chriflojoca

OK je regarde tout ça. Encore merci et bonne journée. A+

Bonjour Apollo, Un grand MERCI ! L'ordi va beaucoup mieux J'ai effectué les mises à jour des logiciels suivant tes recommandations. Java n'a pas voulu se mettre à jour j'ai donc desinstallé toutes les versions existantes et réinstallé la dernière (7 update 25). En revanche je trouve que le disque dur tourne assez longtemps (+ de 15 mn) suite à un démarrage de l'ordi, avant qu'il n'y ai plus d'accès disque. Est ce normal ? Faut il que je supprime les programmes de désinfection ? Que me conseille tu comme programme(s) pour mieux protéger l'ordi ? Encore un grand merci pour tout le temps que tu m'a consacré. A+

Super ! Voici les rapports demandés : SFT ZHPFix AdwCleaner A+

J'ai effectué la procécédure automatique en cliquant sur le bouton "Fix it" mais j'ai eu un message d'erreur, alors j'ai appliqué la procédure manuelle décrite en dessous. Je ne sais pas si ça a fonctionné. Voici le nouveau rapport ZHPDiag. A+

Et voici le rapport JRT Merci encore pour ton aide A+

Voici le rapport ZHPFix A+

Bonsoir, Voici les rapports ADWCLEANER et MBAM En attendant j'effectue la procédure ZHPFix. A+

Bonsoir, Je sollicite votre aide car je viens de récupérer le PC de ma soeur qui est infecté par des Malwares. J'ai utilisé ADWCLEANER, Malwarebytes et scan avec Microsoft Securtity Essential mais des Malwares persistent (Boxore, etc.) Ci-joint le rapport ZHPDiag. Pouvez-vous m'indiquer la procédure à suivre. Par avance merci pour votre aide.

Bonjour, J'ai suivi tes conseils de désintaller Emule et les fichiers à risque. Il est vrai que mes ennuis ont commencé après avoir téléchargé certains fichiers. J'ai donc appliqué les modifs que tu demandé et j'ai relancé un scan avec antivir. Visiblement plus de détection de Trojans, par contre il y a trois "warning" correspondant à des fichiers ne pouvant être analysés, est ce un problème ? que faut il faire pour qu'Antivir puisse analyser ces fichiers ? Voici le nouveau rapport : Avira AntiVir Personal Report file date: mardi 26 août 2008 09:50 Scanning for 1569415 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: HFI-3FDCCAEC7A0 Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 08:22:51 ANTIVIR3.VDF : 7.0.6.62 3584 Bytes 25/08/2008 08:22:52 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 25/08/2008 08:23:00 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50 AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 25/08/2008 08:22:59 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 25/08/2008 08:22:58 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 25/08/2008 08:22:55 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22 AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:22 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 8.0.0.2 98344 Bytes 25/08/2008 08:22:53 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 26 août 2008 09:50 Starting search for hidden objects. '45057' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'fxssvc.exe' - '1' Module(s) have been scanned Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'stacsv.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'SEPCSuite.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'scardsvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 44 processes with 44 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '55' files ). Starting the file scan: Begin scan in 'C:\' <BOOT> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\X4O9KGGK\eBay_Enhanced_Picture_Control_v1-0-24-0[1].cab [0] Archive type: CAB (Microsoft) --> EPUWALcontrol.inf [WARNING] No further files can be extracted from this archive. The archive will be closed C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DATA> End of the scan: mardi 26 août 2008 10:24 Used time: 33:54 Minute(s) The scan has been done completely. 5359 Scanning directories 351380 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 351378 Files not concerned 8931 Archives were scanned 3 Warnings 0 Notes 45057 Objects were scanned with rootkit scan 0 Hidden objects were found

Me revoilou, après avoir installé Antivir j'ai fais un scan du disque dur et il m'a trouvé des trojans je te poste le rapport. Mon PC serait il toujours infecté ? @+ Avira AntiVir Personal Report file date: lundi 25 août 2008 12:31 Scanning for 1569415 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: HFI-3FDCCAEC7A0 Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 08:22:51 ANTIVIR3.VDF : 7.0.6.62 3584 Bytes 25/08/2008 08:22:52 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 25/08/2008 08:23:00 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50 AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 25/08/2008 08:22:59 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 25/08/2008 08:22:58 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 25/08/2008 08:22:55 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22 AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:22 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 8.0.0.2 98344 Bytes 25/08/2008 08:22:53 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 25 août 2008 12:31 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SEPCSuite.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'fxssvc.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'postgres.exe' - '1' Module(s) have been scanned Scan process 'stacsv.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'scardsvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '55' files ). Starting the file scan: Begin scan in 'C:\' <BOOT> C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\eMule\Incoming\Norton Ghost 12 Fr + keygen.rar [0] Archive type: RAR --> Norton Ghost 12 Fr + keygen\keygen.exe [DETECTION] Is the TR/Spy.Gampass.J Trojan [NOTE] The file was moved to '4924a7ef.qua'! C:\Program Files\eMule\Incoming\Travis_Poker_Timer_1.7.zip [0] Archive type: ZIP --> Travis_Poker_Timer_1.7.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '4913a800.qua'! C:\Program Files\Picasa2\PicasaMediaDetector.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '4915a8f9.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '4916a98e.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '4917a988.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016583.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa3c.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016586.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa3e.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016607.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa40.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016608.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa42.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016627.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa48.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016629.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa4a.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016640.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa4c.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016642.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa4e.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016660.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa54.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016661.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa55.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0016673.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '499de9be.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017005.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48e2aa5e.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017017.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa5f.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017021.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '499de988.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017030.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa60.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017040.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '499de989.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017041.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa61.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017045.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '499de98a.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP178\A0017054.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa62.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP179\A0017061.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa64.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP179\A0017062.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa65.qua'! C:\System Volume Information\_restore{13F335E1-CC2D-4F5D-A23F-F7C6F3E3EC89}\RP186\A0018620.exe [DETECTION] Is the TR/Dldr.Bagle.VT Trojan [NOTE] The file was moved to '48e2aa77.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DATA> D:\A_classer\Paint shop pro X\Corel Paint Shop Pro X - Installation Files\replacer.exe [DETECTION] Is the TR/Crackpai.A.19 Trojan [NOTE] The file was moved to '4922ad67.qua'! D:\A_classer\Paint shop pro X\crack\replacer.exe [DETECTION] Is the TR/Crackpai.A.19 Trojan [NOTE] The file was moved to '4922af96.qua'! End of the scan: lundi 25 août 2008 15:18 Used time: 2:46:50 Hour(s) The scan has been done completely. 5530 Scanning directories 357199 Files were scanned 29 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 29 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 357168 Files not concerned 8952 Archives were scanned 2 Warnings 29 Notes

Salut Apollo.01, Effectivement tout a l'air d'être rentré dans l'odre. J'ai donc remplacé AVAST par ANTIVIR et désintallé Toolbar S&D. Je conserve également MBAM et DrWeb CureIt en cas de soucis. Je te remercie encore pour ton aide réellement efficace et te souhaite une bonne continuation. @+

PS: Comme tu peux le voir dans le rapport MBAM a trouvé encore un trojan qui s'accroche !

Salut, Effectivement, je n'ai plus d'alertes sur le virus et des fonctions de windows se sont rétablies (comme afficher les fichiers et dossiers cachés) Par contre l'icone d'Avast qui se trouve en bas à droite de la barre des taches a disparu. Il faut que je lance l'exe "ashDisp" qui se trouve dans le répertoire du programme pour le faire apparaitre de nouveau et recommencer la manip à chaque redemarrage de Windows. Note: Je m'absente 15 jours et ne pense pas avoir d'accès à internet d'ici là. Je te poste donc les rapports que tu m'as demandé et je prendrai connaissance de ta réponse à mon retour. Bonne continuation et merci pour ton aide. @+ Rapport de Toolbar-S&D : -----------\\ ToolBar S&D 1.0.7 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Christophe ] [ "C:\Toolbar SD" ] [ Selection : 1 ] [ 01/08/2008 | 23:28:42,82 ] [ PC : HFI-3FDCCAEC7A0 ] [ MAJ : 25-07-2008 | 17:35 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\CHRIST~1\Cookies\christophe@search.conduit[1].txt -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_Search_URL"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" -----------\\ Fin du rapport a 23:29:10,23 Rapport de JavaRa : JavaRa 1.10 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Aug 02 00:20:37 2008 Found and removed: C:\Program Files\Java\jre1.5.0_12 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\JavaSoft\Java2D\1.5.0_12 Found and removed: Software\JavaSoft\Java2D\1.6.0_01 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_12 Found and removed: SOFTWARE\Classes\JavaPlugin.150_12 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_12 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150120} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B06123E6D18D74FA6711404FCAC1B8 ------------------------------------ Finished reporting. Rapport de MBAM : Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1015 Windows 5.1.2600 Service Pack 2 00:59:01 02/08/2008 mbam-log-8-2-2008 (00-59-01).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 93714 Temps écoulé: 32 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Salut, Voici le rapport de l'outil Dr.Web : ComboFix.exe\327882R2FWJFW\psexec.cfexe ComboFix.exe A0017146.exe\327882R2FWJFW\psexec.cfexe A0017146.exe A0017086.EXE et voici le log Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:47:27, on 31/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-57989841-746137067-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8839 bytes @+

Bonjour, Je viens donc demander de l'aide, car mon PC est infecté par le virus Win32:Beagle-AAW. Après avoir parcouru le forum j'ai trouvé des post similaires. J'ai donc téléchargé combofix que j'ai ensuite lancé. Par contre j'ai oublié de désactiver mon antivirus (Avast) comme précisé dans un post. Pendant l'analyse de combofix mon PC a redémarré et visiblement Avast a été désactivé mais maintenant Avast ne se lance plus au démarrage. J'ai également lu qu'Antivir serait plus efficace qu'Avast, que me conseillez-vous ? Merci d'avance pour votre aide. Je joint ci-dessous le rapport de combofix : ComboFix 08-07-28.4 - Christophe 2008-07-29 11:48:38.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1548 [GMT 2:00] Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\mdelk.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_srosa ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))))))) . 2008-07-29 11:51 . 2008-07-29 11:51 <REP> d-------- C:\WINDOWS\system32\drivers\downld 2008-07-28 18:19 . 2008-07-28 18:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-28 18:19 . 2008-07-28 18:19 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\Malwarebytes 2008-07-28 18:19 . 2008-07-28 18:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-28 18:19 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-28 18:19 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-24 17:31 . 2008-07-24 18:10 <REP> d-------- C:\XPCD 2008-07-18 17:38 . 2008-07-18 17:38 <REP> d-------- C:\Documents and Settings\Christophe\IGC 2008-07-18 17:38 . 2008-07-18 17:38 <REP> d-------- C:\Documents and Settings\Christophe\Application Data\AutoDWG 2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\WINDOWS\system32\shxfont 2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\WINDOWS\system32\PS 2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\Program Files\IGC 2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\Program Files\AutoDWG 2008-07-18 17:36 . 2002-11-21 10:13 3,907,640 --a------ C:\WINDOWS\system32\gsdll32.dll 2008-07-18 17:36 . 2001-08-23 03:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-07-18 17:36 . 2003-05-28 12:19 245,408 -r------- C:\WINDOWS\system32\unicows.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-28 16:43 --------- d-----w C:\Program Files\eMule 2008-07-28 07:58 --------- d-----w C:\Program Files\PokerStars 2008-07-18 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-26 15:12 --------- d-----w C:\Program Files\Avanquest update 2008-06-26 14:43 --------- d-----w C:\Program Files\MagicISO 2008-06-26 14:29 --------- d-----w C:\Program Files\free-downloads.net 2008-06-26 14:29 --------- d-----w C:\Program Files\Alcohol Soft 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-16 13:34 --------- d-----w C:\Program Files\Java 2008-06-16 13:33 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-29 08:39 --------- d-----w C:\Program Files\Tecmedia . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2007-12-10 13:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2004-09-18 10:10 704520] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 17:32 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 17:30 974848] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 20:05 8429568] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-28 20:05 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520] "nwiz"="nwiz.exe" [2007-04-28 20:05 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-04-28 20:05 67584 C:\WINDOWS\system32\nvhotkey.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP54"= SP5X_32.DLL "VIDC.SP55"= SP5X_32.DLL "VIDC.SP56"= SP5X_32.DLL "VIDC.SP57"= SP5X_32.DLL "VIDC.SP58"= SP5X_32.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "D:\\Logiciels\\ADSLTV\\adsltv.exe"= "D:\\Logiciels\\ADSLTV\\vlc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11574:TCP"= 11574:TCP:BitComet 11574 TCP "11574:UDP"= 11574:UDP:BitComet 11574 UDP R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 CommSBEP;CommSBEP;C:\WINDOWS\system32\drivers\CommSBEP.sys [2000-04-27 15:09] R2 pgsql-8.2;PostgreSQL Database Server 8.2;C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe runservice -w -N pgsql-8.2 -D C:\Program Files\PostgreSQL\8.2\data\ [] S3 Ca100v;PenCam SD, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca100v.sys [2002-08-30 22:35] S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk100.sys [2002-07-26 18:19] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ccce362-d55e-11dc-aeb1-001c23b1640b}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/ R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-29 11:51:39 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe C:\Program Files\PostgreSQL\8.2\bin\postgres.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\PostgreSQL\8.2\bin\postgres.exe C:\Program Files\PostgreSQL\8.2\bin\postgres.exe C:\Program Files\PostgreSQL\8.2\bin\postgres.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE . ************************************************************************** . Temps d'accomplissement: 2008-07-29 11:58:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-29 09:58:43 Pre-Run: 17,894,727,680 octets libres Post-Run: 17,820,897,280 octets libres 174 --- E O F --- 2008-07-29 09:55:58