lisou

j'ai essayé pour firefox mais ça ne marche pas; je vais essayer de chercher. je tenais à vous remercier Pear pour le temps passé à m'aider, c'est vraiment sympa de prendre du temps pour des inconnus (& des ordinateurs )

Voici le rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 15:09, on 2008-03-19 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\WINDOWS\System32\snmp.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe D:\WINDOWS\explorer.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\WinRAR\WinRAR.exe D:\Documents and Settings\lisou\Bureau\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [VirusKeeper] D:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [Creative WebCam Tray] "D:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f7f1ba356ea5426eb5a792cab7f394de O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f7f1ba356ea5426eb5a792cab7f394de O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B06F6E-1C2C-4BD0-BAFD-B61C6A90BB82}: NameServer = 86.64.145.144 84.103.237.144 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - D:\WINDOWS\System32\klogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe Par contre, windows live messenger ne fonctionne pas & le serveur firefox est toujours introuvable, est-ce normal? Je voulais aussi demander si je conservais antivir & supprimais viruskeeper? quel firewall me conseillez-vous? merci pour les renseignements

super! ci-loint le rapport toolscleaner, je m'occupe du hijackthis mais avant je voulais savoir si je devais bien supprimer ces dossiers avant de faire le rapport? -->- Recherche: D:\SdFix.exe: trouvé ! D:\Combofix: trouvé ! D:\Qoobox: trouvé ! D:\Documents and Settings\lisou\Bureau\ComboFix.exe: trouvé ! D:\Documents and Settings\lisou\Bureau\SDFIX: trouvé ! D:\Documents and Settings\lisou\Bureau\HijackThis: trouvé ! D:\Documents and Settings\lisou\Bureau\HiJackThis\HijackThis.exe: trouvé ! D:\Documents and Settings\lisou\Recent\HijackThis.lnk: trouvé ! D:\QooBox\Quarantine\D\Combofix: trouvé ! D:\WINDOWS\pskill.exe: trouvé !

bon, désolée, mais je crois que j'ai quelques problèmes quand je lance combofix il s'éxécute automatiquement sans me proposer de choix entre 1 & 2. j'ai remarqué aussi que dans le rapport d'antivir, le scan master bootsector & rootkits est en position off dois-je recommencer ou maintenant lancer avg? ComboFix 08-03-14.4 - lisou 2008-03-19 9:28:26.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.779 [GMT 1:00] Endroit: D:\Documents and Settings\lisou\Bureau\ComboFix.exe Command switches used :: D:\Documents and Settings\lisou\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: D:\WINDOWS\WinLockDll.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\WinLockDll.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))))))) . 2008-03-18 15:30 . 2008-03-18 15:30 <REP> d-------- D:\Documents and Settings\lisou\Application Data\Hewlett-Packard 2008-03-18 15:21 . 2008-03-18 15:21 <REP> d-------- D:\Program Files\Fichiers communs\Hewlett-Packard 2008-03-18 15:21 . 2001-08-17 21:53 13,824 --a------ D:\WINDOWS\system32\drivers\usbscan.sys 2008-03-18 15:21 . 2001-08-17 21:53 13,824 --a--c--- D:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-18 15:19 . 2008-03-18 15:19 <REP> d-------- D:\Program Files\Hewlett-Packard 2008-03-18 15:18 . 2008-03-18 15:29 19,558 --a------ D:\WINDOWS\hpoins01.dat 2008-03-18 15:18 . 2003-04-22 19:01 16,606 --------- D:\WINDOWS\hpomdl01.dat 2008-03-18 15:07 . 2008-03-18 15:07 <REP> d-------- D:\WINDOWS\Downloaded Installations 2008-03-18 15:07 . 2008-03-18 15:08 <REP> d-------- D:\temp\FixEngine 2008-03-18 15:07 . 2008-03-18 15:07 <REP> d-------- D:\temp 2008-03-18 15:07 . 2008-03-18 15:07 <REP> d-------- D:\Program Files\Hp 2008-03-18 15:07 . 2003-08-25 18:06 182,880 --a------ D:\WINDOWS\system32\iuengine.dll 2008-03-18 15:07 . 2003-08-25 18:06 182,880 --a--c--- D:\WINDOWS\system32\dllcache\iuengine.dll 2008-03-18 14:59 . 2001-08-17 22:00 24,832 --a------ D:\WINDOWS\system32\drivers\usbprint.sys 2008-03-18 14:59 . 2001-08-17 22:00 24,832 --a--c--- D:\WINDOWS\system32\dllcache\usbprint.sys 2008-03-18 14:58 . 2001-08-17 22:03 24,960 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys 2008-03-18 14:58 . 2001-08-17 22:03 24,960 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys 2008-03-18 14:52 . 2008-03-18 14:52 <REP> d-------- D:\Program Files\Fichiers communs\Adobe 2008-03-18 13:23 . 2008-03-18 13:23 <REP> d-------- D:\Program Files\Avira 2008-03-18 13:23 . 2008-03-18 13:23 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira 2008-03-17 20:11 . 2008-03-18 21:17 <REP> d-------- D:\WINDOWS\system32\ActiveScan 2008-03-17 20:11 . 2008-03-17 20:11 30,590 --a------ D:\WINDOWS\system32\pavas.ico 2008-03-17 20:11 . 2008-03-17 20:11 2,550 --a------ D:\WINDOWS\system32\Uninstall.ico 2008-03-17 20:11 . 2008-03-17 20:11 1,406 --a------ D:\WINDOWS\system32\Help.ico 2008-03-17 19:05 . 2008-03-17 19:05 <REP> d--h----- D:\WINDOWS\PIF 2008-03-16 20:15 . 2008-03-16 20:15 <REP> d-------- D:\WINDOWS\system32\Kaspersky Lab 2008-03-16 13:48 . 2008-03-16 13:49 <REP> d-------- D:\WINDOWS\ERUNT 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-16 13:40 . 2007-12-30 00:25 <REP> d--h----- D:\Documents and Settings\Administrateur\ModŠles 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Mes documents 2008-03-16 13:40 . 2007-12-29 21:13 <REP> dr------- D:\Documents and Settings\Administrateur\Menu D‚marrer 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Favoris 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Bureau 2008-03-16 11:27 . 2008-03-16 11:27 1,413,305 --a------ D:\SDFix.exe 2008-03-15 16:49 . 2008-03-15 16:49 <REP> d-------- D:\Program Files\Lavalys 2008-03-15 10:17 . 2008-03-15 10:17 <REP> d-------- D:\WINDOWS\Sun 2008-03-15 10:15 . 2008-02-22 02:33 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-03-15 10:14 . 2008-03-15 10:15 <REP> d-------- D:\Program Files\Java 2008-03-15 10:14 . 2008-03-15 10:14 <REP> d-------- D:\Program Files\Fichiers communs\Java 2008-03-15 01:43 . 2008-03-15 01:54 <REP> d-------- D:\Program Files\ma-config.com 2008-03-15 01:43 . 2008-03-15 15:53 <REP> d-------- D:\Documents and Settings\lisou\Application Data\ma-config.com 2008-03-15 01:41 . 2008-03-18 15:40 1,072,488,448 --a------ D:\WINDOWS\MEMORY.DMP 2008-03-15 01:27 . 2008-03-15 01:27 <REP> d-------- D:\Documents and Settings\lisou\Application Data\vlc 2008-03-15 01:26 . 2008-03-15 01:26 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-03-15 01:22 . 2008-03-15 01:22 <REP> d-------- D:\Program Files\AxBx 2008-03-15 01:12 . 2001-08-28 13:00 843,832 --a--c--- D:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-03-15 01:11 . 2001-08-28 13:00 10,129,408 --a--c--- D:\WINDOWS\system32\dllcache\hwxkor.dll 2008-03-15 01:10 . 2001-08-28 13:00 13,463,552 --a--c--- D:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-03-15 01:09 . 2001-05-23 05:15 872,557 --a--c--- D:\WINDOWS\system32\dllcache\fp4awel.dll 2008-03-15 01:06 . 2001-08-28 13:00 159,744 --a--c--- D:\WINDOWS\system32\dllcache\icwhelp.dll 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a------ D:\WINDOWS\system32\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a--c--- D:\WINDOWS\system32\dllcache\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a------ D:\WINDOWS\system32\wuaueng.dll 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a--c--- D:\WINDOWS\system32\dllcache\wuaueng.dll 2008-03-15 01:01 . 2001-08-17 21:51 18,688 --a------ D:\WINDOWS\system32\drivers\irsir.sys 2008-03-15 00:58 . 2001-08-17 20:13 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys 2008-03-15 00:57 . 2001-08-17 21:51 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 08:32 6,499,616 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat 2008-03-19 08:30 93,320 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx 2008-03-19 08:30 22,136 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-19 08:30 203,808 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-17 20:33 --------- d-----w D:\Program Files\Windows Live Toolbar 2008-03-17 20:32 --------- d-----w D:\Program Files\MSN Messenger 2008-03-17 20:32 --------- d-----w D:\Program Files\Messenger Plus! Live 2008-03-16 19:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-15 09:00 --------- d-----w D:\Program Files\IncrediMail 2008-01-03 16:11 155,648 ----a-w D:\WINDOWS\system32\NeroCheck .exe 2008-01-02 15:47 13,312 ----a-w D:\WINDOWS\system32\ctfmon .exe 2007-12-31 08:41 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-05-06 16:42 7,260,160 ----a-w D:\Program Files\mozilla firefox\plugins\libvlc.dll . <pre> ----a-w 214,456 2008-01-02 15:47:04 D:\Program Files\IncrediMail\bin\IncMail .exe ----a-w 5,674,352 2008-01-02 15:47:19 D:\Program Files\MSN Messenger\msnmsgr .exe ----a-w 13,312 2008-01-02 15:47:02 D:\WINDOWS\system32\ctfmon .exe ----a-w 155,648 2008-01-03 16:11:41 D:\WINDOWS\system32\NeroCheck .exe </pre> ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative WebCam Tray"="D:\Program Files\Creative\Shared Files\CamTray.exe" [ ] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirusKeeper"="D:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-03-07 17:10 2668928] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-18 13:29 249896] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R0 avgntmgr;avgntmgr;D:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22] R1 avgntdd;avgntdd;D:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04] R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 V0260VID;Live! Cam Vista IM;D:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-04-01 16:16] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-18 14:30:36 D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1205850588.job" - D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-03-19 08:27:00 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Bonjour, j'ai vu votre message alors ke j'avais déjà scanner avec antivir, je le colle, dois-je le refaire après combofix? merci j'ai dû l'arrêter la 1re fois, je vous mets donc les 2 rapports : AntiVir PersonalEdition Classic Report file date: mardi 18 mars 2008 13:36 Scanning for 1151755 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (plain) [5.1.2600] Username: lisou Computer name: LISOU-UYOAMKLWE Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:29:34 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 12:29:34 ANTIVIR3.VDF : 7.0.3.45 209920 Bytes 18/03/2008 12:29:34 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 18/03/2008 12:29:38 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 18/03/2008 12:29:38 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: d:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 18 mars 2008 13:36 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 10 processes with 10 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Boot sector 'H:\' [NOTE] No virus was found! Boot sector 'I:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '23' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEME> C:\Sql.exe [DETECTION] Contains detection pattern of the worm WORM/Rbot.261120.11 [iNFO] The file was moved to '484bb7db.qua'! C:\Tray.exe [DETECTION] Contains detection pattern of the worm WORM/IrcBot.137509 [iNFO] The file was moved to '4840b7e1.qua'! C:\xfmb.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.Crw.2 Backdoor server programs [iNFO] The file was moved to '484cb7d5.qua'! Begin scan in 'D:\' D:\pagefile.sys [WARNING] The file could not be opened! D:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\4840b7e1.qua [DETECTION] Contains detection pattern of the worm WORM/IrcBot.137509 [iNFO] The file was moved to '4813bfae.qua'! D:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\484bb7db.qua [DETECTION] Contains detection pattern of the worm WORM/Rbot.261120.11 [iNFO] The file was moved to '497f1ce7.qua'! D:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\484cb7d5.qua [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.Crw.2 Backdoor server programs [iNFO] The file was moved to '4813bfa0.qua'! End of the scan: mardi 18 mars 2008 14:16 Used time: 40:17 min The scan has been canceled! 3115 Scanning directories 165883 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 6 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 165877 Files not concerned 1824 Archives were scanned 1 Warnings 0 Notes ______________________________________________________________________ AntiVir PersonalEdition Classic Report file date: mardi 18 mars 2008 15:53 Scanning for 1151755 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (plain) [5.1.2600] Username: lisou Computer name: LISOU-UYOAMKLWE Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:29:34 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 12:29:34 ANTIVIR3.VDF : 7.0.3.45 209920 Bytes 18/03/2008 12:29:34 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 18/03/2008 12:29:38 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 18/03/2008 12:29:38 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: d:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 18 mars 2008 15:53 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 10 processes with 10 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Boot sector 'H:\' [NOTE] No virus was found! Boot sector 'I:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '27' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEME> Begin scan in 'D:\' D:\pagefile.sys [WARNING] The file could not be opened! D:\WINDOWS\system32\ActiveScan\pskavs.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [iNFO] The file was moved to '484b23e0.qua'! Begin scan in 'G:\' G:\Documents and Settings\Arkhel\Local Settings\Temp\winAC.tmp.exe [DETECTION] Contains detection pattern of the dropper DR/Softomate.U [iNFO] The file was moved to '484e254b.qua'! G:\Documents and Settings\Arkhel\Local Settings\Temp\winB4.tmp.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.PurityScan.DC.4 [iNFO] The file was moved to '49274ffc.qua'! G:\Documents and Settings\Arkhel\Local Settings\Temp\winB9.tmp.exe [DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted) [iNFO] The file was moved to '484e254d.qua'! G:\Program Files\Fichiers communs\{5805ECC4-0C77-1036-0819-050817050021}\Update.ex$ [DETECTION] Is the Trojan horse TR/Dldr.Agent.ads [iNFO] The file was moved to '484425c0.qua'! Begin scan in 'H:\' <Films> H:\WINDOWS\system32\avvg.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48563292.qua'! H:\WINDOWS\system32\fest.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48533291.qua'! Begin scan in 'I:\' <Jeux> Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: mardi 18 mars 2008 22:34 Used time: 6:40:53 min The scan has been done completely. 11622 Scanning directories 652282 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 7 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 652275 Files not concerned 23927 Archives were scanned 1 Warnings 0 Notes

Bonjour, voici le rapport, je m'occupe maintenant d'antivir. pour la restauration système, j'ai pourtant tout désactivé hier ComboFix 08-03-14.4 - lisou 2008-03-18 12:33:58.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.786 [GMT 1:00] Endroit: D:\Documents and Settings\lisou\Bureau\ComboFix.exe Command switches used :: D:\Documents and Settings\lisou\Bureau\CFScript.txt . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))))))) . 2008-03-17 20:11 . 2008-03-17 21:53 <REP> d-------- D:\WINDOWS\system32\ActiveScan 2008-03-17 20:11 . 2008-03-17 20:11 30,590 --a------ D:\WINDOWS\system32\pavas.ico 2008-03-17 20:11 . 2008-03-17 20:11 2,550 --a------ D:\WINDOWS\system32\Uninstall.ico 2008-03-17 20:11 . 2008-03-17 20:11 1,406 --a------ D:\WINDOWS\system32\Help.ico 2008-03-17 19:05 . 2008-03-17 19:05 <REP> d--h----- D:\WINDOWS\PIF 2008-03-16 20:15 . 2008-03-16 20:15 <REP> d-------- D:\WINDOWS\system32\Kaspersky Lab 2008-03-16 13:48 . 2008-03-16 13:49 <REP> d-------- D:\WINDOWS\ERUNT 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-16 13:40 . 2007-12-30 00:25 <REP> d--h----- D:\Documents and Settings\Administrateur\Modèles 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Mes documents 2008-03-16 13:40 . 2007-12-29 21:13 <REP> dr------- D:\Documents and Settings\Administrateur\Menu Démarrer 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Favoris 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Bureau 2008-03-16 11:27 . 2008-03-16 11:27 1,413,305 --a------ D:\SDFix.exe 2008-03-15 16:49 . 2008-03-15 16:49 <REP> d-------- D:\Program Files\Lavalys 2008-03-15 10:17 . 2008-03-15 10:17 <REP> d-------- D:\WINDOWS\Sun 2008-03-15 10:15 . 2008-02-22 02:33 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-03-15 10:14 . 2008-03-15 10:15 <REP> d-------- D:\Program Files\Java 2008-03-15 10:14 . 2008-03-15 10:14 <REP> d-------- D:\Program Files\Fichiers communs\Java 2008-03-15 01:43 . 2008-03-15 01:54 <REP> d-------- D:\Program Files\ma-config.com 2008-03-15 01:43 . 2008-03-15 15:53 <REP> d-------- D:\Documents and Settings\lisou\Application Data\ma-config.com 2008-03-15 01:27 . 2008-03-15 01:27 <REP> d-------- D:\Documents and Settings\lisou\Application Data\vlc 2008-03-15 01:26 . 2008-03-15 01:26 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-03-15 01:22 . 2008-03-15 01:22 <REP> d-------- D:\Program Files\AxBx 2008-03-15 01:12 . 2001-08-28 13:00 843,832 --a--c--- D:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-03-15 01:11 . 2001-08-28 13:00 10,129,408 --a--c--- D:\WINDOWS\system32\dllcache\hwxkor.dll 2008-03-15 01:10 . 2001-08-28 13:00 13,463,552 --a--c--- D:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-03-15 01:09 . 2001-05-23 05:15 872,557 --a--c--- D:\WINDOWS\system32\dllcache\fp4awel.dll 2008-03-15 01:06 . 2001-08-28 13:00 159,744 --a--c--- D:\WINDOWS\system32\dllcache\icwhelp.dll 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a------ D:\WINDOWS\system32\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a--c--- D:\WINDOWS\system32\dllcache\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a------ D:\WINDOWS\system32\wuaueng.dll 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a--c--- D:\WINDOWS\system32\dllcache\wuaueng.dll 2008-03-15 01:01 . 2001-08-17 21:51 18,688 --a------ D:\WINDOWS\system32\drivers\irsir.sys 2008-03-15 00:58 . 2001-08-17 20:13 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys 2008-03-15 00:57 . 2001-08-17 21:51 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-18 11:35 4,662,816 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat 2008-03-18 11:35 182,560 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-18 07:27 68,192 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx 2008-03-18 07:27 21,176 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-17 20:33 --------- d-----w D:\Program Files\Windows Live Toolbar 2008-03-17 20:32 --------- d-----w D:\Program Files\MSN Messenger 2008-03-17 20:32 --------- d-----w D:\Program Files\Messenger Plus! Live 2008-03-16 19:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-15 09:00 --------- d-----w D:\Program Files\IncrediMail 2008-01-03 16:11 155,648 ----a-w D:\WINDOWS\system32\NeroCheck .exe 2008-01-02 15:47 13,312 ----a-w D:\WINDOWS\system32\ctfmon .exe 2007-12-31 08:41 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-19 14:13 73,216 ----a-w D:\WINDOWS\WinLockDll.dll 2006-05-06 16:42 7,260,160 ----a-w D:\Program Files\mozilla firefox\plugins\libvlc.dll . <pre> ----a-w 214,456 2008-01-02 15:47:04 D:\Program Files\IncrediMail\bin\IncMail .exe ----a-w 5,674,352 2008-01-02 15:47:19 D:\Program Files\MSN Messenger\msnmsgr .exe ----a-w 13,312 2008-01-02 15:47:02 D:\WINDOWS\system32\ctfmon .exe ----a-w 155,648 2008-01-03 16:11:41 D:\WINDOWS\system32\NeroCheck .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-03-16_14.18.02.18 ))))))))))))))))))))))))))))))))))))))))) . + 2006-08-24 07:28:54 141,424 ----a-w D:\WINDOWS\Downloaded Program Files\asinst.dll + 2007-03-29 08:20:50 110,592 ----a-w D:\WINDOWS\system32\ActiveScan\as.dll + 2006-10-05 15:15:26 233,472 ----a-w D:\WINDOWS\system32\ActiveScan\ascontrol.dll + 2005-06-03 13:03:18 96,256 ----a-w D:\WINDOWS\system32\ActiveScan\asmdat.dll + 2003-08-01 10:00:16 36,864 ----a-w D:\WINDOWS\system32\ActiveScan\certdll.dll + 2005-05-20 12:42:44 86,016 ----a-w D:\WINDOWS\system32\ActiveScan\instlsp.dll + 2007-11-12 08:46:18 26,112 ----a-w D:\WINDOWS\system32\ActiveScan\JID.dll + 2006-02-16 17:20:20 4,608 ----a-w D:\WINDOWS\system32\ActiveScan\memvfile.dll + 2005-10-25 17:08:32 348,160 ----a-w D:\WINDOWS\system32\ActiveScan\msvcr71.dll + 2007-11-26 10:10:36 61,440 ----a-w D:\WINDOWS\system32\ActiveScan\NanoWrapper.dll + 2004-05-04 14:01:02 139,264 ----a-w D:\WINDOWS\system32\ActiveScan\pavaleas.dll + 2006-07-14 12:04:10 45,056 ----a-w D:\WINDOWS\system32\ActiveScan\pavdr.exe + 2006-04-10 09:50:02 159,832 ----a-w D:\WINDOWS\system32\ActiveScan\pavexcom.dll + 2006-02-14 12:05:38 94,208 ----a-w D:\WINDOWS\system32\ActiveScan\pavinas.dll + 2006-02-16 17:35:38 180,224 ----a-w D:\WINDOWS\system32\ActiveScan\pavoe.dll + 2006-10-05 15:15:38 122,880 ----a-w D:\WINDOWS\system32\ActiveScan\pavpz.dll + 2007-06-04 10:31:52 57,344 ----a-w D:\WINDOWS\system32\ActiveScan\pavsddl.dll + 2006-06-30 13:13:38 8,704 ----a-w D:\WINDOWS\system32\ActiveScan\pfdnnt.exe + 2004-02-04 13:08:42 49,152 ----a-w D:\WINDOWS\system32\ActiveScan\port32.dll + 2007-10-30 09:04:14 36,864 ----a-w D:\WINDOWS\system32\ActiveScan\Prescan.dll + 2006-08-01 12:23:10 69,632 ----a-w D:\WINDOWS\system32\ActiveScan\pscpu.dll + 2007-11-21 09:00:06 376,832 ----a-w D:\WINDOWS\system32\ActiveScan\pskahk.dll + 2007-10-31 12:05:06 32,768 ----a-w D:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll + 2006-08-17 10:38:14 10,752 ----a-w D:\WINDOWS\system32\ActiveScan\pskalloc.dll + 2006-09-04 10:49:54 61,440 ----a-w D:\WINDOWS\system32\ActiveScan\pskas.dll + 2006-08-18 07:46:18 779,264 ----a-w D:\WINDOWS\system32\ActiveScan\pskavs.dll + 2007-03-26 13:25:34 417,792 ----a-w D:\WINDOWS\system32\ActiveScan\pskcmp.dll + 2006-08-09 09:42:24 90,112 ----a-w D:\WINDOWS\system32\ActiveScan\pskfss.dll + 2006-07-19 09:55:58 208,896 ----a-w D:\WINDOWS\system32\ActiveScan\pskhtml.dll + 2006-01-20 15:57:00 9,728 ----a-w D:\WINDOWS\system32\ActiveScan\pskmas.dll + 2006-05-17 08:50:12 14,336 ----a-w D:\WINDOWS\system32\ActiveScan\pskmdfs.dll + 2006-08-16 09:58:12 33,280 ----a-w D:\WINDOWS\system32\ActiveScan\pskpack.dll + 2006-06-30 13:42:36 266,240 ----a-w D:\WINDOWS\system32\ActiveScan\pskscs.dll + 2006-08-17 13:33:14 62,976 ----a-w D:\WINDOWS\system32\ActiveScan\pskutil.dll + 2006-08-08 12:13:10 13,312 ----a-w D:\WINDOWS\system32\ActiveScan\pskvfile.dll + 2006-08-18 07:53:08 69,632 ----a-w D:\WINDOWS\system32\ActiveScan\pskvfs.dll + 2006-08-18 07:49:50 167,936 ----a-w D:\WINDOWS\system32\ActiveScan\pskvm.dll + 2007-10-18 08:30:16 105,472 ----a-w D:\WINDOWS\system32\ActiveScan\psnahk.dll + 2007-11-23 13:29:08 10,752 ----a-w D:\WINDOWS\system32\ActiveScan\psndsk.dll + 2007-10-18 08:30:38 42,496 ----a-w D:\WINDOWS\system32\ActiveScan\psnflg.dll + 2007-10-30 10:19:22 98,304 ----a-w D:\WINDOWS\system32\ActiveScan\psnglknt.dll + 2007-08-22 07:52:00 20,272 ----a-w D:\WINDOWS\system32\ActiveScan\psnhsh.dll + 2007-11-12 14:49:34 11,776 ----a-w D:\WINDOWS\system32\ActiveScan\psnjidsign.dll + 2007-08-22 07:52:04 76,080 ----a-w D:\WINDOWS\system32\ActiveScan\psnkrnl.dll + 2007-08-22 07:52:06 21,296 ----a-w D:\WINDOWS\system32\ActiveScan\psnmem.dll + 2007-10-04 14:26:28 28,672 ----a-w D:\WINDOWS\system32\ActiveScan\PsnPen.dll + 2007-10-23 10:40:10 86,016 ----a-w D:\WINDOWS\system32\ActiveScan\psntuc.dll + 2007-05-24 10:27:36 27,136 ----a-w D:\WINDOWS\system32\ActiveScan\PSNXprs.dll + 2007-04-18 16:16:04 353,840 ----a-w D:\WINDOWS\system32\ActiveScan\psscan.dll + 2007-01-22 13:42:48 35,328 ----a-w D:\WINDOWS\system32\ActiveScan\rawvfile.dll + 2007-06-08 08:44:36 8,576 ----a-w D:\WINDOWS\system32\ActiveScan\RKPavProc.sys + 2007-06-05 09:56:40 44,928 ----a-w D:\WINDOWS\system32\ActiveScan\sdthook.sys + 1997-09-18 05:12:32 9,488 ----a-w D:\WINDOWS\system32\ActiveScan\sporder.dll + 2006-02-28 16:23:40 69,632 ----a-w D:\WINDOWS\system32\ActiveScan\tcpvfile.dll + 2007-09-17 08:14:08 126,976 ----a-w D:\WINDOWS\system32\ActiveScan\Tucan.dll + 2005-05-24 11:27:16 213,048 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 14:47:20 94,208 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 14:49:54 950,272 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2003-03-25 17:53:50 11,776 ----a-w D:\WINDOWS\system32\ZPORT4AS.dll + 2008-03-17 17:21:13 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative WebCam Tray"="D:\Program Files\Creative\Shared Files\CamTray.exe" [ ] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirusKeeper"="D:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-03-07 17:10 2668928] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 V0260VID;Live! Cam Vista IM;D:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-04-01 16:16] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-18 11:27:00 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-18 12:35:42 Windows 5.1.2600 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-18 12:36:36 ComboFix-quarantined-files.txt 2008-03-18 11:36:32 ComboFix2.txt 2008-03-16 18:00:31 ComboFix3.txt 2008-03-16 17:56:32 ComboFix4.txt 2008-03-16 16:14:50

voici le scan du poste de travail Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.xiti.com/] Spyware:Cookie/Adtech No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.adtech.de/] Spyware:Cookie/Weborama No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Advertising No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.advertising.com/] Spyware:Cookie/Bluestreak No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Atlas DMT No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.com.com/] Spyware:Cookie/Smartadserver No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.smartadserver.com/] Spyware:Cookie/YieldManager No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Tradedoubler No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Mediaplex No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Zedo No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.zedo.com/] Spyware:Cookie/Overture No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.overture.com/] Spyware:Cookie/Comclick No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[fl01.ct2.comclick.com/] Spyware:Cookie/RealMedia No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Statcounter No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.statcounter.com/] Spyware:Cookie/fe.lea.lycos No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[.fe.lea.lycos.fr/] Spyware:Cookie/fe.lea.lycos No Désinfecté D:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\vco8907m.default\cookies.txt[fe.lea.lycos.fr/] Outil indésirable:Application/Processor No Désinfecté D:\Documents and Settings\lisou\Bureau\SDFix\apps\Process.exe Adware:Adware/BHO No Désinfecté D:\Documents and Settings\lisou\Bureau\SDFix\backups\backups.zip[backups/superfindout.dll] Spyware:Cookie/RealMedia No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@247realmedia[2].txt Spyware:Cookie/YieldManager No Désinfecté D:\Documents and Settings\lisou\Cookies\[email protected][2].txt Spyware:Cookie/Adtech No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@adtech[1].txt Spyware:Cookie/Advertising No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@advertising[1].txt Spyware:Cookie/Adviva No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@adviva[2].txt Spyware:Cookie/Apmebf No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@apmebf[1].txt Spyware:Cookie/Atlas DMT No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@atdmt[2].txt Spyware:Cookie/Bluestreak No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@bluestreak[1].txt Spyware:Cookie/Serving-sys No Désinfecté D:\Documents and Settings\lisou\Cookies\[email protected][1].txt Spyware:Cookie/Clickbank No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@clickbank[2].txt Spyware:Cookie/Doubleclick No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@doubleclick[2].txt Spyware:Cookie/Enhance No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@enhance[1].txt Spyware:Cookie/Mediaplex No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@mediaplex[1].txt Spyware:Cookie/Overture No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@overture[1].txt Spyware:Cookie/Serving-sys No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@serving-sys[2].txt Spyware:Cookie/Smartadserver No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@smartadserver[1].txt Spyware:Cookie/WebtrendsLive No Désinfecté D:\Documents and Settings\lisou\Cookies\[email protected][2].txt Spyware:Cookie/Tradedoubler No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@tradedoubler[1].txt Spyware:Cookie/Weborama No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@xiti[1].txt Spyware:Cookie/Zedo No Désinfecté D:\Documents and Settings\lisou\Cookies\lisou@zedo[1].txt Virus:W32/Oscarbot.RS.worm Désinfecté D:\QooBox\Quarantine\D\WINDOWS\wl.exe.vir Outil indésirable:Application/Processor No Désinfecté D:\SDFix.exe[sDFix\apps\Process.exe] Virus:Generic Malware Désinfecté D:\Softs\FTP Voyager 11.2.0.2\eclftv11.exe Virus:Trj/Agent.HMS Désinfecté D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000037.exe Spyware:Spyware/Virtumonde No Désinfecté D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000039.dll Spyware:Spyware/Virtumonde No Désinfecté D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000040.dll Virus:Trj/Dropper.ZN Désinfecté D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000041.exe Spyware:Spyware/Virtumonde No Désinfecté D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000042.exe Virus:Trj/Agent.HMS Désinfecté D:\WINDOWS\otstuk.bat Outil indésirable:Application/Pskill.W No Désinfecté D:\WINDOWS\pskill.exe Hacktool:HackTool/WinLock No Désinfecté D:\WINDOWS\WinLockDll.dll Spyware:Cookie/RealMedia No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@247realmedia[2].txt Spyware:Cookie/YieldManager No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][1].txt Spyware:Cookie/Hbmediapro No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][2].txt Spyware:Cookie/Adrevolver No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@adrevolver[1].txt Spyware:Cookie/Adrevolver No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@adrevolver[3].txt Spyware:Cookie/PointRoll No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][1].txt Spyware:Cookie/Adserver No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][2].txt Spyware:Cookie/Adtech No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@adtech[2].txt Spyware:Cookie/Advertising No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@advertising[2].txt Spyware:Cookie/Apmebf No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@apmebf[2].txt Spyware:Cookie/Atlas DMT No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@atdmt[2].txt Spyware:Cookie/Atwola No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@atwola[2].txt Spyware:Cookie/Bluestreak No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@bluestreak[2].txt Spyware:Cookie/Serving-sys No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][2].txt Spyware:Cookie/Ccbill No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@ccbill[2].txt Spyware:Cookie/Cgi-bin No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@cgi-bin[1].txt Spyware:Cookie/Com.com No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@com[1].txt Spyware:Cookie/Sextracker No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][1].txt Spyware:Cookie/cs.sexcounter No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@doubleclick[1].txt Spyware:Cookie/DriveCleaner No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@drivecleaner[2].txt Spyware:Cookie/FastClick No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@fastclick[1].txt Spyware:Cookie/fe.lea.lycos No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][1].txt Spyware:Cookie/Comclick No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][1].txt Spyware:Cookie/Winantivirus No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][1].txt Spyware:Cookie/MediaTickets No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@kinghost[1].txt Spyware:Cookie/Maxserving No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@maxserving[1].txt Spyware:Cookie/Mediaplex No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@mediaplex[1].txt Spyware:Cookie/MetriWeb No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@metriweb[1].txt Spyware:Cookie/QuestionMarket No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@questionmarket[2].txt Spyware:Cookie/RealMedia No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@realmedia[1].txt Spyware:Cookie/Serving-sys No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@serving-sys[2].txt Spyware:Cookie/SexList No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@sexlist[1].txt Spyware:Cookie/Statcounter No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@statcounter[2].txt Spyware:Cookie/DriveCleaner No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][2].txt Spyware:Cookie/WebtrendsLive No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][2].txt Spyware:Cookie/Systemdoctor No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@systemdoctor[2].txt Spyware:Cookie/Tradedoubler No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@tradedoubler[1].txt Spyware:Cookie/Tribalfusion No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@tribalfusion[1].txt Spyware:Cookie/Weborama No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@weborama[2].txt Spyware:Cookie/Winantivirus No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@winantispyware[1].txt Spyware:Cookie/DriveCleaner No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][2].txt Spyware:Cookie/Systemdoctor No Désinfecté G:\Documents and Settings\Arkhel\Cookies\[email protected][1].txt Spyware:Cookie/Xiti No Désinfecté G:\Documents and Settings\Arkhel\Cookies\arkhel@xiti[1].txt Adware:Adware/Maxifiles No Désinfecté G:\Documents and Settings\Arkhel\Local Settings\Temp\winAC.tmp.exe Adware:Adware/Yazzle No Désinfecté G:\Documents and Settings\Arkhel\Local Settings\Temp\winB4.tmp.exe Adware:Adware/Yazzle No Désinfecté G:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe Adware:Adware/Maxifiles No Désinfecté G:\Program Files\Fichiers communs\{3805ECC4-0C77-1036-0819-050817050021}\MyToolBar.dl$ Adware:Adware/DollarRevenue No Désinfecté G:\Program Files\Fichiers communs\{3805ECC4-0C77-1036-0819-050817050021}\Uninst.exe Adware:Adware/Maxifiles No Désinfecté G:\Program Files\Fichiers communs\{5805ECC4-0C77-1036-0819-050817050021}\services.dll Adware:Adware/Maxifiles No Désinfecté G:\Program Files\Fichiers communs\{5805ECC4-0C77-1036-0819-050817050021}\Update.ex$ Spyware:Cookie/Xiti No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.xiti.com/] Spyware:Cookie/Smartadserver No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.smartadserver.com/] Spyware:Cookie/Weborama No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Bluestreak No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Atlas DMT No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/RealMedia No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/fe.lea.lycos No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.fe.lea.lycos.fr/] Spyware:Cookie/fe.lea.lycos No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[fe.lea.lycos.fr/] Spyware:Cookie/Tradedoubler No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Mediaplex No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Apmebf No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Mediaplex No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Advertising No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.advertising.com/] Spyware:Cookie/Comclick No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[fl01.ct2.comclick.com/] Spyware:Cookie/Adtech No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.adtech.de/] Spyware:Cookie/Serving-sys No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/YieldManager No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Zedo No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.zedo.com/] Spyware:Cookie/Adviva No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.adviva.net/] Spyware:Cookie/MetriWeb No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.metriweb.be/] Spyware:Cookie/adultfriendfinder No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Toplist No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Adrevolver No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/PointRoll No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Overture No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.overture.com/] Spyware:Cookie/Casinotropez No Désinfecté H:\Documents and Settings\lisou\Application Data\Mozilla\Firefox\Profiles\ahc3vurz.default\cookies.txt[.casinotropez.com/] Outil indésirable:Application/SweetBar No Désinfecté H:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll Virus Eventuel. No Désinfecté H:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP44\A0009625.exe Virus:Generic Malware Désinfecté H:\WINDOWS\system32\ryxz.exe Virus:Generic Malware Désinfecté H:\WINDOWS\system32\yvhz.exe

alors j'ai un petit souci. j'ai suivi les étapes du tutoriel; la 1re étape s'est bien déroulée mais quand je veux lancer le scan en mode sans échec, rien ne se passe à part 1 message me disant ke la version date de 30 jours & qu'il est conseillé de la mettre à jour... est-ce ke je dois rétablir la restauration système avant? merci

fini! ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, March 17, 2008 12:27:40 AM Operating System: Microsoft Windows XP Professional, (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 16/03/2008 Kaspersky Anti-Virus database records: 634014 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 176640 Number of viruses found: 17 Number of infected objects: 30 Number of suspicious objects: 0 Duration of the scan process: 03:40:58 Infected Object Name / Virus Name / Last Action C:\Sql.exe Infected: Backdoor.Win32.Rbot.bng skipped C:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP8\change.log Object is locked skipped C:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000035.exe Infected: Trojan-Clicker.Win32.Costrat.cz skipped C:\Tray.exe Infected: Backdoor.Win32.IRCBot.bad skipped C:\xfmb.exe Infected: Backdoor.Win32.Small.crw skipped D:\Documents and Settings\lisou\Bureau\SDFix\backups\backups.zip/backups/superfindout.dll Infected: not-a-virus:AdWare.Win32.BHO.rh skipped D:\Documents and Settings\lisou\Bureau\SDFix\backups\backups.zip ZIP: infected - 1 skipped D:\Documents and Settings\lisou\Cookies\index.dat Object is locked skipped D:\Documents and Settings\lisou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\lisou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\lisou\Local Settings\Historique\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\lisou\Local Settings\Historique\History.IE5\MSHist012008031620080317\index.dat Object is locked skipped D:\Documents and Settings\lisou\Local Settings\Temp\hsperfdata_lisou\1140 Object is locked skipped D:\Documents and Settings\lisou\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\lisou\NTUSER.DAT Object is locked skipped D:\Documents and Settings\lisou\NTUSER.DAT.LOG Object is locked skipped D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped D:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.e skipped D:\QooBox\Quarantine\D\WINDOWS\wl.exe.vir Infected: not-a-virus:RiskTool.Win32.Winlocker.a skipped D:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP4\A0000375.exe Infected: not-a-virus:Downloader.Win32.ImLoader.e skipped D:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP4\A0000759.dll Infected: not-a-virus:AdWare.Win32.BHO.rh skipped D:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP4\A0000762.dll Infected: not-a-virus:AdWare.Win32.BHO.rh skipped D:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP5\A0000802.exe Infected: not-a-virus:RiskTool.Win32.Winlocker.a skipped D:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP8\change.log Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP12\A0000762.sys Infected: Trojan-Clicker.Win32.Costrat.cy skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001936.inf Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001937.inf Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001938.inf Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001939.exe Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001940.exe Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001941.dll Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001942.dll Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001943.dll Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001944.ver Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001945.inf Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001946.cat Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001947.cat Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001948.cat Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001949.exe Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001950.dll Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001951.dll Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001952.dll Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001953.dll Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP22\A0001954.cat Object is locked skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000036.exe Infected: Trojan.Win32.Inject.qi skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000037.exe Infected: Trojan.Win32.Ransom.a skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000039.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000040.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000041.exe Infected: Virus.Win32.Trats.d skipped D:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP5\A0000042.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped D:\WINDOWS\Debug\oakley.log Object is locked skipped D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped D:\WINDOWS\SchedLgU.Txt Object is locked skipped D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\default Object is locked skipped D:\WINDOWS\system32\config\default.LOG Object is locked skipped D:\WINDOWS\system32\config\SAM Object is locked skipped D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SECURITY Object is locked skipped D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped D:\WINDOWS\system32\config\software Object is locked skipped D:\WINDOWS\system32\config\software.LOG Object is locked skipped D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\system Object is locked skipped D:\WINDOWS\system32\config\system.LOG Object is locked skipped D:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped D:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped D:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped D:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped D:\WINDOWS\system32\h323log.txt Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped D:\WINDOWS\Temp\Perflib_Perfdata_2f0.dat Object is locked skipped D:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\WINDOWS\WinLockDll.dll Infected: not-a-virus:RiskTool.Win32.Winlocker.a skipped G:\Documents and Settings\Arkhel\Local Settings\Temp\winAC.tmp.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped G:\Documents and Settings\Arkhel\Local Settings\Temp\winB4.tmp.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped G:\Documents and Settings\Arkhel\Local Settings\Temp\winB4.tmp.exe NSIS: infected - 1 skipped G:\Program Files\Fichiers communs\{3805ECC4-0C77-1036-0819-050817050021}\MyToolBar.dl$ Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped G:\Program Files\Fichiers communs\{5805ECC4-0C77-1036-0819-050817050021}\services.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped G:\Program Files\Fichiers communs\{5805ECC4-0C77-1036-0819-050817050021}\Update.ex$ Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped G:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP8\change.log Object is locked skipped H:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped H:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP8\change.log Object is locked skipped H:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP23\A0002985.exe Infected: not-a-virus:FraudTool.Win32.Takedawnload.a skipped H:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP23\A0002988.exe Infected: not-a-virus:FraudTool.Win32.Takedawnload.a skipped H:\System Volume Information\_restore{E1A7EC27-028E-4F25-BBF3-000317743555}\RP44\A0009625.exe Infected: Backdoor.Win32.IRCBot.bad skipped H:\WINDOWS\Prefetch\layout.ini Object is locked skipped I:\System Volume Information\_restore{25FFB0D6-473B-4125-BF75-96DE70440E8A}\RP8\change.log Object is locked skipped Scan process completed. pas mal de virus on dirait?

j'ai lancé le scan, ça fait + de 20 mn et je n'en suis qu'à 3%.... je vous tiens au courant.

voici le rapport : ComboFix 08-03-14.4 - lisou 2008-03-16 18:58:47.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.756 [GMT 1:00] Endroit: D:\Documents and Settings\lisou\Bureau\ComboFix.exe Command switches used :: D:\Documents and Settings\lisou\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: D:\WINDOWS\System32\dxlocflc.dll D:\WINDOWS\System32\ehvlhypa.dll D:\WINDOWS\System32\gebcc.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))))))) . 2008-03-16 13:48 . 2008-03-16 13:49 <REP> d-------- D:\WINDOWS\ERUNT 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-16 13:40 . 2007-12-30 00:25 <REP> d--h----- D:\Documents and Settings\Administrateur\Modèles 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Mes documents 2008-03-16 13:40 . 2007-12-29 21:13 <REP> dr------- D:\Documents and Settings\Administrateur\Menu Démarrer 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Favoris 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Bureau 2008-03-16 11:27 . 2008-03-16 11:27 1,413,305 --a------ D:\SDFix.exe 2008-03-15 16:49 . 2008-03-15 16:49 <REP> d-------- D:\Program Files\Lavalys 2008-03-15 10:17 . 2008-03-15 10:17 <REP> d-------- D:\WINDOWS\Sun 2008-03-15 10:15 . 2008-02-22 02:33 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-03-15 10:14 . 2008-03-15 10:15 <REP> d-------- D:\Program Files\Java 2008-03-15 10:14 . 2008-03-15 10:14 <REP> d-------- D:\Program Files\Fichiers communs\Java 2008-03-15 01:43 . 2008-03-15 01:54 <REP> d-------- D:\Program Files\ma-config.com 2008-03-15 01:43 . 2008-03-15 15:53 <REP> d-------- D:\Documents and Settings\lisou\Application Data\ma-config.com 2008-03-15 01:27 . 2008-03-15 01:27 <REP> d-------- D:\Documents and Settings\lisou\Application Data\vlc 2008-03-15 01:26 . 2008-03-15 01:26 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-03-15 01:22 . 2008-03-15 01:22 <REP> d-------- D:\Program Files\AxBx 2008-03-15 01:12 . 2001-08-28 13:00 843,832 --a--c--- D:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-03-15 01:11 . 2001-08-28 13:00 10,129,408 --a--c--- D:\WINDOWS\system32\dllcache\hwxkor.dll 2008-03-15 01:10 . 2001-08-28 13:00 13,463,552 --a--c--- D:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-03-15 01:09 . 2001-05-23 05:15 872,557 --a--c--- D:\WINDOWS\system32\dllcache\fp4awel.dll 2008-03-15 01:06 . 2001-08-28 13:00 159,744 --a--c--- D:\WINDOWS\system32\dllcache\icwhelp.dll 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a------ D:\WINDOWS\system32\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a--c--- D:\WINDOWS\system32\dllcache\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a------ D:\WINDOWS\system32\wuaueng.dll 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a--c--- D:\WINDOWS\system32\dllcache\wuaueng.dll 2008-03-15 01:01 . 2001-08-17 21:51 18,688 --a------ D:\WINDOWS\system32\drivers\irsir.sys 2008-03-15 00:58 . 2001-08-17 20:13 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys 2008-03-15 00:57 . 2001-08-17 21:51 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-16 17:59 4,282,912 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat 2008-03-16 17:59 173,344 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-16 13:14 60,920 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx 2008-03-16 13:14 19,592 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-15 09:00 --------- d-----w D:\Program Files\IncrediMail 2008-01-03 16:11 155,648 ----a-w D:\WINDOWS\system32\NeroCheck .exe 2008-01-02 15:47 13,312 ----a-w D:\WINDOWS\system32\ctfmon .exe 2007-12-31 08:41 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-19 14:13 73,216 ----a-w D:\WINDOWS\WinLockDll.dll 2006-05-06 16:42 7,260,160 ----a-w D:\Program Files\mozilla firefox\plugins\libvlc.dll . <pre> ----a-w 214,456 2008-01-02 15:47:04 D:\Program Files\IncrediMail\bin\IncMail .exe ----a-w 5,674,352 2008-01-02 15:47:19 D:\Program Files\MSN Messenger\msnmsgr .exe ----a-w 13,312 2008-01-02 15:47:02 D:\WINDOWS\system32\ctfmon .exe ----a-w 155,648 2008-01-03 16:11:41 D:\WINDOWS\system32\NeroCheck .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-03-16_14.18.02.18 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-16 13:16:57 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_2f0.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative WebCam Tray"="D:\Program Files\Creative\Shared Files\CamTray.exe" [ ] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirusKeeper"="D:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-03-07 17:10 2668928] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 V0260VID;Live! Cam Vista IM;D:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-04-01 16:16] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-16 17:27:00 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 18:59:48 Windows 5.1.2600 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-16 19:00:30 ComboFix-quarantined-files.txt 2008-03-16 18:00:28 ComboFix2.txt 2008-03-16 17:56:32 ComboFix3.txt 2008-03-16 16:14:50 j'attend les consignes merci

ouf! il ne faudrait pas que je me réjouisse trop vite mais je crois que là, c'est le bon ComboFix 08-03-14.4 - lisou 2008-03-16 17:12:37.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.781 [GMT 1:00] Endroit: D:\Documents and Settings\lisou\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . D:\WINDOWS\system32\ccbeg.ini D:\WINDOWS\system32\ccbeg.ini2 D:\WINDOWS\wl.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))))))) . 2008-03-16 13:48 . 2008-03-16 13:49 <REP> d-------- D:\WINDOWS\ERUNT 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage réseau 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-16 13:40 . 2007-12-30 00:25 <REP> d--h----- D:\Documents and Settings\Administrateur\Modèles 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Mes documents 2008-03-16 13:40 . 2007-12-29 21:13 <REP> dr------- D:\Documents and Settings\Administrateur\Menu Démarrer 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Favoris 2008-03-16 13:40 . 2007-12-29 21:13 <REP> d-------- D:\Documents and Settings\Administrateur\Bureau 2008-03-16 11:27 . 2008-03-16 11:27 1,413,305 --a------ D:\SDFix.exe 2008-03-15 16:49 . 2008-03-15 16:49 <REP> d-------- D:\Program Files\Lavalys 2008-03-15 10:17 . 2008-03-15 10:17 <REP> d-------- D:\WINDOWS\Sun 2008-03-15 10:15 . 2008-02-22 02:33 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-03-15 10:14 . 2008-03-15 10:15 <REP> d-------- D:\Program Files\Java 2008-03-15 10:14 . 2008-03-15 10:14 <REP> d-------- D:\Program Files\Fichiers communs\Java 2008-03-15 01:43 . 2008-03-15 01:54 <REP> d-------- D:\Program Files\ma-config.com 2008-03-15 01:43 . 2008-03-15 15:53 <REP> d-------- D:\Documents and Settings\lisou\Application Data\ma-config.com 2008-03-15 01:27 . 2008-03-15 01:27 <REP> d-------- D:\Documents and Settings\lisou\Application Data\vlc 2008-03-15 01:26 . 2008-03-15 01:26 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-03-15 01:22 . 2008-03-15 01:22 <REP> d-------- D:\Program Files\AxBx 2008-03-15 01:12 . 2001-08-28 13:00 843,832 --a--c--- D:\WINDOWS\system32\dllcache\tintlgnt.ime 2008-03-15 01:11 . 2001-08-28 13:00 10,129,408 --a--c--- D:\WINDOWS\system32\dllcache\hwxkor.dll 2008-03-15 01:10 . 2001-08-28 13:00 13,463,552 --a--c--- D:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-03-15 01:09 . 2001-05-23 05:15 872,557 --a--c--- D:\WINDOWS\system32\dllcache\fp4awel.dll 2008-03-15 01:06 . 2001-08-28 13:00 159,744 --a--c--- D:\WINDOWS\system32\dllcache\icwhelp.dll 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a------ D:\WINDOWS\system32\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 114,688 --a--c--- D:\WINDOWS\system32\dllcache\wuauclt.exe 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a------ D:\WINDOWS\system32\wuaueng.dll 2008-03-15 01:04 . 2001-08-28 13:00 96,256 --a--c--- D:\WINDOWS\system32\dllcache\wuaueng.dll 2008-03-15 01:01 . 2001-08-17 21:51 18,688 --a------ D:\WINDOWS\system32\drivers\irsir.sys 2008-03-15 00:58 . 2001-08-17 20:13 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys 2008-03-15 00:57 . 2001-08-17 21:51 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-16 16:13 4,216,608 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat 2008-03-16 16:13 170,528 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-16 13:14 60,920 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx 2008-03-16 13:14 19,592 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-15 09:00 --------- d-----w D:\Program Files\IncrediMail 2008-01-03 16:11 155,648 ----a-w D:\WINDOWS\system32\NeroCheck .exe 2008-01-02 15:47 13,312 ----a-w D:\WINDOWS\system32\ctfmon .exe 2007-12-31 08:41 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-19 14:13 73,216 ----a-w D:\WINDOWS\WinLockDll.dll 2006-05-06 16:42 7,260,160 ----a-w D:\Program Files\mozilla firefox\plugins\libvlc.dll . <pre> ----a-w 214,456 2008-01-02 15:47:04 D:\Program Files\IncrediMail\bin\IncMail .exe ----a-w 5,674,352 2008-01-02 15:47:19 D:\Program Files\MSN Messenger\msnmsgr .exe ----a-w 13,312 2008-01-02 15:47:02 D:\WINDOWS\system32\ctfmon .exe ----a-w 155,648 2008-01-03 16:11:41 D:\WINDOWS\system32\NeroCheck .exe </pre> ((((((((((((((((((((((((((((( snapshot@2008-03-16_14.18.02.18 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-16 13:16:57 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_2f0.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a533b9b-2f39-40b1-b75c-53a2d7db8e01}] D:\WINDOWS\System32\dxlocflc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CFFABAE-8EC1-4D82-813E-C1FFC0472690}] D:\WINDOWS\System32\gebcc.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative WebCam Tray"="D:\Program Files\Creative\Shared Files\CamTray.exe" [ ] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "License"="locker.exe" [] "f873bcea"="D:\WINDOWS\System32\ehvlhypa.dll" [ ] "VirusKeeper"="D:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-03-07 17:10 2668928] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnmmj] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 V0260VID;Live! Cam Vista IM;D:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-04-01 16:16] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-03-16 15:27:00 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 17:13:57 Windows 5.1.2600 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-16 17:14:46 ComboFix-quarantined-files.txt 2008-03-16 16:14:42

alors j'ai suivi les instructions, j'ai eu 1 rapport mais ça m'a vraiment paru rapide...le voici : WinXP_FR_PRO_BF.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(1)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professionnel" /fastdetect G:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

je viens encore t'appeler à l'aide Pear j'ai lancé combifox mais lrsqu'il s'est fermé je n'ai pas vu où était enregistré le rapport. j'ai cherché dans le fichier combifox, j'ai trouvé 1 bloc-notes, je le colle mais je ne crois pas que ce soit ça... dois-je recommencer la démarche? .:\\(0!|0\\0) D:\\WINDOWS\\system32\\(0!|0\\0) D:\\WINDOWS\\system32\\config\\(0!|0\\0) D:\\WINDOWS\\system32\\csrss.exe\\(0!|0\\0) D:\\WINDOWS\\system32\\drivers\\(0!|0\\0) D:\\WINDOWS\\system32\\hal.dll\\(0!|0\\0) D:\\WINDOWS\\system32\\lsass.exe\\(0!|0\\0) D:\\WINDOWS\\system32\\ntdll.dll\\(0!|0\\0) D:\\WINDOWS\\system32\\services.exe\\(0!|0\\0) D:\\WINDOWS\\system32\\smss.exe\\(0!|0\\0) D:\\WINDOWS\\system32\\svchost.exe\\(0!|0\\0) D:\\WINDOWS\\system32\\userinit.exe\\(0!|0\\0) D:\\WINDOWS\\system32\\wbem\\(0!|0\\0) D:\\WINDOWS\\system32\\winlogon.exe\\(0!|0\\0) D:\\boot.ini\\(0!|0\\0) D:\\ntdetect.com\\(0!|0\\0) D:\\ntldr\\(0!|0\\0) D:\\WINDOWS\\(0!|0\\0) D:\\WINDOWS\\explorer.exe\\(0!|0\\0)

comme je l'avais dit, je ne suis vraiment pas douée en informatique! mais j'y suis finalement parvenue, voici le rapport : SDFix: Version 1.158 Run by lisou on 16/03/2008 at 13:50 Microsoft Windows XP [version 5.1.2600] Running From: D:\DOCUME~1\lisou\Bureau\SDFix Checking Services : Name: xpdx Path: \??\D:\WINDOWS\System32\xpdx.sys xpdx - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: D:\Program Files\Helper\superfindout.dll - Deleted D:\WINDOWS\system32\i - Deleted Folder D:\Program Files\Helper - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 13:54:22 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: Remaining Files : File Backups: - D:\DOCUME~1\lisou\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 2 May 2007 6,934,488 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\57b6ad33717b0f83a86ffafbfb252a83\BIT2.tmp" Finished! je passe donc à la 2è partie