Aller au contenu

ben6tm

Membres
  • Compteur de contenus

    15
  • Inscription

  • Dernière visite

ben6tm's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. tout a l'air ok. Merci beaucoup pour votre aide très précieuse! MERCI!
  2. Bonjour, J'ai fait ce qu'on a dit (en gardant les 3 lignes dont je parlai). Y a t-il une suite? Ou est-ce terminé? Merci!
  3. Bonjour, Ok je vais faire ça, juste une interrogation sur ces 3 lignes: intelProset Wireless c'est ce qui gère ma connection wifi, j'aimerai continuer à me connecter automatiquement au demarrage. Quickset je sais pas à quoi ça sert...? Apoitnt je crois que c'est pour gérer le defilement depuis mon touchPad, et je m'en sers egalement. Qu'en pensez vous? D'autre part j'ai MacAfee Installé mais c'est juste pour le parefeu, donc je garde Antivir pour faire des analyses antivirus. O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  4. et voici le rapport Toolscleaner -->- Recherche: C:\Qoobox: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\ben\Bureau\HijackThis: trouvé ! C:\Documents and Settings\ben\Bureau\hijackthis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
  5. Bonjour, Voici le rapport hijackThis après installation de Java. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:20, on 13/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\xampp\apache\bin\apache.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\xampp\apache\bin\apache.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Outlook Express\msimn.exe C:\PROGRA~1\Adobe\ADOBEF~2\Flash_1.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ben\Bureau\HiJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11731 bytes
  6. Et voici un nouveau rapport antivir complet (en mode normal, pas sans echec) Merci de me dire la suite. AntiVir PersonalEdition Classic Report file date: mercredi 12 mars 2008 12:38 Scanning for 1142983 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: D4T60Z1J Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:23:37 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 09:23:37 ANTIVIR3.VDF : 7.0.3.19 83968 Bytes 12/03/2008 09:23:37 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 12/03/2008 09:23:38 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/03/2008 09:23:38 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 12 mars 2008 12:38 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned Scan process 'MpfAgent.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'realplay.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'ApntEx.exe' - '1' Module(s) have been scanned Scan process 'MpfTray.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'Apoint.exe' - '1' Module(s) have been scanned Scan process 'quickset.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'apache.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned Scan process 'raysat_3dsmax9_32server.exe' - '1' Module(s) have been scanned Scan process 'McTskshd.exe' - '1' Module(s) have been scanned Scan process 'Mcdetect.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned Scan process 'apache.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process '1XConfig.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 56 processes with 56 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '40' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0000407.dll [DETECTION] Is the Trojan horse TR/Agent.AHDK [iNFO] The file was moved to '4807cf72.qua'! Begin scan in 'D:\' End of the scan: mercredi 12 mars 2008 14:05 Used time: 1:27:12 min The scan has been done completely. 17682 Scanning directories 434707 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 434706 Files not concerned 9998 Archives were scanned 2 Warnings 0 Notes
  7. J'ai suivi vos recommandations. Il m'a proposé d'enregistrer l'exe d'installation java. Je l'ai fait. Je viens de supprimer l'ancienne version via ajouter/supprimer programmes. Est-ce que je fais un hijackthis puis j'installe la nouvelle version, ou est-ce que j'installe la nouvelle version puis hijackthis? Sinon en ce qui concerne le fonctionnement général, je n'ai pas vu d'anomalie. Au redemarrage, il n'y a pas eu la fenetre que j'avais avant "select file to crack", le mode sans echec fontionne. Donc ça me parait ok. En ce qui concerne votre recommandation par rapport au cracks, j'ai bien noté, et effacé le fichier concerné. J'ai betement voulu aller vite en telechargeant un crack pour une petite appli pour convertir une typo MAC>>PC, dont j(avais besoin en urgence pour le travail, et j'aurai mieux fait de m'abstenir et d'être plus prudent... Je le saurai pour la prochaine fois. J'attends votre réponse pour l'ordre des procédures a suivre Hijack/JAVA Merci
  8. Voici le rapport HijackThis, Il y a effectivement du mieux vu qu'avant il me disait "n'est pas une pplication win32 valide". Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:34, on 12/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\xampp\apache\bin\apache.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\xampp\apache\bin\apache.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ben\Bureau\HiJack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11402 bytes
  9. Bonjour, Voic le rapport Antivir. J'ai du le stopper lorsqu'il est arrivé sur mon 2eme disque dur car je n'avai pas le temps d'attendre maintenant, je dois travailler. Cependant, il n'y a aucuns programmes sur ce DD. D'autre part, lorsque j'ai lancé le fichier SafeBoot.... la fenetre noire s'est affichée a peine 1 seconde et s'est fermée. Je ne sais pas si c'est normal. En tout cas, avant en demarrant en mode sans echec, c'etait impossible, j'avais un ecran Bleu et maintenant c'est ok. Je vais maintenant tenter hijackthis et voic déjà le rapport antivir Merci! AntiVir PersonalEdition Classic Report file date: mercredi 12 mars 2008 10:29 Scanning for 1142983 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Administrateur Computer name: D4T60Z1J Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:23:37 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 09:23:37 ANTIVIR3.VDF : 7.0.3.19 83968 Bytes 12/03/2008 09:23:37 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 12/03/2008 09:23:38 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/03/2008 09:23:38 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 12 mars 2008 10:29 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '39' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\msfont.dll [DETECTION] Is the Trojan horse TR/Agent.AHDK [iNFO] A backup was created as '483dbe4d.qua' ( QUARANTINE ) [iNFO] The file was deleted! Begin scan in 'D:\' End of the scan: mercredi 12 mars 2008 12:34 Used time: 2:05:21 min The scan has been canceled! 15539 Scanning directories 401279 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 1 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 401278 Files not concerned 9748 Archives were scanned 1 Warnings 0 Notes
  10. Voici le rapport: ComboFix 08-03-03.15 - ben 2008-03-12 0:11:39.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1460 [GMT 1:00] Endroit: C:\Documents and Settings\ben\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\ben\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\23990098.$$$ C:\WINDOWS\logo1_.exe C:\WINDOWS\rundl132.dll C:\WINDOWS\rundll16.exe C:\WINDOWS\system32\BAN_LIST.txt C:\WINDOWS\system32\drivers\down C:\Windows\System32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\iifgfgf.dll C:\WINDOWS\system32\lsdelete.exe C:\WINDOWS\system32\vcmgcd32.dll C:\WINDOWS\SYSTEM32\WINTEMS.EXE C:\WINDOWS\zts2.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\23990098.$$$ C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))))))) . 2008-03-11 15:40 . 2008-03-11 15:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\zts2.exe 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\system32\iifgfgf.dll 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\rundll16.exe 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\rundl132.dll 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\logo1_.exe 2008-03-11 14:56 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\R.COM 2008-03-11 14:56 . 2004-08-05 13:00 143,360 --a------ C:\WINDOWS\system32\T.COM 2008-03-11 14:56 . 2008-03-11 14:56 26 --a------ C:\WINDOWS\Lic.xxx 2008-03-11 14:53 . 2008-03-11 14:53 <REP> d-------- C:\Program Files\Spyware Doctor 2008-03-11 14:53 . 2008-03-11 14:53 <REP> d-------- C:\Documents and Settings\ben\Application Data\PC Tools 2008-03-11 14:53 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-11 14:53 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-11 14:53 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-11 14:53 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-11 12:51 . 2008-03-11 12:51 <REP> d-------- C:\scscc20 2008-03-10 22:11 . 2008-03-10 22:11 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-10 13:42 . 2008-03-10 13:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-10 13:42 . 2008-03-10 13:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-10 13:21 . 2008-03-10 13:21 <REP> d-------- C:\Program Files\Lavasoft 2008-03-10 13:21 . 2008-03-10 13:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-10 13:21 . 2008-03-10 13:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-10 13:11 . 2008-03-10 13:11 <REP> d-------- C:\Program Files\Alwil Software 2008-03-10 13:11 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-10 13:11 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-10 13:11 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-03-10 13:11 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-10 13:11 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-10 13:11 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-10 13:11 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-10 13:11 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-10 12:16 . 2008-03-10 12:16 <REP> d-------- C:\Program Files\Trend Micro 2008-03-10 11:43 . 2008-03-11 13:08 <REP> d-------- C:\Program Files\FontLab 2008-03-08 19:16 . 2008-03-11 22:18 <REP> d-------- C:\Program Files\eMule 2008-03-05 11:40 . 2004-08-05 13:00 1,875,968 --a------ C:\WINDOWS\system32\msir3jp.lex 2008-03-05 11:40 . 2004-08-05 13:00 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2008-03-05 11:40 . 2004-08-05 13:00 1,158,818 --a------ C:\WINDOWS\system32\korwbrkr.lex 2008-03-05 11:40 . 2004-08-05 13:00 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2008-03-05 11:40 . 2004-08-05 13:00 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll 2008-03-05 11:40 . 2004-08-05 13:00 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2008-03-05 11:40 . 2004-08-05 13:00 2,060 --a------ C:\WINDOWS\system32\noise.jpn 2008-03-05 11:40 . 2004-08-05 13:00 1,486 --a------ C:\WINDOWS\system32\noise.kor 2008-03-03 15:42 . 2008-03-03 15:42 <REP> d-------- C:\Program Files\7-Zip 2008-02-28 19:57 . 2008-02-28 19:57 <REP> d-------- C:\Documents and Settings\ben\scenes 2008-02-28 19:57 . 2008-02-28 19:57 <REP> d-------- C:\Documents and Settings\ben\.assistant 2008-02-28 19:41 . 2008-02-28 19:41 <REP> d-------- C:\Program Files\Next Limit 2008-02-27 23:28 . 2008-02-27 23:28 <REP> d-------- C:\Program Files\TimeAdjuster 2008-02-27 20:25 . 2008-03-11 13:07 <REP> d-------- C:\Program Files\FlashGet 2008-02-27 19:10 . 2008-02-27 19:10 <REP> d-------- C:\Documents and Settings\ben\Application Data\Publish Providers 2008-02-27 19:06 . 2008-02-27 19:06 <REP> d-------- C:\Documents and Settings\ben\Application Data\Sony 2008-02-27 19:05 . 2008-02-27 19:05 <REP> d-------- C:\Program Files\Vstplugins 2008-02-27 19:05 . 2008-02-27 19:05 <REP> d-------- C:\Program Files\Sony 2008-02-27 19:04 . 2008-02-27 19:04 <REP> d-------- C:\Program Files\Sony Setup 2008-02-27 17:18 . 2008-02-27 17:18 <REP> d-------- C:\Program Files\LCS_screensaver 2008-02-27 17:18 . 2008-02-27 17:23 1,225,451 --a------ C:\WINDOWS\LCS_screensaver.scr 2008-02-27 17:16 . 2008-02-27 17:16 <REP> d-------- C:\Program Files\LCS_SergioParisse 2008-02-27 17:16 . 2008-02-27 17:16 488,435 --a------ C:\WINDOWS\LCS_SergioParisse.scr 2008-02-27 17:14 . 2008-02-27 17:14 <REP> d-------- C:\Program Files\LCS_PopitoStarace 2008-02-27 17:14 . 2008-02-27 17:16 506,539 --a------ C:\WINDOWS\LCS_PopitoStarace.scr 2008-02-27 15:36 . 2008-02-27 15:36 <REP> d-------- C:\Program Files\LCS_FeelGood 2008-02-27 15:36 . 2008-02-27 15:35 659,107 --a------ C:\WINDOWS\LCS_FeelGood.scr . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-06 21:17 --------- d-----w C:\Program Files\Soulseek 2008-02-18 12:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-31 10:05 --------- d-----w C:\Program Files\MSN Messenger 2008-01-13 18:57 --------- d-----w C:\Documents and Settings\ben\Application Data\DivX 2008-01-13 18:15 --------- d-----w C:\Program Files\DivX 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-03-11 13:49 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-07 01:52 7118848] "nwiz"="nwiz.exe" [2005-07-07 01:52 1519616 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 18:24 684032] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2008-03-11 14:36 139264] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2008-03-11 14:52 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2008-03-11 14:49 212992] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2008-03-11 14:53 180224] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-09-14 13:15 1327104] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-29 22:11 26112] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-11 14:25 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 Apache2.2;Apache2.2;"C:\Program Files\xampp\apache\bin\apache.exe" -k runservice [] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-08-10 21:30:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-03-10 11:00:58 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (D4T60Z1J-ben).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-12 00:12:24 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-12 0:12:59 ComboFix-quarantined-files.txt 2008-03-11 23:12:51 ComboFix2.txt 2008-03-11 23:10:57 ComboFix3.txt 2008-03-11 20:55:42 . 2008-03-06 23:15:07 --- E O F ---
  11. Bon j'ai finalement bloqué ce fichier, puis le scan comboFIx s'est déroulé apparement normalement et m'a généré un rapport. Juste à la fin, j'ai eu le message d'erreur (par windows) teatimer.exe n'est pas une application win32 valide (apparement lancé avec spybot search&destroy). Bref voici le rapport: ComboFix 08-03-03.15 - ben 2008-03-11 21:54:01.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1480 [GMT 1:00] Endroit: C:\Documents and Settings\ben\Bureau\Combo-Fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\regedit.com C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\taskmgr.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA ((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))))))) . 2008-03-11 15:40 . 2008-03-11 15:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-11 15:07 . 2008-03-11 15:07 0 --a------ C:\23990098.$$$ 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\zts2.exe 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\system32\iifgfgf.dll 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\rundll16.exe 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\rundl132.dll 2008-03-11 15:04 . 2008-03-11 15:04 <REP> d-a------ C:\WINDOWS\logo1_.exe 2008-03-11 14:56 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\R.COM 2008-03-11 14:56 . 2004-08-05 13:00 143,360 --a------ C:\WINDOWS\system32\T.COM 2008-03-11 14:56 . 2008-03-11 14:56 26 --a------ C:\WINDOWS\Lic.xxx 2008-03-11 14:53 . 2008-03-11 14:53 <REP> d-------- C:\Program Files\Spyware Doctor 2008-03-11 14:53 . 2008-03-11 14:53 <REP> d-------- C:\Documents and Settings\ben\Application Data\PC Tools 2008-03-11 14:53 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-11 14:53 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-11 14:53 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-11 14:53 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-11 12:51 . 2008-03-11 12:51 <REP> d-------- C:\scscc20 2008-03-10 22:11 . 2008-03-10 22:11 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-10 13:42 . 2008-03-10 13:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-10 13:42 . 2008-03-10 13:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-10 13:21 . 2008-03-10 13:21 <REP> d-------- C:\Program Files\Lavasoft 2008-03-10 13:21 . 2008-03-10 13:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-10 13:21 . 2008-03-10 13:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-10 13:11 . 2008-03-10 13:11 <REP> d-------- C:\Program Files\Alwil Software 2008-03-10 13:11 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-10 13:11 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-10 13:11 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-03-10 13:11 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-10 13:11 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-10 13:11 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-10 13:11 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-10 13:11 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-10 12:16 . 2008-03-10 12:16 <REP> d-------- C:\Program Files\Trend Micro 2008-03-10 11:43 . 2008-03-11 13:08 <REP> d-------- C:\Program Files\FontLab 2008-03-08 19:16 . 2008-03-11 20:53 <REP> d-------- C:\Program Files\eMule 2008-03-05 11:40 . 2004-08-05 13:00 1,875,968 --a------ C:\WINDOWS\system32\msir3jp.lex 2008-03-05 11:40 . 2004-08-05 13:00 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2008-03-05 11:40 . 2004-08-05 13:00 1,158,818 --a------ C:\WINDOWS\system32\korwbrkr.lex 2008-03-05 11:40 . 2004-08-05 13:00 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2008-03-05 11:40 . 2004-08-05 13:00 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll 2008-03-05 11:40 . 2004-08-05 13:00 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2008-03-05 11:40 . 2004-08-05 13:00 2,060 --a------ C:\WINDOWS\system32\noise.jpn 2008-03-05 11:40 . 2004-08-05 13:00 1,486 --a------ C:\WINDOWS\system32\noise.kor 2008-03-03 15:42 . 2008-03-03 15:42 <REP> d-------- C:\Program Files\7-Zip 2008-02-28 19:57 . 2008-02-28 19:57 <REP> d-------- C:\Documents and Settings\ben\scenes 2008-02-28 19:57 . 2008-02-28 19:57 <REP> d-------- C:\Documents and Settings\ben\.assistant 2008-02-28 19:41 . 2008-02-28 19:41 <REP> d-------- C:\Program Files\Next Limit 2008-02-27 23:28 . 2008-02-27 23:28 <REP> d-------- C:\Program Files\TimeAdjuster 2008-02-27 20:25 . 2008-03-11 13:07 <REP> d-------- C:\Program Files\FlashGet 2008-02-27 19:10 . 2008-02-27 19:10 <REP> d-------- C:\Documents and Settings\ben\Application Data\Publish Providers 2008-02-27 19:06 . 2008-02-27 19:06 <REP> d-------- C:\Documents and Settings\ben\Application Data\Sony 2008-02-27 19:05 . 2008-02-27 19:05 <REP> d-------- C:\Program Files\Vstplugins 2008-02-27 19:05 . 2008-02-27 19:05 <REP> d-------- C:\Program Files\Sony 2008-02-27 19:04 . 2008-02-27 19:04 <REP> d-------- C:\Program Files\Sony Setup 2008-02-27 17:18 . 2008-02-27 17:18 <REP> d-------- C:\Program Files\LCS_screensaver 2008-02-27 17:18 . 2008-02-27 17:23 1,225,451 --a------ C:\WINDOWS\LCS_screensaver.scr 2008-02-27 17:16 . 2008-02-27 17:16 <REP> d-------- C:\Program Files\LCS_SergioParisse 2008-02-27 17:16 . 2008-02-27 17:16 488,435 --a------ C:\WINDOWS\LCS_SergioParisse.scr 2008-02-27 17:14 . 2008-02-27 17:14 <REP> d-------- C:\Program Files\LCS_PopitoStarace 2008-02-27 17:14 . 2008-02-27 17:16 506,539 --a------ C:\WINDOWS\LCS_PopitoStarace.scr 2008-02-27 15:36 . 2008-02-27 15:36 <REP> d-------- C:\Program Files\LCS_FeelGood 2008-02-27 15:36 . 2008-02-27 15:35 659,107 --a------ C:\WINDOWS\LCS_FeelGood.scr . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-06 21:17 --------- d-----w C:\Program Files\Soulseek 2008-02-18 12:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-31 10:05 --------- d-----w C:\Program Files\MSN Messenger 2008-01-13 18:57 --------- d-----w C:\Documents and Settings\ben\Application Data\DivX 2008-01-13 18:15 --------- d-----w C:\Program Files\DivX 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-03-11 13:49 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-07 01:52 7118848] "nwiz"="nwiz.exe" [2005-07-07 01:52 1519616 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 18:24 684032] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2008-03-11 14:36 139264] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2008-03-11 14:52 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2008-03-11 14:49 212992] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2008-03-11 14:53 180224] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-09-14 13:15 1327104] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-29 22:11 26112] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-11 14:25 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 Apache2.2;Apache2.2;"C:\Program Files\xampp\apache\bin\apache.exe" -k runservice [] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-08-10 21:30:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-03-10 11:00:58 C:\WINDOWS\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (D4T60Z1J-ben).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-11 21:54:59 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-11 21:55:35 ComboFix-quarantined-files.txt 2008-03-11 20:55:27 . 2008-03-06 23:15:07 --- E O F ---
  12. J'ai bien suivi votre procédure, Combo-Fix a bien tourné en faisant les différentes etapes, puis il a fait redemarrer mon ordi. Au redemarrage il s'est relancé en disant qu'il faisait un rapport, ça a duré un petit moment puis la fenetre s'est fermée sans que je ne vois de rapport. Du coup j'ai essayé de relancer comboFix et la la fenetre bleue s'ouvre, mais j'ai un message de mon firewall que je n'ai pas eu avant qui me demande si je veux autoriser C:\combo-Fix\nircmd.cfexe a acceder a internet, est ce que j'autorise ou je bloque? (mon firewall est macafee) Merci
  13. Et voilà le rapport kaspersky. Qui a bien trouvé des fichiers infectés, et ceci, après le scan ELIBALGA Merci pour votre aide, j'attends la suite des opérations! ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, March 11, 2008 7:51:32 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 11/03/2008 Kaspersky Anti-Virus database records: 564052 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 200641 Number of viruses found: 5 Number of infected objects: 21 Number of suspicious objects: 0 Duration of the scan process: 02:10:19 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\FLEXnet\adobe_00080000_tsf.data Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped C:\Documents and Settings\ben\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\ben\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\cert8.db Object is locked skipped C:\Documents and Settings\ben\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\formhistory.dat Object is locked skipped C:\Documents and Settings\ben\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\history.dat Object is locked skipped C:\Documents and Settings\ben\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\key3.db Object is locked skipped C:\Documents and Settings\ben\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\parent.lock Object is locked skipped C:\Documents and Settings\ben\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\search.sqlite Object is locked skipped C:\Documents and Settings\ben\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\ben\Bureau\Archive\TRAD_MANQUANTES.doc Object is locked skipped C:\Documents and Settings\ben\Bureau\Archive\UK\TRAD_MANQUANTES-ANG.doc Object is locked skipped C:\Documents and Settings\ben\Bureau\Archive\UK\Votre de¦üfi a bien e¦üte¦ü envoye¦ü-ANG.doc Object is locked skipped C:\Documents and Settings\ben\Bureau\BACK_mars08\COQ_SPORTIF\SOURCES\trads_coq\trads_coq\fichier-trad-ANG.doc Object is locked skipped C:\Documents and Settings\ben\Cookies\index.dat Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Identities\{9EA80CF4-4B0C-40F6-9D77-D0174F8EB8E2}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Identities\{9EA80CF4-4B0C-40F6-9D77-D0174F8EB8E2}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_72C0_A03E_C0A0_A85\dfsr.db Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_72C0_A03E_C0A0_A85\fsr.log Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_72C0_A03E_C0A0_A85\fsrtmp.log Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_72C0_A03E_C0A0_A85\tmp.edb Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\ben\Local Settings\Application Data\Mozilla\Firefox\Profiles\yz4h9inu.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\ben\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\ben\Local Settings\Historique\History.IE5\MSHist012008031120080312\index.dat Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\alm.log Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\amt.log Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\IMGE.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DF22A7.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DF3C83.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DF3CCA.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DF4EE6.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DF8386.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DFD2F0.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DFE0DA.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DFE2B3.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DFE2E5.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DFEFE1.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DFF423.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~DFF42B.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~WRF0000.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temp\~WRS0001.tmp Object is locked skipped C:\Documents and Settings\ben\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\ben\NTUSER.DAT Object is locked skipped C:\Documents and Settings\ben\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Fichiers communs\Adobe\Adobe PCD\cache\cache.db Object is locked skipped C:\Program Files\Fichiers communs\Adobe\Adobe PCD\pcd.db Object is locked skipped C:\Program Files\Fichiers communs\Adobe\caps\caps.db Object is locked skipped C:\Program Files\xampp\apache\logs\access.log Object is locked skipped C:\Program Files\xampp\apache\logs\error.log Object is locked skipped C:\Program Files\xampp\apache\logs\ssl_request.log Object is locked skipped C:\Program Files\xampp\mysql\data\D4T60Z1J.err Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{CFB1617D-F601-4675-970C-6F1F1284B2FA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\msfont.dll Infected: Trojan-Downloader.Win32.Agent.kgv skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From <[email protected]>][Date Sun, 15 Aug 2004 13:55:35 +0100]/UNNAMED/Msg.zip/cjyajrq.exe Infected: Email-Worm.Win32.Bagle.g skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From <[email protected]>][Date Sun, 15 Aug 2004 13:55:35 +0100]/UNNAMED/Msg.zip Infected: Email-Worm.Win32.Bagle.g skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From <[email protected]>][Date Sun, 15 Aug 2004 13:55:35 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.g skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From [email protected]][Date Tue, 7 Sep 2004 15:27:32 +0200]/UNNAMED/[email protected]/[email protected] .com Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From [email protected]][Date Tue, 7 Sep 2004 15:27:32 +0200]/UNNAMED/[email protected] Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From [email protected]][Date Tue, 7 Sep 2004 15:27:32 +0200]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From [email protected]][Date Wed, 8 Sep 2004 15:45:32 +0200]/UNNAMED/text.scr Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From [email protected]][Date Wed, 8 Sep 2004 15:45:32 +0200]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From "Post Office" <[email protected]>][Date Wed, 15 Sep 2004 18:25:26 +0200]/UNNAMED/[email protected]/[email protected]/[email protected] .pif Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From "Post Office" <[email protected]>][Date Wed, 15 Sep 2004 18:25:26 +0200]/UNNAMED/[email protected]/[email protected] Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From "Post Office" <[email protected]>][Date Wed, 15 Sep 2004 18:25:26 +0200]/UNNAMED/[email protected] Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From "Post Office" <[email protected]>][Date Wed, 15 Sep 2004 18:25:26 +0200]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From "REGIONS BANK" <[email protected]>][Date Wed, 2 Feb 2005 07:17:29 +0100]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.cr skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From "REGIONS BANK" <[email protected]>][Date Wed, 2 Feb 2005 07:17:29 +0100]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.cr skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx/[From "REGIONS BANK" <[email protected]>][Date Wed, 2 Feb 2005 07:17:29 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.cr skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\lments supprims.dbx Mail MS Outlook 5: infected - 15 skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\outlook\Inbox+.dbx/[From Mail Delivery Subsystem <[email protected]>][Date Wed, 12 May 2004 12:08:23 -0500]/UNNAMED/[From 139.194-201-80.adsl.skynet.be [80.201.194.139]]/UNNAMED/[From "pop.lab-au.com"<[email protected]>][Date Wed, 12 May 2004 07:34:32 -0500]/html Infected: Email-Worm.Win32.Wallon.a skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\outlook\Inbox+.dbx/[From Mail Delivery Subsystem <[email protected]>][Date Wed, 12 May 2004 12:08:23 -0500]/UNNAMED/[From 139.194-201-80.adsl.skynet.be [80.201.194.139]]/UNNAMED Infected: Email-Worm.Win32.Wallon.a skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\outlook\Inbox+.dbx/[From Mail Delivery Subsystem <[email protected]>][Date Wed, 12 May 2004 12:08:23 -0500]/UNNAMED Infected: Email-Worm.Win32.Wallon.a skipped D:\[ALIQUIDSTUDIO]\[LE STUDIO]\[CONTACTS]\[ALIQUIDSTUDIO] - contacts\outlook\Inbox+.dbx Mail MS Outlook 5: infected - 3 skipped Scan process completed.
  14. Merci pour votre reponse, Voici déjà le rapport ELIBAGLA, il trouve le virus dans JUSCHED.EXE Tue Mar 11 11:20:18 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Restaurada Clave: "SafeBoot\Minimal y Network" Reinicie para Completar la Limpieza. Tue Mar 11 11:21:29 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\eMule\Incoming\TRANSTYPE SE 2.5.1 CRACKED.ZIP --> Eliminado Bagle.dldr C:\Program Files\eMule\Incoming\TRANSTYPE SE 2.5.1.ZIP --> Eliminado Bagle.dldr C:\Program Files\eMule\Incoming\TransType SE 2.5.1 Cracked\TRANSTYPE SE 2.5.1 CRACKED.EXE --> Eliminado Bagle.dldr C:\Program Files\Java\j2re1.4.2_03\bin\JUSCHED.EXE --> Eliminado Bagle.dldr Nº Total de Directorios: 15290 Nº Total de Ficheros: 198760 Nº de Ficheros Analizados: 11259 Nº de Ficheros Infectados: 4 Nº de Ficheros Limpiados: 4 Tue Mar 11 11:35:28 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 873 Nº Total de Ficheros: 11546 Nº de Ficheros Analizados: 51 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Exploración Detenida por el Usuario. Tue Mar 11 11:35:47 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 15290 Nº Total de Ficheros: 198762 Nº de Ficheros Analizados: 11255 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Tue Mar 11 11:48:14 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Tue Mar 11 11:48:57 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 15292 Nº Total de Ficheros: 198791 Nº de Ficheros Analizados: 11256 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Tue Mar 11 12:02:57 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Tue Mar 11 12:09:16 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Tue Mar 11 12:09:54 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\Java\j2re1.4.2_03\bin\JUSCHED.EXE --> Eliminado Bagle.dldr Nº Total de Directorios: 15291 Nº Total de Ficheros: 198737 Nº de Ficheros Analizados: 11258 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1 Tue Mar 11 12:23:35 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Tue Mar 11 12:29:46 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Tue Mar 11 13:13:53 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Tue Mar 11 13:14:03 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\Java\j2re1.4.2_03\bin\JUSCHED.EXE --> Eliminado Bagle.dldr Tue Mar 11 13:19:12 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado. Reinicie para Completar la Limpieza. Tue Mar 11 14:54:25 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit) C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr Tue Mar 11 15:34:55 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Tue Mar 11 15:35:08 2008 EliBagle v11.12 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\Java\j2re1.4.2_03\bin\JUSCHED.EXE --> Eliminado Bagle.dldr Nº Total de Directorios: 15367 Nº Total de Ficheros: 161037 Nº de Ficheros Analizados: 11320 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1
  15. Bonjour, Je me suis fais infecter par le virus Bagle. J'ai essayé d'installer différents utilitaires mais la plupart, comme hijackThis affichent l'erreur suivante: "n'est pas une application win32 valide" De plus a chaque demarrage, une fenetre "select file to crack" s'affiche qui je pense relance le virus. Pour le moment seul ELIBAGLA peut se lancer, il repère le virus et l'elimine, (apparement) mais au redemarrage le "select file to crack" le virus se relance. Merci de votre aide!
×
×
  • Créer...