BenHK

Pas de symptome, tout à l'air OK ! Je ne vois pas quoi faire de plus! Mettre ce topic en [résolu] peut etre ? Merci à toi pour ton support!

Pas de virus detectés, mais 1 warning (fichier qui ne peut pas etre analysé.....louche?) Avira AntiVir Personal Report file date: jeudi 14 août 2008 00:10 Scanning for 1551124 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NOM-729E9FB7EDF Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 04/08/2008 21:30:44 ANTIVIR3.VDF : 7.0.6.9 292864 Bytes 13/08/2008 20:14:36 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 10/08/2008 21:33:08 AESCN.DLL : 8.1.0.23 119156 Bytes 10/08/2008 21:33:02 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52 AEPACK.DLL : 8.1.2.1 364917 Bytes 10/08/2008 21:32:58 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 10/08/2008 21:32:50 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 10/08/2008 21:32:46 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52 AEGEN.DLL : 8.1.0.35 315764 Bytes 10/08/2008 21:31:04 AEEMU.DLL : 8.1.0.7 430452 Bytes 10/08/2008 21:30:58 AECORE.DLL : 8.1.1.8 172406 Bytes 10/08/2008 21:30:52 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 8.0.0.2 98344 Bytes 10/08/2008 21:30:48 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 14 août 2008 00:10 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process '1XConfig.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 37 processes with 37 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '56' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' End of the scan: jeudi 14 août 2008 00:30 Used time: 19:48 Minute(s) The scan has been done completely. 3033 Scanning directories 175690 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 175689 Files not concerned 6445 Archives were scanned 1 Warnings 0 Notes

Antivir fonctionne bien et est à jour. Je vais faire un scan complet et poster le rapport (surement demain). Merci à toi

Voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:43:24, on 13/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ASUS\Wireless Console\wcourier.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\bspitale\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O15 - Trusted Zone: www.secuser.com O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218403496744 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C9FADE82-62DB-4801-8C84-061BBAF62D58}: NameServer = 212.27.40.240,212.27.40.241 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 5787 bytes

J'ai suivi tes indications, rien n'a été trouvé. bon signe ? Merci

Bonsoir Falkra, J'ai suivi tes indications, voici mon nouveau rapport : Merci d'avance, ComboFix 08-08-12.01 - bspitale 2008-08-13 22:51:54.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.647 [GMT 2:00] Endroit: C:\Documents and Settings\bspitale\Bureau\combo-fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))))))) . 2008-08-13 20:27 . 2008-08-13 20:26 26,485,505 --a------ C:\WINDOWS\LPT$VPN.475 2008-08-13 20:26 . 2008-08-13 20:26 26,485,505 --a------ C:\WINDOWS\VPTNFILE.475 2008-08-13 20:25 . 2008-08-13 20:25 <REP> d-------- C:\WINDOWS\AU_Temp 2008-08-13 20:19 . 2008-08-13 20:19 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Windows Search 2008-08-13 20:14 . 2008-08-13 20:14 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Windows Desktop Search 2008-08-13 20:13 . 2008-08-13 20:13 <REP> d-------- C:\WINDOWS\system32\GroupPolicy 2008-08-13 20:13 . 2008-08-13 20:13 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-08-13 20:13 . 2008-08-13 20:13 <REP> d-------- C:\Program Files\Windows Desktop Search 2008-08-13 20:13 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-08-13 20:13 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-08-13 20:13 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-08-13 20:11 . 2008-08-13 20:11 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-08-13 20:11 . 2008-08-13 20:11 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-13 20:07 . 2008-08-13 20:07 <REP> d-------- C:\WINDOWS\system32\URTTemp 2008-08-13 20:07 . 2008-05-01 16:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 20:05 . 2008-07-22 16:59 1,214,526 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-08-13 20:05 . 2008-07-22 16:59 790,846 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-08-13 20:05 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 20:05 . 2008-07-22 16:59 9,696 --------- C:\WINDOWS\system32\dllcache\drvmain.sdb 2008-08-12 21:02 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-12 21:02 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-12 21:02 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-12 21:02 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-12 21:02 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-12 21:02 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-12 21:02 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-12 21:02 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-12 21:02 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-11 23:08 . 2008-08-11 23:08 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-11 17:52 . 2008-08-11 17:52 <REP> d-------- C:\WINDOWS\BisonCam 2008-08-11 17:50 . 2008-08-11 17:50 <REP> d-------- C:\Program Files\Synaptics 2008-08-11 17:50 . 2004-12-22 08:23 186,240 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-08-11 17:50 . 2004-12-22 08:23 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-08-11 17:50 . 2004-12-22 08:23 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-08-11 17:50 . 2004-12-22 08:23 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-08-11 17:50 . 2004-12-22 08:23 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-08-11 17:50 . 2004-12-22 08:23 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-08-11 17:45 . 2005-05-03 12:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\system32\fr 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\system32\bits 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\l2schemas 2008-08-11 07:48 . 2008-08-11 07:49 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-08-11 07:42 . 2008-08-11 07:42 <REP> d-------- C:\WINDOWS\EHome 2008-08-11 03:00 . 2008-08-11 03:00 <REP> d-------- C:\Program Files\MSXML 4.0 2008-08-11 00:40 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-11 00:40 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-11 00:20 . 2008-08-11 00:20 <REP> d-------- C:\WINDOWS\report 2008-08-11 00:20 . 2008-08-11 00:20 <REP> d-------- C:\WINDOWS\AU_Backup 2008-08-11 00:20 . 2008-08-13 20:26 1,964,523 --a------ C:\WINDOWS\tsc.ptn 2008-08-11 00:20 . 2008-08-13 20:26 1,213,784 --a------ C:\WINDOWS\vsapi32.dll 2008-08-11 00:20 . 2008-08-13 20:26 333,576 --a------ C:\WINDOWS\TSC.exe 2008-08-11 00:20 . 2008-08-13 20:26 91,744 --a------ C:\WINDOWS\BPMNT.dll 2008-08-11 00:20 . 2008-08-13 20:26 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-08-11 00:20 . 2008-08-13 21:45 823 --a------ C:\WINDOWS\tsc.ini 2008-08-11 00:02 . 2008-08-11 00:02 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\AdobeUM 2008-08-10 23:56 . 2008-08-10 23:56 <REP> d-------- C:\WINDOWS\AU_Log 2008-08-10 23:56 . 2008-08-10 23:56 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-08-10 23:56 . 2008-08-10 23:56 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-08-10 23:56 . 2008-08-10 23:56 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-08-10 23:56 . 2008-08-13 20:25 170 --a------ C:\WINDOWS\GetServer.ini 2008-08-10 23:55 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-08-10 23:46 . 2008-08-10 23:46 <REP> d-------- C:\Program Files\ASUS 2008-08-10 23:43 . 2008-08-10 23:43 <REP> d-------- C:\WINDOWS\nview 2008-08-10 23:43 . 2005-05-25 16:02 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-10 23:43 . 2005-05-25 16:02 14,531 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-10 23:35 . 2008-08-10 23:35 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-10 23:27 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-10 23:27 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-10 23:27 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-10 23:27 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-10 23:27 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-10 23:22 . 2008-08-10 23:22 <REP> d--hs---- C:\Documents and Settings\bspitale\UserData 2008-08-10 23:21 . 2008-08-10 23:21 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Intel 2008-08-10 23:21 . 2008-08-10 23:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-08-10 23:21 . 2008-08-10 23:21 17,119 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-08-10 23:20 . 2008-08-10 23:20 <REP> d-------- C:\Program Files\Intel 2008-08-10 23:20 . 2004-10-15 10:20 1,654,784 --a------ C:\WINDOWS\system32\W29MLRES.DLL 2008-08-10 23:20 . 2004-11-24 10:23 13 -ra------ C:\WINDOWS\system32\drivers\verfile.tic 2008-08-10 22:07 . 2008-08-10 22:07 <REP> d--hs---- C:\FOUND.000 2008-08-10 21:57 . 2008-08-10 21:57 <REP> d--h----- C:\WINDOWS\PIF 2008-08-10 21:49 . 2008-08-10 21:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-10 21:49 . 2008-08-10 21:49 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Malwarebytes 2008-08-10 21:49 . 2008-08-10 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-10 21:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-10 21:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 21:23 . 2008-08-10 21:23 <REP> d-------- C:\Program Files\Avira 2008-08-10 21:23 . 2008-08-10 21:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d--h----- C:\Documents and Settings\bspitale\Voisinage réseau 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d--h----- C:\Documents and Settings\bspitale\Voisinage d'impression 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d--h----- C:\Documents and Settings\bspitale\Modèles 2008-08-10 21:15 . 2008-08-11 17:43 <REP> dr------- C:\Documents and Settings\bspitale\Mes documents 2008-08-10 21:15 . 2008-08-10 20:24 <REP> dr------- C:\Documents and Settings\bspitale\Menu Démarrer 2008-08-10 21:15 . 2008-08-11 07:57 <REP> dr------- C:\Documents and Settings\bspitale\Favoris 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d-------- C:\Documents and Settings\bspitale\Bureau 2008-08-10 21:15 . 2008-08-10 21:15 <REP> d-------- C:\Documents and Settings\bspitale 2008-08-10 21:12 . 2008-08-10 21:13 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-08-10 21:11 . 2008-08-10 21:11 <REP> d--hs---- C:\Recycled 2008-08-10 21:11 . 2008-08-10 21:11 61 --a------ C:\WINDOWS\smscfg.ini 2008-08-10 21:09 . 2008-08-10 21:11 333 --a------ C:\WINDOWS\system32\$ncsp$.inf 2008-07-22 20:31 . 2008-07-22 20:31 84,820 --------- C:\WINDOWS\system32\dllcache\apps.chm 2008-07-22 20:29 . 2008-07-22 20:29 239,234 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-10 18:39 --------- d-----w C:\Program Files\Realtek 2008-08-10 18:39 --------- d-----w C:\Program Files\CONEXANT 2008-08-10 18:38 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-08-10 18:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-10 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-08-10 18:32 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-10 18:30 --------- d-----w C:\Program Files\Services en ligne 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-05-26 20:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll 2008-05-26 20:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll 2008-05-26 20:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll 2008-05-26 20:19 273,408 ------w C:\WINDOWS\system32\oeph.dll 2008-05-26 20:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll 2008-05-26 20:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll 2008-05-26 20:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll 2008-05-26 20:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll 2008-05-26 20:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll 2008-05-26 20:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll 2008-05-26 20:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll 2008-05-26 20:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll 2008-05-26 20:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe 2008-05-26 20:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll 2008-05-26 20:18 350,208 ------w C:\WINDOWS\system32\mssph.dll 2008-05-26 20:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll 2008-05-26 20:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll 2008-05-26 20:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe 2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe 2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll 2008-05-26 20:17 754,176 ------w C:\WINDOWS\system32\propsys.dll 2008-05-26 20:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll 2008-05-26 20:17 34,816 ------w C:\WINDOWS\system32\msscb.dll 2008-05-26 20:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll 2008-05-26 20:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll 2008-05-26 20:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll 2008-05-26 19:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin 2008-05-26 19:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-05-12 00:15 102400] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27 385024] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31 356352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-25 16:02 5562368] "Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-03-02 21:52 57344] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 08:23 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 08:23 688218] "nwiz"="nwiz.exe" [2005-05-25 16:02 1495040 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 09:37 14477312 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-07-05 16:14] R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-09-17 00:42] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\bspitale\Application Data\Mozilla\Firefox\Profiles\4ef2hwxj.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 22:53:06 Windows 5.1.2600 Service Pack 3 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-13 22:53:31 ComboFix-quarantined-files.txt 2008-08-13 20:53:30 ComboFix2.txt 2008-08-13 19:53:18 Pre-Run: 36,584,947,712 octets libres Post-Run: 36,570,923,008 octets libres 223 --- E O F --- 2008-08-12 19:03:53

Bonjour à tous, Vous connaissez l'histoire : Avast est installé, je télécharge un crack et me voilà infecté par Beagle-AAW (bienfait pour moi). Après quelques lectures au sujet de ce ver, je vire avast et install Antivir puis je lis qu'il faut redémarrer en mode sans échec pour lancer une analyse. Ce que je n'avais pas lu, c'est qu'il ne fallait surtout pas forcer le mode sans échec par MSCONFIG.....du coup impossible de relancer le PC. J'ai restauré windows XP (avec les 2 CD fournis lors de l'achat de mon PC portable ASUS). Je pensai être débarassé mais antivir m'a détecté un virus tout à l'heure sur une clé USB qui était connecté (peut etre rien à voir avec Beagle-AAW): "Virus or unwanted program 'BDS/Hupigon.vur [backdoor]' detected in file 'I:\svrhost.abc." J'ai donc suivi la procédure de ComboFix et voici mon rapport. Suis-je encore infecté ? Merci beaucoup pour votre analyse. ________________________________________________________________________________ ___________________________ ComboFix 08-08-12.01 - bspitale 2008-08-13 21:51:43.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.634 [GMT 2:00] Endroit: C:\Documents and Settings\bspitale\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))))))) . 2008-08-13 20:27 . 2008-08-13 20:26 26,485,505 --a------ C:\WINDOWS\LPT$VPN.475 2008-08-13 20:26 . 2008-08-13 20:26 26,485,505 --a------ C:\WINDOWS\VPTNFILE.475 2008-08-13 20:25 . 2008-08-13 20:25 <REP> d-------- C:\WINDOWS\AU_Temp 2008-08-13 20:19 . 2008-08-13 20:19 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Windows Search 2008-08-13 20:14 . 2008-08-13 20:14 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Windows Desktop Search 2008-08-13 20:13 . 2008-08-13 20:13 <REP> d-------- C:\WINDOWS\system32\GroupPolicy 2008-08-13 20:13 . 2008-08-13 20:13 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-08-13 20:13 . 2008-08-13 20:13 <REP> d-------- C:\Program Files\Windows Desktop Search 2008-08-13 20:13 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-08-13 20:13 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-08-13 20:13 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-08-13 20:11 . 2008-08-13 20:11 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-08-13 20:11 . 2008-08-13 20:11 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-13 20:07 . 2008-08-13 20:07 <REP> d-------- C:\WINDOWS\system32\URTTemp 2008-08-13 20:07 . 2008-05-01 16:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 20:05 . 2008-07-22 16:59 1,214,526 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-08-13 20:05 . 2008-07-22 16:59 790,846 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-08-13 20:05 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 20:05 . 2008-07-22 16:59 9,696 --------- C:\WINDOWS\system32\dllcache\drvmain.sdb 2008-08-12 21:02 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-12 21:02 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-12 21:02 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-12 21:02 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-12 21:02 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-12 21:02 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-12 21:02 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-12 21:02 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-12 21:02 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-11 23:08 . 2008-08-11 23:08 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-11 17:52 . 2008-08-11 17:52 <REP> d-------- C:\WINDOWS\BisonCam 2008-08-11 17:50 . 2008-08-11 17:50 <REP> d-------- C:\Program Files\Synaptics 2008-08-11 17:50 . 2004-12-22 08:23 186,240 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-08-11 17:50 . 2004-12-22 08:23 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-08-11 17:50 . 2004-12-22 08:23 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-08-11 17:50 . 2004-12-22 08:23 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-08-11 17:50 . 2004-12-22 08:23 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-08-11 17:50 . 2004-12-22 08:23 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-08-11 17:45 . 2005-05-03 12:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\system32\fr 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\system32\bits 2008-08-11 07:50 . 2008-08-11 07:50 <REP> d-------- C:\WINDOWS\l2schemas 2008-08-11 07:48 . 2008-08-11 07:49 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-08-11 07:42 . 2008-08-11 07:42 <REP> d-------- C:\WINDOWS\EHome 2008-08-11 03:00 . 2008-08-11 03:00 <REP> d-------- C:\Program Files\MSXML 4.0 2008-08-11 00:40 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-11 00:40 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-11 00:20 . 2008-08-11 00:20 <REP> d-------- C:\WINDOWS\report 2008-08-11 00:20 . 2008-08-11 00:20 <REP> d-------- C:\WINDOWS\AU_Backup 2008-08-11 00:20 . 2008-08-13 20:26 1,964,523 --a------ C:\WINDOWS\tsc.ptn 2008-08-11 00:20 . 2008-08-13 20:26 1,213,784 --a------ C:\WINDOWS\vsapi32.dll 2008-08-11 00:20 . 2008-08-13 20:26 333,576 --a------ C:\WINDOWS\TSC.exe 2008-08-11 00:20 . 2008-08-13 20:26 91,744 --a------ C:\WINDOWS\BPMNT.dll 2008-08-11 00:20 . 2008-08-13 20:26 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-08-11 00:20 . 2008-08-13 21:45 823 --a------ C:\WINDOWS\tsc.ini 2008-08-11 00:02 . 2008-08-11 00:02 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\AdobeUM 2008-08-10 23:56 . 2008-08-10 23:56 <REP> d-------- C:\WINDOWS\AU_Log 2008-08-10 23:56 . 2008-08-10 23:56 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-08-10 23:56 . 2008-08-10 23:56 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-08-10 23:56 . 2008-08-10 23:56 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-08-10 23:56 . 2008-08-13 20:25 170 --a------ C:\WINDOWS\GetServer.ini 2008-08-10 23:55 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-08-10 23:46 . 2008-08-10 23:46 <REP> d-------- C:\Program Files\ASUS 2008-08-10 23:43 . 2008-08-10 23:43 <REP> d-------- C:\WINDOWS\nview 2008-08-10 23:43 . 2005-05-25 16:02 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-10 23:43 . 2005-05-25 16:02 14,531 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-10 23:35 . 2008-08-10 23:35 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-10 23:27 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-10 23:27 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-10 23:27 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-10 23:27 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-10 23:27 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-10 23:22 . 2008-08-10 23:22 <REP> d--hs---- C:\Documents and Settings\bspitale\UserData 2008-08-10 23:21 . 2008-08-10 23:21 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Intel 2008-08-10 23:21 . 2008-08-10 23:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-08-10 23:21 . 2008-08-10 23:21 17,119 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-08-10 23:20 . 2008-08-10 23:20 <REP> d-------- C:\Program Files\Intel 2008-08-10 23:20 . 2004-10-15 10:20 1,654,784 --a------ C:\WINDOWS\system32\W29MLRES.DLL 2008-08-10 23:20 . 2004-11-24 10:23 13 -ra------ C:\WINDOWS\system32\drivers\verfile.tic 2008-08-10 22:07 . 2008-08-10 22:07 <REP> d--hs---- C:\FOUND.000 2008-08-10 21:57 . 2008-08-10 21:57 <REP> d--h----- C:\WINDOWS\PIF 2008-08-10 21:49 . 2008-08-10 21:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-10 21:49 . 2008-08-10 21:49 <REP> d-------- C:\Documents and Settings\bspitale\Application Data\Malwarebytes 2008-08-10 21:49 . 2008-08-10 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-10 21:49 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-10 21:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 21:23 . 2008-08-10 21:23 <REP> d-------- C:\Program Files\Avira 2008-08-10 21:23 . 2008-08-10 21:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d--h----- C:\Documents and Settings\bspitale\Voisinage réseau 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d--h----- C:\Documents and Settings\bspitale\Voisinage d'impression 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d--h----- C:\Documents and Settings\bspitale\Modèles 2008-08-10 21:15 . 2008-08-11 17:43 <REP> dr------- C:\Documents and Settings\bspitale\Mes documents 2008-08-10 21:15 . 2008-08-10 20:24 <REP> dr------- C:\Documents and Settings\bspitale\Menu Démarrer 2008-08-10 21:15 . 2008-08-11 07:57 <REP> dr------- C:\Documents and Settings\bspitale\Favoris 2008-08-10 21:15 . 2008-08-10 20:24 <REP> d-------- C:\Documents and Settings\bspitale\Bureau 2008-08-10 21:15 . 2008-08-10 21:15 <REP> d-------- C:\Documents and Settings\bspitale 2008-08-10 21:12 . 2008-08-10 21:13 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-08-10 21:11 . 2008-08-10 21:11 <REP> d--hs---- C:\Recycled 2008-08-10 21:11 . 2008-08-10 21:11 61 --a------ C:\WINDOWS\smscfg.ini 2008-08-10 21:09 . 2008-08-10 21:11 333 --a------ C:\WINDOWS\system32\$ncsp$.inf 2008-07-22 20:31 . 2008-07-22 20:31 84,820 --------- C:\WINDOWS\system32\dllcache\apps.chm 2008-07-22 20:29 . 2008-07-22 20:29 239,234 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-10 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-10 18:39 --------- d-----w C:\Program Files\Realtek 2008-08-10 18:39 --------- d-----w C:\Program Files\CONEXANT 2008-08-10 18:38 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-08-10 18:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-10 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-08-10 18:32 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-10 18:30 --------- d-----w C:\Program Files\Services en ligne 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-05-26 20:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll 2008-05-26 20:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll 2008-05-26 20:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll 2008-05-26 20:19 273,408 ------w C:\WINDOWS\system32\oeph.dll 2008-05-26 20:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll 2008-05-26 20:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll 2008-05-26 20:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll 2008-05-26 20:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll 2008-05-26 20:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll 2008-05-26 20:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll 2008-05-26 20:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll 2008-05-26 20:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll 2008-05-26 20:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe 2008-05-26 20:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll 2008-05-26 20:18 350,208 ------w C:\WINDOWS\system32\mssph.dll 2008-05-26 20:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll 2008-05-26 20:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll 2008-05-26 20:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe 2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe 2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll 2008-05-26 20:17 754,176 ------w C:\WINDOWS\system32\propsys.dll 2008-05-26 20:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll 2008-05-26 20:17 34,816 ------w C:\WINDOWS\system32\msscb.dll 2008-05-26 20:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll 2008-05-26 20:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll 2008-05-26 20:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll 2008-05-26 19:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin 2008-05-26 19:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-05-12 00:15 102400] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27 385024] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31 356352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-25 16:02 5562368] "Wireless Console"="C:\Program Files\ASUS\Wireless Console\wcourier.exe" [2005-03-02 21:52 57344] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 08:23 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 08:23 688218] "nwiz"="nwiz.exe" [2005-05-25 16:02 1495040 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 09:37 14477312 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-07-05 16:14] R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-09-17 00:42] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\bspitale\Application Data\Mozilla\Firefox\Profiles\4ef2hwxj.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 21:52:52 Windows 5.1.2600 Service Pack 3 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-13 21:53:16 ComboFix-quarantined-files.txt 2008-08-13 19:53:16 Pre-Run: 36,556,832,768 octets libres Post-Run: 36,604,051,456 octets libres 229 --- E O F --- 2008-08-12 19:03:53