-8327-229D291C5390}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{1C61E6A0-0771-474F-8FB3-15F1BE8465BF}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery "{DC1D94BD-4168-46BB-A157-9DF21AD8F00F}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{431C949F-1615-4FC7-B63E-DD9429660FD0}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{6DA13723-F034-42FD-8E04-D1CAC90F35C1}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{A2ABA59C-6283-4CAF-B33A-5436AD1C0DA2}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE| "{2CC36BAE-3D7F-4863-872E-D20C1C8EE97F}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{244983D8-70BB-4443-9D37-0F39F2CBDDE2}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{06FDBBFC-3146-44AF-8F85-EBEC0000BD1A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{AC66EC45-B1D9-46BA-9657-70C43FC1D49F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{15F26156-3E5C-4946-AD9D-1EC6FB1A48D3}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{96B4C29C-4B50-47ED-A5D2-D613D7D53F17}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{3333369B-B052-47C3-A9A5-6F8FA0F5070E}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{22AA5EDC-3E8F-41FD-B894-C4A5DB9F9F7E}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DisabledInterfaces"= {B3A7BBB0-4520-4FDC-9116-96BC6188149C} R0 lfsfilt;Lean File Sharing;C:\Windows\system32\DRIVERS\lfsfilt.sys [2007-11-27 17:06] R0 lpx;LPX Protocol;C:\Windows\system32\DRIVERS\lpx.sys [2007-11-27 17:06] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [2008-02-13 17:18] R1 ndasfat;NDAS FAT;C:\Windows\system32\DRIVERS\ndasfat.sys [2007-11-27 17:06] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32] R2 DVRMSFileWatcherService;DVRMSFileWatcherService;"C:\Program Files\DVRMSToolbox\DVRMSFileWatcherService.exe" [2007-11-24 15:19] R2 MAudioAudiophileService;M-Audio Audiophile Installer;C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe [2007-06-29 09:29] R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 17:39] R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 17:57] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 22:47] R3 MADFU003;MADFU003;C:\Windows\system32\DRIVERS\MADFU003.sys [2007-06-27 08:27] R3 MAUSBAP;Service for M-Audio Audiophile (WDM);C:\Windows\system32\DRIVERS\mausbap.sys [2007-06-27 09:39] R3 ndasbus;NDAS Bus Driver;C:\Windows\system32\DRIVERS\ndasbus.sys [2007-11-27 17:06] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 21:09] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55] R3 USBNP4X4;M-Audio Audiophile USB Midi;C:\Windows\system32\drivers\usbnp4x4.sys [2007-06-27 09:27] S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13] S2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 ndasscsi;NDAS SCSI Miniport Driver;C:\Windows\system32\DRIVERS\ndasscsi.sys [2007-11-27 17:06] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-01-29 09:59] S3 RD1013;Roland XV-5050;C:\Windows\system32\Drivers\rdwm1013.sys [2002-02-04 11:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {395787D8-AB35-3BCE-772B-1C50144B1CDC} /qb . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-08 13:29:26 Windows 6.0.6000 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\system32\Ati2evxx.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Ati2evxx.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NDAS\System\ndassvc.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\runonce.exe C:\Windows\system32\conime.exe C:\Users\Franck\Desktop\ELIBAGLA.16032008.EXE C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-08 13:32:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-08 12:32:49 . 2008-02-26 19:27:00 --- E O F ---
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Excuse le retard, cher ami ! Le sul souci qui me reste est NIS 2007 qui refuse de lancer son auto protect, malgré les màj (j'ai la licence...) Sache que c'est après le scan de "l'espagnol" que j'ai pu (dû !!) refaire une restauration. Voici ce que tu demandes: ************************************************************************ Sat Mar 08 12:17:45 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Sat Mar 08 12:18:53 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Sat Mar 08 12:19:16 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Sat Mar 08 12:21:28 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Sat Mar 08 13:19:40 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Sat Mar 08 13:26:23 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLISTART.EXE --> Eliminado Bagle.dldr Sat Mar 08 13:29:25 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Sat Mar 08 13:35:59 2008 EliBagle v11.11 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\Emule Extreme\Incoming\DVR-MS CONVERTER 1.2.2.41 CRACKED.ZIP --> Eliminado Bagle.dldr C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14604267.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14609337.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14611303.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14618635.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14689849.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\14718585.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\152537.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\18225269.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\189338.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29097212.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29122531.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29128225.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29244009.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\29249298.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\403434.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\43623386.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\43695583.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\43776173.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\47703764.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58172.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58202085.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\58211897.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\62232230.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\65208.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\69810.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\71089.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\75941.EXE.VIR --> Eliminado Bagle C:\QooBox\Quarantine\C\Windows\System32\drivers\down\76752959.EXE.VIR --> Eliminado Bagle Nº Total de Directorios: 17001 Nº Total de Ficheros: 152483 Nº de Ficheros Analizados: 19860 Nº de Ficheros Infectados: 29 Nº de Ficheros Limpiados: 29 ***********************************************************************
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Cher ami permets moi de te remercier: je ne sais comment, mais il se trouve qu'au bout d'un moment le programme portugais (???) s'est mis en marche plusieurs fois de suite, et un autre aussi lancé plusieurs reboot auparavant (j'en perds mon latin !) et qu'au final il semble bien avoir "killé" la cochonnerie en question puisque j'ai réussi à restaurer le système à une date plus catholique. Mea culpa, j'ai chargé un crack pour essayer un logiciel (dvr ms tool pour ne pas le citer), alors que j'achète tous mes logiciels (allez, 95% !) et c'était dedans. Reste maintenant une grosse bouse avec norton, qui a reçu manifestement un choc dans le live update. On va donc chercher de ce côté. Ceci dit, bravo l'efficacité de Norton...
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a répondu à un(e) sujet de model35 dans Analyses et éradication malwares Merci de ta réponse rapide ! Mais hélas, à peine lancé le programme ne répond plus (processada 177 fichiers verificos ou qqchse dans ce gout là) ...
- 
	  [résolu] Besoin d'aide... bien évidemment !model35 a posté un sujet dans Analyses et éradication malwares Chers amis bonjour ! Je m'immisce dans ce forum où il me semble bien pouvoir trouver les compétences qui, hélas, me manquent.... Voilà. Je me suis rendu compte hier que norton n'avait pas démarré sa session automatique,alors que la semaine dernière la procédure s'était déroulée normalement. J'essaie de démarrer norton manuellement (déjà çà, c'est pas normal) et paf: winmachintruc (norton, quoi) n'est pas une application valide. Ha bon. De plus, mon media center s'est mis à déconner hier soir aussi. J'essaie une restauration avant la date du dernier scan: par 2 fois la machine (enfin vista...) me dit que ça n'a pas pu être possible, erreur non répertoriée. Sinon le pc fonctionne bien (enfin je crois) ! Après quelques recherches je tombe sur hijackthis; je télécharge et j'essaie de renommer, comme conseillé sur la page lue: pas possible ! D'autres fichiers sur le bureau j'ai le droit, mais celui là non... Je réussis quand même à lancer la choses qui me donne le résultat ci dessous. 2tant totalement néophyte, quelqu'un peut il me dire si la dedans il y a la source de mon malheur ? De plus je n'ai plus d'antivirus du tout ! Je me sens comme un bout de viande au milieu d'un barbecue... Je remercie d'avance les éventuelles réponses ! *************************************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:00:27, on 08/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\hp\support\hpsysdrv.exe C:\hp\KBD\kbd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Astase\UltraBackup\4.0\bin\ubTray.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Users\Franck\Desktop\test.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [WellPhone XT Sagem] "C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...istaADP-1.0.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdat...PSUploader4.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3A7BBB0-4520-4FDC-9116-96BC6188149C}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{36DE0638-1E9C-4EE8-9938-D6C8549BB339}: NameServer = 192.168.1.1 O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: DVRMSFileWatcherService - Unknown owner - C:\Program Files\DVRMSToolbox\DVRMSFileWatcherService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: M-Audio Audiophile Installer (MAudioAudiophileService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11783 bytes ******************************************************************************** *********************
