pke01

Bonsoir Apollo Merci pour les liens. Voici le rapport Kaspersky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, January 14, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, January 14, 2009 11:33:55 Records in database: 1619211 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ M:\ N:\ P:\ Y:\ Scan statistics: Files scanned: 379116 Threat name: 1 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 06:22:57 File name / Threat name / Threats count E:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 H:\Produits\OUTILS\vnc.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3 N:\INSTALLATION\save\Produits\OUTILS\vnc.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3 The selected area was scanned.

Est-ce normal d'avoir plusieurs reboots. Après windows update le PC a redémarré et planté 4 fois... c'est beaucoup non ? Je tremble de ne pas avoir tout supprimé !!! Qu'en penses tu Apollo ?

Bonsoir Apollo J'ai lu le topique de Megataupe sur la prépa des PC à la désinfection...En fait je suis un peu un bleu sur ce forum. Sur ce PC j'ai suivi la proc en 4 étapes pour être sûr de ne rien laisser. Après un meilleur paramétrage de AVIRA ANTIVIR j'ai retrouvé quelques Trojans (les mêmes que précédemment). Ci-dessous le log. Puis j'ai désinstallé AVIRA et fait un HJT dont voici le log. j'ai remis AVIRA depuis. Moi ça ne me parles pas mais je n'ai rien vu de bizarre. Comment clore ce sujet (mot clé résolu ?). Je passe à la deuxième machine mais je pense que c'est le même cas : Trojans et pas des virus. Faut il que je poste les logs ? (sur un autre topic ! promis) Que penser de Bit defender Internet security? j'ai eu la licence en achetant un écran. Il était plutôt bien côté mais si il m'a laissé passé ces cochonneries c'est qu'il n'est plus à la page ou que j'ai commis une bavure (oublis de scanner un fichier...) A+ et grand merci ***************************************AVIRA Avira AntiVir Personal Report file date: mardi 13 janvier 2009 18:56 Scanning for 1189198 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: Pascal Computer name: SOLARIS Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 20:52:44 ANTIVIR2.VDF : 7.1.1.88 726528 Bytes 08/01/2009 20:52:56 ANTIVIR3.VDF : 7.1.1.104 222208 Bytes 12/01/2009 20:53:01 Engineversion : 8.2.0.54 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.24 340348 Bytes 12/01/2009 20:53:27 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.5 393588 Bytes 12/01/2009 20:53:25 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/01/2009 20:53:21 AEHEUR.DLL : 8.1.0.78 1532280 Bytes 12/01/2009 20:53:19 AEHELP.DLL : 8.1.2.0 119159 Bytes 12/01/2009 20:53:09 AEGEN.DLL : 8.1.1.8 323956 Bytes 12/01/2009 20:53:07 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.5.2 172405 Bytes 12/01/2009 20:53:04 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: quarantine Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, F:, G:, H:, N:, P:, Y:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mardi 13 janvier 2009 18:56 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD6 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD7 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD8 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Boot sector 'G:\' [iNFO] No virus was found! Boot sector 'H:\' [iNFO] No virus was found! Boot sector 'N:\' [iNFO] No virus was found! Boot sector 'P:\' [iNFO] No virus was found! Boot sector 'Y:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '61' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM_XP32> Begin scan in 'E:\' <SYSTEME> E:\Program Files\Google\Google Talk\googletalk-1.0.0.93\googletalk-setup-upgrade-fr.exe [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\MOUSE.COM [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\PMTB32.exe [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\Pqboot32.exe [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\PQLAUNCH.EXE [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\PTEDIT32.EXE [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\BTIni.exe [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\FSIMAGE.EXE [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\partinfo.exe [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\PQBOOT.EXE [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\PQBOOTX.EXE [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\PTEDIT.EXE [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\SNUTIL.EXE [WARNING] The file could not be opened! E:\Program Files\PowerQuest\PartitionMagic 7.0\UTILITY\DOS\WRPROG.EXE [WARNING] The file could not be opened! Begin scan in 'F:\' Begin scan in 'G:\' Begin scan in 'H:\' <DONNEES> H:\PKE\IGN Carto Exporeur\Ign Carto Exploreur 01 Ain (Ouest).exe [0] Archive type: ACE SFX (self extracting) --> GeoTools original\GeoTools.exe [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'N:\' <SYS_save> N:\ComboFix\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '49dee6b9.qua'! N:\Documents and Settings\Pascal\Bureau\pk\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\hidec.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [NOTE] The file was moved to '49d9e6e3.qua'! N:\INSTALLATION\save\Produits\Bizarreries sympas\Effet LSD.shs [0] Archive type: OLE --> Object [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49d2e918.qua'! Begin scan in 'P:\' Begin scan in 'Y:\' <SAVE_500> Y:\SAVE_CHRIS_SYSTEM\DONNEES\CHRISTILLA\94.24_forceware_winxp_international_whql.exe [0] Archive type: CAB SFX (self extracting) --> \CAD.tv_ [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: mardi 13 janvier 2009 20:59 Used time: 2:02:06 Hour(s) The scan has been done completely. 31281 Scanning directories 1708878 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 14 Files cannot be scanned 1708857 Files not concerned 35906 Archives were scanned 20 Warnings 3 Notes ***************************************HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:19:51, on 13/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\crypserv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe Y:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206507778602 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215947214343 O17 - HKLM\System\CCS\Services\Tcpip\..\{3312C2E4-AE6F-48D0-BB92-214052A70BD2}: NameServer = 212.27.40.241,212.27.40.240 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 6463 bytes

oui restauration système. Je le ferai asap. Ca semble bon maintenant (juste oublié bitdefender mais il ne vivra pas plus de 5'). Faut il faire encore des actions supplémentaires ? Si non je fais de même sur les autres machines et pose un poste si j'ai un pb Et on fait quoi avec les Troyens du type TR/Dropper.Gen Trojan, Spy.Bancos.JPG Trojan et TR/Trash.Gen Trojan. => send selected object ou delete from quarantine Je vais peut être les envoyer à grisoft (AVG) et Bitdefender pour leur signaler que ceux la sont passés au travers du scan Avira AntiVir Personal Report file date: lundi 12 janvier 2009 20:21 Scanning for 1038808 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: SOLARIS Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47 ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, H:, Y:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 12 janvier 2009 20:21 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'livesrv.exe' - '1' Module(s) have been scanned Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SetPoint.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'RtWLan.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'devldr32.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'Crypserv.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned Scan process 'bdagent.exe' - '1' Module(s) have been scanned Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 50 processes with 50 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD6 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'H:\' [iNFO] No virus was found! Boot sector 'Y:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '61' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM_XP32> C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' <SYSTEME> Begin scan in 'H:\' <DONNEES> H:\PKE\IGN Carto Exporeur\Ign Carto Exploreur 01 Ain (Ouest).exe [0] Archive type: ACE SFX (self extracting) --> GeoTools original\GeoTools.exe [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'Y:\' <SAVE_500> Y:\SAVE_CHRIS_SYSTEM\DONNEES\CHRISTILLA\94.24_forceware_winxp_international_whql.exe [0] Archive type: CAB SFX (self extracting) --> \CAD.tv_ [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: lundi 12 janvier 2009 21:53 Used time: 1:31:52 Hour(s) The scan has been done completely. 20723 Scanning directories 1085430 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 1085429 Files not concerned 24614 Archives were scanned 7 Warnings 0 Notes

News : Machine ok, j'ai accès au web. Je suis dessus maintenant Merci Par compte j'ai rebooté et il s'est bloqué sur la fenêtre Windows XP. 2ème reboot OK. Peut être quelques méchants trucs encore. Je continu le scan avira. Ne connaissant pas Avira je n'avais pas modifié les paramétrages. J'ai coché auto en quarantaine et rien modifié d'autre. pour le moment pas de bestioles vues J'installe ATF Cleaner, et flingue ce qui doit l'être. J'installe aussi CCleaner J'ai pas mal de restaurations faut il les dégager ?

Hello Fini le boulot En quarantaine j'ai les chevaux de Troie : Unpacked.gen (plusieurs fichiers) Spy.bancos.JPG Trash.Gen Bon le Scan à planté ... J'avais un peu chargé la bécane de disque aussi Je relance le scan mais j'ai un rapport qui dit bien se terminer ( désolé pour le délai) J'aime bien cet Avira antivir qui détecte enfin quelque chose et même en plantant génére le rapport Par contre il ne propose pas toujours de réaliser la même opération donc cette nuit il est resté en attente d'une action, et aujourd'hui aussi J'ai vu que j'avais des fichiers Temp non killés. J'ai vu sur le site des ptits outils ou procs pour le faire; je vais fouiner Thanks pour la désinstalle de Bitdefender Avira AntiVir Personal Report file date: lundi 12 janvier 2009 00:07 Scanning for 1038808 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: SOLARIS Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47 ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59 Engineversion : 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, F:, G:, H:, N:, P:, Y:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 12 janvier 2009 00:07 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'devldr32.exe' - '1' Module(s) have been scanned Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned Scan process 'SetPoint.exe' - '1' Module(s) have been scanned Scan process 'RtWLan.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned Scan process 'bdagent.exe' - '1' Module(s) have been scanned Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'livesrv.exe' - '0' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'vsserv.exe' - '0' Module(s) have been scanned Scan process 'xcommsvr.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'Crypserv.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 46 processes with 46 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! Master boot sector HD4 [iNFO] No virus was found! Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD6 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD7 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD8 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Boot sector 'G:\' [iNFO] No virus was found! Boot sector 'H:\' [iNFO] No virus was found! Boot sector 'N:\' [iNFO] No virus was found! Boot sector 'P:\' [iNFO] No virus was found! Boot sector 'Y:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '61' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM_XP32> C:\System Volume Information\_restore{DD144D9C-28F5-431D-8DB0-7732E7CCFB8F}\RP239\A0075141.EXE [DETECTION] Is the TR/Trash.Gen Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK lib. [WARNING] Error in ARK lib [NOTE] The file is scheduled for deleting after reboot. C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' <SYSTEME> Begin scan in 'F:\' Begin scan in 'G:\' Begin scan in 'H:\' <DONNEES> H:\PKE\IGN Carto Exporeur\74 - Haute-Savoie Est - Ign Bayo Carto Exploreur.zip [0] Archive type: ZIP --> GeoTools original/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\PKE\IGN Carto Exporeur\74 - Haute-Savoie Ouest - Ign Bayo Carto Exploreur.zip [0] Archive type: ZIP --> GeoTools original/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\PKE\IGN Carto Exporeur\France Ign - 42 Nord - Carto Exploreur 2.zip [0] Archive type: ZIP --> France - 42 nord - carto exploreur 2 - ign/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\PKE\IGN Carto Exporeur\France Ign - 43 Ouest - Carto Explorer.zip [0] Archive type: ZIP --> France IGN - 43 ouest - carto explorer/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\PKE\IGN Carto Exporeur\France Ign - 72 Sud - Carto Exploreur.zip [0] Archive type: ZIP --> GeoTools original/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\PKE\IGN Carto Exporeur\Ign Carto Exploreur 01 Ain (Ouest).exe [0] Archive type: ACE SFX (self extracting) --> GeoTools original\GeoTools.exe [WARNING] No further files can be extracted from this archive. The archive will be closed H:\PKE\IGN Carto Exporeur\Ign Carto Exploreur 15 Cantal (Ouest).zip [0] Archive type: ZIP --> GeoTools original/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\PKE\IGN Carto Exporeur\Ign Carto Exploreur 48 Lozère (Nord).zip [0] Archive type: ZIP --> GeoTools original/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\PKE\IGN Carto Exporeur\Ign Carto Exploreur 48 Lozère (Sud).zip [0] Archive type: ZIP --> GeoTools original/GeoTools.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file is scheduled for deleting after reboot. H:\Produits\Serial Collection\serial3_fichiers\key.html [DETECTION] Is the TR/Spy.Bancos.JPG Trojan [NOTE] The file is scheduled for deleting after reboot. Begin scan in 'N:\' <SYS_save> Begin scan in 'P:\' Begin scan in 'Y:\' <SAVE_500> Y:\SAVE_CHRIS_SYSTEM\DONNEES\CHRISTILLA\94.24_forceware_winxp_international_whql.exe [0] Archive type: CAB SFX (self extracting) --> \CAD.tv_ [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: lundi 12 janvier 2009 19:25 Used time: 19:18:07 Hour(s) The scan has been done completely. 31379 Scanning directories 1769552 Files were scanned 10 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 1769541 Files not concerned 35696 Archives were scanned 8 Warnings 10 Notes

Merci Apollo Voici la suite MBam + HJT Entre temps j'ai installé Antivir (avec un peu de mal) Comme ce n'est pas bon d'avoir 2 antivius dois je désinstaller Bitdefender ? (quitter ne suffi pas arrêter les services) Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1616 Windows 5.1.2600 Service Pack 3 11/01/2009 23:48:09 mbam-log-2009-01-11 (23-48-09).txt Type de recherche: Examen complet (C:\|E:\|F:\|G:\|H:\|N:\|P:\|Y:\|) Eléments examinés: 463990 Temps écoulé: 54 minute(s), 34 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:55:27, on 11/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe Y:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206507778602 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215947214343 O17 - HKLM\System\CCS\Services\Tcpip\..\{3312C2E4-AE6F-48D0-BB92-214052A70BD2}: NameServer = 212.27.40.241,212.27.40.240 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8541 bytes Je laisse tourner le scan avec antivir cette nuit Bonne nuit aux courageux du forum Et à demain

Voici le rapport Mbam en rapide. je le lance en complet (à suivre) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:45:28, on 11/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE Y:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206507778602 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215947214343 O17 - HKLM\System\CCS\Services\Tcpip\..\{3312C2E4-AE6F-48D0-BB92-214052A70BD2}: NameServer = 212.27.40.241,212.27.40.240 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 6250 bytes Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1643 Windows 5.1.2600 Service Pack 3 11/01/2009 22:52:41 mbam-log-2009-01-11 (22-52-41).txt Type de recherche: Examen rapide Eléments examinés: 1 Temps écoulé: 2 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonsoir j'ai besoin de vos lumières. Je n'ai plus accès à internet avec le navigateur. déjà 2 machines contaminées. Sur l'une j'ai Bitdefender et l'autre (en réseau, déconnecté trop tard) AVG 8 free. J'ai testé Malwarebytes, stinger, spy-boot.... Mbam m'a trouvé quelques bestioles dans des vieilles archives que j'ai détruites. cela n'a rien changé. Le problème c'est que ne je ne peut rien mettre à jour sur ces machines. De plus la résolution de lIP ne se fesait plus (en IP config auto j'avais 169.254.52.127 et en masque 255.255.0.0) Je l'ai forcée avec mes paramètres IP mais internet rame. J'ai remonté une machine... mais j'hésite à y transferer des fichiers style rapport HJT J'aimerai bien savoir quelle est cette bestiole et avec quoi l'atomiser ! z'auriez pas une pt'ite idée Merci