kroll33

Heu.. Si tu as bien lu la log ce qui a été "skiped" se ne sont pas des virus, la log est pourtant claire en indiquant : "detected: riskware not-a-virus" Ca concerne VNC, les utilitaires de recuperation de password et autres logiciel d'administration à distance. Le fenetre popup etait jaune et non pas rouge. C'est sympas de vouloir aider mais faut pas lire en diagonale les resultats. Si tu n'as pas le temps de lire les messages entierement ne propose ton aide que lorsque tu as le temps. Merci quand même de t'être interressé à mon problème.

Bonjour J'ai fait le scan cette nuit en enlevant les disques unoquement de stockage. La log fait 500Ko a cause des "password protected" et des "processing error" (grosses archives multivolumes) J'ai fait le menage dans la log en enlevant les lignes avec ces deux erreurs. Il reste ça : Scan ---- Scanned: 1633783 Detected: 27 Untreated: 22 Start time: 05/11/2008 21:23:19 Duration: 11:24:42 Finish time: 06/11/2008 08:48:01 Detected -------- Status Object ------ ------ detected: riskware not-a-virus:RiskTool.Win32.PsKill.k File: D:\winappli\rootkit\clean\pskill.exe detected: riskware not-a-virus:RiskTool.Win32.Reboot.f File: D:\winappli\rootkit\SmitfraudFix\Reboot.exe deleted: Trojan program Backdoor.Win32.IRCBot.exe File: D:\winappli\TuneUp Utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact detected: adware not-a-virus:AdWare.Win32.Gator.3202 File: G:\Sauve\Films\codecs\DivXPro502GAINBundle.exe//Gain_Trickler.exe deleted: Trojan program Backdoor.Win32.IRCBot.exe File: G:\Sauve\portable\Program Files\interventions\TuneUp_Utilities_2007_v6[1].0.2200_French.zip/tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact detected: riskware not-a-virus:PSWTool.Win32.AirCrack.a File: G:\Sauve\portable\Program Files\interventions\reseau\WinAircrack.zip/WinAircrackPack/aircrack.exe detected: riskware not-a-virus:PSWTool.Win32.AirCrack.a File: G:\Sauve\portable\Program Files\interventions\reseau\WinAirCrack_PE_1.0\files\aircrack.exe detected: riskware not-a-virus:RiskTool.Win32.PsKill.k File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\clean\pskill.exe detected: riskware not-a-virus:RiskTool.Win32.Reboot.f File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\SmitfraudFix\Reboot.exe deleted: riskware not-a-virus:WebToolbar.Win32.WhenU.a File: G:\Sauve\portable\Program Files\WinAce\VVSNInst.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: G:\UBCD4Win\BartPE\I386\SYSTEM32\WM_HOOKS.DLL detected: riskware not-a-virus:NetTool.Win32.Portscan.c File: G:\UBCD4Win\BartPE\PROGRAMS\IPScan\ipscan.exe//UPX detected: riskware not-a-virus:PSWTool.Win32.PasswordsPro.k File: G:\UBCD4Win\BartPE\PROGRAMS\PassPro\PasswordsPro.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.c File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\vnchooks.dll detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.c File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\winvnc.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\vncconfig.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\winvnc4.exe detected: riskware not-a-virus:NetTool.Win32.Portscan.c File: G:\UBCD4Win\plugin\Network\ipscan\ipscan.exe//UPX detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.c File: G:\UBCD4Win\plugin\Network\ultravnc\files\vnchooks.dll detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.c File: G:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: G:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: G:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: G:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.4 File: G:\UBCD4Win\plugin\Network\VNCServer\wm_hooks.dll detected: riskware not-a-virus:PSWTool.Win32.PasswordsPro.k File: G:\UBCD4Win\plugin\Password\passwordspro\files\PasswordsPro.exe not found: virus Heur.Invader (modification) File: D:\winappli\rootkit\ComboFix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe not found: virus Heur.Invader (modification) File: F:\t\ComboFix.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe Events ------ Time Name Status Reason ---- ---- ------ ------ 05/11/2008 21:41:34 File: D:\winappli\rootkit\clean\pskill.exe detected riskware 'not-a-virus:RiskTool.Win32.PsKill.k' 05/11/2008 21:41:34 File: D:\winappli\rootkit\clean\pskill.exe not disinfected postponed 05/11/2008 21:41:37 File: D:\winappli\rootkit\SmitfraudFix\Reboot.exe detected riskware 'not-a-virus:RiskTool.Win32.Reboot.f' 05/11/2008 21:41:37 File: D:\winappli\rootkit\SmitfraudFix\Reboot.exe not disinfected postponed 05/11/2008 21:42:19 File: D:\winappli\TuneUp Utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact detected Trojan program 'Backdoor.Win32.IRCBot.exe' 05/11/2008 21:42:19 File: D:\winappli\TuneUp Utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact not disinfected postponed 05/11/2008 23:49:32 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAircrack.zip/WinAircrackPack/aircrack.exe detected riskware 'not-a-virus:PSWTool.Win32.AirCrack.a' 05/11/2008 23:49:32 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAircrack.zip/WinAircrackPack/aircrack.exe not disinfected postponed 05/11/2008 23:49:37 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAirCrack_PE_1.0\files\aircrack.exe detected riskware 'not-a-virus:PSWTool.Win32.AirCrack.a' 05/11/2008 23:49:37 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAirCrack_PE_1.0\files\aircrack.exe not disinfected postponed 05/11/2008 23:49:47 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\clean\pskill.exe detected riskware 'not-a-virus:RiskTool.Win32.PsKill.k' 05/11/2008 23:49:47 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\clean\pskill.exe not disinfected postponed 05/11/2008 23:49:49 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\SmitfraudFix\Reboot.exe detected riskware 'not-a-virus:RiskTool.Win32.Reboot.f' 05/11/2008 23:49:49 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\SmitfraudFix\Reboot.exe not disinfected postponed 05/11/2008 23:51:36 File: G:\Sauve\portable\Program Files\WinAce\VVSNInst.exe detected riskware 'not-a-virus:WebToolbar.Win32.WhenU.a' 05/11/2008 23:51:36 File: G:\Sauve\portable\Program Files\WinAce\VVSNInst.exe not disinfected postponed 05/11/2008 23:58:54 File: G:\UBCD4Win\BartPE\I386\SYSTEM32\WM_HOOKS.DLL detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 05/11/2008 23:58:54 File: G:\UBCD4Win\BartPE\I386\SYSTEM32\WM_HOOKS.DLL not disinfected postponed 05/11/2008 23:59:52 File: G:\UBCD4Win\BartPE\PROGRAMS\IPScan\ipscan.exe//UPX detected riskware 'not-a-virus:NetTool.Win32.Portscan.c' 05/11/2008 23:59:52 File: G:\UBCD4Win\BartPE\PROGRAMS\IPScan\ipscan.exe//UPX not disinfected postponed 06/11/2008 00:00:05 File: G:\UBCD4Win\BartPE\PROGRAMS\PassPro\PasswordsPro.exe detected riskware 'not-a-virus:PSWTool.Win32.PasswordsPro.k' 06/11/2008 00:00:05 File: G:\UBCD4Win\BartPE\PROGRAMS\PassPro\PasswordsPro.exe not disinfected postponed 06/11/2008 00:00:22 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\vnchooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 00:00:22 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\vnchooks.dll not disinfected postponed 06/11/2008 00:00:22 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\winvnc.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 00:00:22 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\winvnc.exe not disinfected postponed 06/11/2008 00:00:23 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\vncconfig.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 00:00:23 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\vncconfig.exe not disinfected postponed 06/11/2008 00:00:23 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\winvnc4.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 00:00:23 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\winvnc4.exe not disinfected postponed 06/11/2008 00:01:42 File: G:\UBCD4Win\plugin\Network\ipscan\ipscan.exe//UPX detected riskware 'not-a-virus:NetTool.Win32.Portscan.c' 06/11/2008 00:01:42 File: G:\UBCD4Win\plugin\Network\ipscan\ipscan.exe//UPX not disinfected postponed 06/11/2008 00:01:44 File: G:\UBCD4Win\plugin\Network\ultravnc\files\vnchooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 00:01:44 File: G:\UBCD4Win\plugin\Network\ultravnc\files\vnchooks.dll not disinfected postponed 06/11/2008 00:01:44 File: G:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 00:01:44 File: G:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe not disinfected postponed 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe not disinfected postponed 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe not disinfected postponed 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe not disinfected postponed 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\wm_hooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Network\VNCServer\wm_hooks.dll not disinfected postponed 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Password\passwordspro\files\PasswordsPro.exe detected riskware 'not-a-virus:PSWTool.Win32.PasswordsPro.k' 06/11/2008 00:01:45 File: G:\UBCD4Win\plugin\Password\passwordspro\files\PasswordsPro.exe not disinfected postponed 06/11/2008 00:16:51 File: D:\winappli\rootkit\ComboFix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe detected new variant of virus 'Heur.Invader' 06/11/2008 00:16:56 File: D:\winappli\rootkit\clean\pskill.exe detected riskware 'not-a-virus:RiskTool.Win32.PsKill.k' 06/11/2008 00:16:56 File: D:\winappli\rootkit\clean\pskill.exe not disinfected postponed 06/11/2008 00:16:58 File: D:\winappli\rootkit\SmitfraudFix\Reboot.exe detected riskware 'not-a-virus:RiskTool.Win32.Reboot.f' 06/11/2008 00:16:58 File: D:\winappli\rootkit\SmitfraudFix\Reboot.exe not disinfected postponed 06/11/2008 00:17:28 File: D:\winappli\TuneUp Utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact detected Trojan program 'Backdoor.Win32.IRCBot.exe' 06/11/2008 00:17:28 File: D:\winappli\TuneUp Utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact not disinfected postponed 06/11/2008 00:19:33 File: F:\t\ComboFix.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe detected new variant of virus 'Heur.Invader' 06/11/2008 01:40:22 File: G:\Sauve\Films\codecs\DivXPro502GAINBundle.exe//Gain_Trickler.exe detected adware 'not-a-virus:AdWare.Win32.Gator.3202' 06/11/2008 01:40:22 File: G:\Sauve\Films\codecs\DivXPro502GAINBundle.exe//Gain_Trickler.exe not disinfected postponed 06/11/2008 01:48:09 File: G:\Sauve\portable\Program Files\interventions\TuneUp_Utilities_2007_v6[1].0.2200_French.zip/tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact detected Trojan program 'Backdoor.Win32.IRCBot.exe' 06/11/2008 01:48:09 File: G:\Sauve\portable\Program Files\interventions\TuneUp_Utilities_2007_v6[1].0.2200_French.zip/tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact not disinfected postponed 06/11/2008 01:49:17 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAircrack.zip/WinAircrackPack/aircrack.exe detected riskware 'not-a-virus:PSWTool.Win32.AirCrack.a' 06/11/2008 01:49:17 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAircrack.zip/WinAircrackPack/aircrack.exe not disinfected postponed 06/11/2008 01:49:21 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAirCrack_PE_1.0\files\aircrack.exe detected riskware 'not-a-virus:PSWTool.Win32.AirCrack.a' 06/11/2008 01:49:21 File: G:\Sauve\portable\Program Files\interventions\reseau\WinAirCrack_PE_1.0\files\aircrack.exe not disinfected postponed 06/11/2008 01:49:33 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\clean\pskill.exe detected riskware 'not-a-virus:RiskTool.Win32.PsKill.k' 06/11/2008 01:49:33 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\clean\pskill.exe not disinfected postponed 06/11/2008 01:49:35 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\SmitfraudFix\Reboot.exe detected riskware 'not-a-virus:RiskTool.Win32.Reboot.f' 06/11/2008 01:49:35 File: G:\Sauve\portable\Program Files\interventions\RootkitRevealer\SmitfraudFix\Reboot.exe not disinfected postponed 06/11/2008 01:51:03 File: G:\Sauve\portable\Program Files\WinAce\VVSNInst.exe detected riskware 'not-a-virus:WebToolbar.Win32.WhenU.a' 06/11/2008 01:51:03 File: G:\Sauve\portable\Program Files\WinAce\VVSNInst.exe not disinfected postponed 06/11/2008 01:56:56 File: G:\UBCD4Win\BartPE\I386\SYSTEM32\WM_HOOKS.DLL detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 01:56:56 File: G:\UBCD4Win\BartPE\I386\SYSTEM32\WM_HOOKS.DLL not disinfected postponed 06/11/2008 01:57:40 File: G:\UBCD4Win\BartPE\PROGRAMS\IPScan\ipscan.exe//UPX detected riskware 'not-a-virus:NetTool.Win32.Portscan.c' 06/11/2008 01:57:40 File: G:\UBCD4Win\BartPE\PROGRAMS\IPScan\ipscan.exe//UPX not disinfected postponed 06/11/2008 01:57:47 File: G:\UBCD4Win\BartPE\PROGRAMS\PassPro\PasswordsPro.exe detected riskware 'not-a-virus:PSWTool.Win32.PasswordsPro.k' 06/11/2008 01:57:47 File: G:\UBCD4Win\BartPE\PROGRAMS\PassPro\PasswordsPro.exe not disinfected postponed 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\vnchooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\vnchooks.dll not disinfected postponed 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\winvnc.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\ultravnc\winvnc.exe not disinfected postponed 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\vncconfig.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\vncconfig.exe not disinfected postponed 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\winvnc4.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 01:58:01 File: G:\UBCD4Win\BartPE\PROGRAMS\vncserver\winvnc4.exe not disinfected postponed 06/11/2008 01:59:01 File: G:\UBCD4Win\plugin\Network\ipscan\ipscan.exe//UPX detected riskware 'not-a-virus:NetTool.Win32.Portscan.c' 06/11/2008 01:59:01 File: G:\UBCD4Win\plugin\Network\ipscan\ipscan.exe//UPX not disinfected postponed 06/11/2008 01:59:03 File: G:\UBCD4Win\plugin\Network\ultravnc\files\vnchooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 01:59:03 File: G:\UBCD4Win\plugin\Network\ultravnc\files\vnchooks.dll not disinfected postponed 06/11/2008 01:59:03 File: G:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 01:59:03 File: G:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe not disinfected postponed 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe not disinfected postponed 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe not disinfected postponed 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe not disinfected postponed 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\wm_hooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Network\VNCServer\wm_hooks.dll not disinfected postponed 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Password\passwordspro\files\PasswordsPro.exe detected riskware 'not-a-virus:PSWTool.Win32.PasswordsPro.k' 06/11/2008 01:59:04 File: G:\UBCD4Win\plugin\Password\passwordspro\files\PasswordsPro.exe not disinfected postponed 06/11/2008 02:01:09 File: d:\winappli\rootkit\clean\pskill.exe detected riskware 'not-a-virus:RiskTool.Win32.PsKill.k' 06/11/2008 08:45:57 File: d:\winappli\rootkit\clean\pskill.exe not disinfected skipped by user 06/11/2008 08:45:57 File: d:\winappli\rootkit\smitfraudfix\reboot.exe detected riskware 'not-a-virus:RiskTool.Win32.Reboot.f' 06/11/2008 08:46:03 File: d:\winappli\rootkit\smitfraudfix\reboot.exe not disinfected skipped by user 06/11/2008 08:46:03 File: d:\winappli\tuneup utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact detected Trojan program 'Backdoor.Win32.IRCBot.exe' 06/11/2008 08:46:21 File: d:\winappli\tuneup utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe deleted 06/11/2008 08:46:37 File: g:\sauve\films\codecs\divxpro502gainbundle.exe//Gain_Trickler.exe detected adware 'not-a-virus:AdWare.Win32.Gator.3202' 06/11/2008 08:46:46 File: g:\sauve\films\codecs\divxpro502gainbundle.exe//Gain_Trickler.exe not disinfected skipped by user 06/11/2008 08:47:00 File: g:\sauve\portable\program files\interventions\tuneup_utilities_2007_v6[1].0.2200_french.zip/tuneup.utilities.2007.6.0.2200.french-patch.exe//PE_Patch.PECompact//PecBundle//PECompact detected Trojan program 'Backdoor.Win32.IRCBot.exe' 06/11/2008 08:47:07 File: g:\sauve\portable\program files\interventions\tuneup_utilities_2007_v6[1].0.2200_french.zip/tuneup.utilities.2007.6.0.2200.french-patch.exe deleted 06/11/2008 08:47:07 File: g:\sauve\portable\program files\interventions\reseau\winaircrack.zip/WinAircrackPack/aircrack.exe detected riskware 'not-a-virus:PSWTool.Win32.AirCrack.a' 06/11/2008 08:47:11 File: g:\sauve\portable\program files\interventions\reseau\winaircrack.zip/WinAircrackPack/aircrack.exe not disinfected skipped by user 06/11/2008 08:47:11 File: g:\sauve\portable\program files\interventions\reseau\winaircrack_pe_1.0\files\aircrack.exe detected riskware 'not-a-virus:PSWTool.Win32.AirCrack.a' 06/11/2008 08:47:15 File: g:\sauve\portable\program files\interventions\reseau\winaircrack_pe_1.0\files\aircrack.exe not disinfected skipped by user 06/11/2008 08:47:15 File: g:\sauve\portable\program files\interventions\rootkitrevealer\clean\pskill.exe detected riskware 'not-a-virus:RiskTool.Win32.PsKill.k' 06/11/2008 08:47:16 File: g:\sauve\portable\program files\interventions\rootkitrevealer\clean\pskill.exe not disinfected skipped by user 06/11/2008 08:47:16 File: g:\sauve\portable\program files\interventions\rootkitrevealer\smitfraudfix\reboot.exe detected riskware 'not-a-virus:RiskTool.Win32.Reboot.f' 06/11/2008 08:47:22 File: g:\sauve\portable\program files\interventions\rootkitrevealer\smitfraudfix\reboot.exe not disinfected skipped by user 06/11/2008 08:47:22 File: g:\sauve\portable\program files\winace\vvsninst.exe detected riskware 'not-a-virus:WebToolbar.Win32.WhenU.a' 06/11/2008 08:47:28 File: g:\sauve\portable\program files\winace\vvsninst.exe deleted 06/11/2008 08:47:28 File: g:\ubcd4win\bartpe\i386\system32\wm_hooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 08:47:36 File: g:\ubcd4win\bartpe\i386\system32\wm_hooks.dll not disinfected skipped by user 06/11/2008 08:47:36 File: g:\ubcd4win\bartpe\programs\ipscan\ipscan.exe//UPX detected riskware 'not-a-virus:NetTool.Win32.Portscan.c' 06/11/2008 08:47:39 File: g:\ubcd4win\bartpe\programs\ipscan\ipscan.exe//UPX not disinfected skipped by user 06/11/2008 08:47:39 File: g:\ubcd4win\bartpe\programs\passpro\passwordspro.exe detected riskware 'not-a-virus:PSWTool.Win32.PasswordsPro.k' 06/11/2008 08:47:41 File: g:\ubcd4win\bartpe\programs\passpro\passwordspro.exe not disinfected skipped by user 06/11/2008 08:47:41 File: g:\ubcd4win\bartpe\programs\ultravnc\vnchooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 08:47:42 File: g:\ubcd4win\bartpe\programs\ultravnc\vnchooks.dll not disinfected skipped by user 06/11/2008 08:47:42 File: g:\ubcd4win\bartpe\programs\ultravnc\winvnc.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 08:47:44 File: g:\ubcd4win\bartpe\programs\ultravnc\winvnc.exe not disinfected skipped by user 06/11/2008 08:47:44 File: g:\ubcd4win\bartpe\programs\vncserver\vncconfig.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 08:47:44 File: g:\ubcd4win\bartpe\programs\vncserver\vncconfig.exe not disinfected skipped by user 06/11/2008 08:47:44 File: g:\ubcd4win\bartpe\programs\vncserver\winvnc4.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 08:47:46 File: g:\ubcd4win\bartpe\programs\vncserver\winvnc4.exe not disinfected skipped by user 06/11/2008 08:47:46 File: g:\ubcd4win\plugin\network\ipscan\ipscan.exe//UPX detected riskware 'not-a-virus:NetTool.Win32.Portscan.c' 06/11/2008 08:47:47 File: g:\ubcd4win\plugin\network\ipscan\ipscan.exe//UPX not disinfected skipped by user 06/11/2008 08:47:47 File: g:\ubcd4win\plugin\network\ultravnc\files\vnchooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 08:47:48 File: g:\ubcd4win\plugin\network\ultravnc\files\vnchooks.dll not disinfected skipped by user 06/11/2008 08:47:48 File: g:\ubcd4win\plugin\network\ultravnc\files\winvnc.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.c' 06/11/2008 08:47:48 File: g:\ubcd4win\plugin\network\ultravnc\files\winvnc.exe not disinfected skipped by user 06/11/2008 08:47:48 File: g:\ubcd4win\plugin\network\vncserver\vncconfig.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 08:47:49 File: g:\ubcd4win\plugin\network\vncserver\vncconfig.exe not disinfected skipped by user 06/11/2008 08:47:49 File: g:\ubcd4win\plugin\network\vncserver\vncviewer.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 08:47:50 File: g:\ubcd4win\plugin\network\vncserver\vncviewer.exe not disinfected skipped by user 06/11/2008 08:47:50 File: g:\ubcd4win\plugin\network\vncserver\winvnc4.exe detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 08:47:50 File: g:\ubcd4win\plugin\network\vncserver\winvnc4.exe not disinfected skipped by user 06/11/2008 08:47:50 File: g:\ubcd4win\plugin\network\vncserver\wm_hooks.dll detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4' 06/11/2008 08:47:51 File: g:\ubcd4win\plugin\network\vncserver\wm_hooks.dll not disinfected skipped by user 06/11/2008 08:47:51 File: g:\ubcd4win\plugin\password\passwordspro\files\passwordspro.exe detected riskware 'not-a-virus:PSWTool.Win32.PasswordsPro.k' 06/11/2008 08:47:54 File: g:\ubcd4win\plugin\password\passwordspro\files\passwordspro.exe not disinfected skipped by user Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 1633783 27 22 3 0 30020 5386 1180 302 System memory 540 0 0 0 0 1 0 0 0 Startup objects 668 0 0 0 0 4 17 0 0 Disk boot sectors 8 0 0 0 0 0 0 0 0 Mes documents 5 0 0 0 0 0 0 0 0 Mail databases 0 0 0 0 0 0 0 0 0 Poste de travail 1039215 25 22 3 0 19842 3620 590 290 Disquette 3.5 (A:) 0 0 0 0 0 0 0 0 0 System XP (C:) 44120 0 0 0 0 351 48 0 1 Winappli (D:) 137839 1 0 0 0 1078 512 117 1 TMP (F:) 25379 1 0 0 0 116 60 0 1 Data (G:) 386009 0 0 0 0 8628 1129 473 9 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology Yes Enable iSwift technology Yes Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- Infected: Trojan program Backdoor.Win32.IRCBot.exe g:\sauve\portable\program files\interventions\tuneup_utilities_2007_v6[1].0.2200_french.zip 56,4 KB Infected: Trojan program Backdoor.Win32.IRCBot.exe d:\winappli\tuneup utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe 53 KB Infected: riskware not-a-virus:WebToolbar.Win32.WhenU.a g:\sauve\portable\program files\winace\vvsninst.exe 128,9 KB

Merci pour les infos. Je vais lancer ça cette nuit. Compte rendu demain. Encore merci pour ta patience.

Hop. J'ai stoppé le scan quand il a attaqué les images de DVD et autres archives peu ou pas utilisées. Il a trouvé des truc sur des vieux programes. A priori ce n'est pas le virus recherché mais je met quand même la log, on ne sait jamais. Après la lettre G c'est du disque reseau plein d'archives multi volume d'ou mon interuption car j'y serait encore demain. J'avais pas vu que je pouvais regler le scaner pour ne pas chercher dans les archives J'espere que ça va te mettre sur la piste de quelque chose. La log : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, November 5, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, November 05, 2008 06:58:48 Records in database: 1369853 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ F:\ G:\ M:\ R:\ S:\ U:\ X:\ Y:\ Z:\ Scan statistics: Files scanned: 230896 Threat name: 6 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 02:17:46 File name / Threat name / Threats count D:\jeux\Moto Racer 3\MotoRacer3.exe Infected: Trojan-PSW.Win32.LdPinch.xzf 1 D:\winappli\rootkit\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1 D:\winappli\rootkit\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 D:\winappli\TuneUp Utilities 2007\tuneup.utilities.2007.6.0.2200.french-patch.exe Infected: Backdoor.Win32.IRCBot.exe 1 G:\Divers\ZIP\overnet0.43.exe Infected: not-a-virus:AdWare.Win32.Ucmore.a 1 G:\Divers\ZIP\overnet0.43.exe Infected: not-a-virus:AdWare.Win32.Ucmore 1 The scan was stopped by the user.

Un seul disque parcequ'il etait tard ..... Fleme et plus trop les idées claire. Tout le pc risque d'etre très long (beaucoup de disque de stockage) Je le refais en incluants le disque où sont les programes installés et "document and setting" A+

Hop : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, November 5, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, November 04, 2008 21:17:22 Records in database: 1369680 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - Folder: C:\ Scan statistics: Files scanned: 20224 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 00:07:01 No malware has been detected. The scan area is clean. The selected area was scanned. Apparement il n'a rien trouvé, c'est pareil avec le scan en ligne de bitdefender et de Trend micro. Ca m'ennerve ce truc. ( Suite demain Bonne nuit.

Voici le rapport de MBAM : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1366 Windows 5.1.2600 Service Pack 2 2008-11-04 23:12:16 mbam-log-2008-11-04 (23-12-16).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 168582 Temps écoulé: 12 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Pour combofix il m'a déjà rendu bien service il y quelques mois pour une saloperie non detecté par les autres. C'est le seul utilitaire qui m'a sorti de la galère, et encore j'ai dû le renomer car le fichier nomé combofix.exe se faisait effacer dès creation. Sur cette config il ne casse rien si je prend soins de desactiver quelques utilitaires avant, je l'ai donc relancé (en mode sans echec) recement pensant qu'il allait trouver quelque chose egalement cette fois. Mais ce blocage sur Win32agent reste et je ne pige pas pourquoi. Je peux mettre la log du combofix si tu le desire. Peut être y veras tu la cause du pb. Merci pour ta patience.

L'antivir c'est officescan (TrendMicro) Il est chargé (visible dans la log que j'ai posté): C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe F:\TMP\EW8D05.EXE O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe Dejà fait et sans resultat. J'ai essayé pas mal de trucs avant de poser ma question ici. Je vais recommencer avec MBAM et reposter la log ici. Merci

Merci pour l'interet. J'ai desinstallé spyboot après avoir annulé les "vaccinations" Le "F:\TMP\EW8D05.EXE" c'est normalement le watchdog de officescan. Voici la log HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:58, on 2008-11-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe F:\TMP\EW8D05.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe D:\winappli\Acronis\echoserver\TrueImageMonitor.exe D:\winappli\Acronis\echoserver\TimounterMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe D:\winappli\ASUS\PC Probe II\Probe2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe D:\winappli\Razer\Salmosa\razerhid.exe C:\WINDOWS\system32\ctfmon.exe D:\winappli\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe D:\winappli\Razer\Salmosa\razertra.exe D:\winappli\Razer\Salmosa\razerofa.exe D:\winappli\themes\Vista Inspirat 2\RocketDock\RocketDock.exe D:\winappli\themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\ASUS\AASP\1.00.52\aaCenter.exe D:\winappli\Mozilla Thunderbird\thunderbird.exe D:\winappli\dvbdream\dvbdream.exe d:\winappli\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\winappli\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\winappli\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\winappli\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\winappli\Acronis\echoserver\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\winappli\Acronis\echoserver\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Launch PC Probe II] "D:\winappli\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Eye On Network] D:\winappli\Eye On Network\Eye On Network.exe O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [salmosa] D:\winappli\Razer\Salmosa\razerhid.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\winappli\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = D:\winappli\themes\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = D:\winappli\themes\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = D:\winappli\themes\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\winappli\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\winappli\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\winappli\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www12.mappy.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gohlam.local O17 - HKLM\Software\..\Telephony: DomainName = gohlam.local O17 - HKLM\System\CCS\Services\Tcpip\..\{80AA7417-11ED-487C-9800-501DFF0F4701}: NameServer = 192.168.116.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gohlam.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gohlam.local O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing) -- End of file - 8483 bytes A noter qu'avec combofix sur cette machine j'ai ça que je ne comprend pas : ------- Sigcheck ------- 2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\explorer.exe 2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\system32\dllcache\explorer.exe

Bonjour Depuis quelque temps Spybot se bloque sur Win32.Agent.pz et plante. Obligé de "killer" le processus. Je n'ai rien vu de louche dans la log HiJackThis. Rien trouvé non plus de probant avec google. Les signes d'infection avec Win32.Agent.pz ne sont pas visible ou alors je ne les ai pas vu Quelqu'un a trouvé une solution pour que spybot ne bloque plus ? C'est la seule machine du reseau qui fait ça. Core 2 Duo / Windows XP SP2 / TrenMicro Officescan Merci