jeanphy

bon j'ai redémarrer sans problème! par contre maintenant il me détecte au démarrage le fichier ntfs.sys contaminé par un roolkit....que faire? pour l'instant j'ai mis ignorer! c'est bizarre avant il le détecter pas...

j'ai bien eu la fenetre noir mais j'ai encore le message windows...

rapport: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc] "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 "Description"="Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas." "DisplayName"="CryptSvc" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "ServiceMain"="CryptServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Security] "Security"=hex:00,00,0e,00,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Enum] "0"="Root\\LEGACY_CRYPTSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 ⴠⴭⴭⴭⴭⴭⴭ਍Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon] "Description"="Permet le démarrage des processus sous d'autres informations d'identification. Si ce service est arrêté, ce type d'ouverture de session sera indisponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas." "DisplayName"="Secondary Logon" "ErrorControl"=dword:00000000 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Objectname"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000120 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "ServiceMain"="SvcEntry_Seclogon" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum] "0"="Root\\LEGACY_SECLOGON\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 ⴠⴭⴭⴭⴭⴭⴭ਍Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler] "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "Description"="Charge des fichiers en mémoire pour une impression ultérieure." "DisplayName"="Spouleur d'impression" "ErrorControl"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,e8,47,0c,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 "Group"="SpoolerGroup" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,70,00,6f,00,6f,00,6c,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00 "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000110 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance] "Close"="PerfClose" "Collect"="PerfCollect" "Collect Timeout"=dword:000007d0 "Library"="winspool.drv" "Object List"="1450" "Open"="PerfOpen" "Open Timeout"=dword:00000fa0 "WbemAdapFileSignature"=hex:bd,83,ab,a6,1e,8a,cc,c8,d9,ff,b8,69,f2,94,18,ce "WbemAdapFileTime"=hex:00,29,52,e3,7a,79,c4,01 "WbemAdapFileSize"=dword:00023c00 "WbemAdapStatus"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum] "0"="Root\\LEGACY_SPOOLER\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 ⴠⴭⴭⴭⴭⴭⴭ਍ Impossible de remettre la main sur le cd.....arrgghh je cherche. en exécutant ton batch ca suffit? rapport: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc] "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 "Description"="Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas." "DisplayName"="CryptSvc" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "ServiceMain"="CryptServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Security] "Security"=hex:00,00,0e,00,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Enum] "0"="Root\\LEGACY_CRYPTSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 ⴠⴭⴭⴭⴭⴭⴭ਍Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon] "Description"="Permet le démarrage des processus sous d'autres informations d'identification. Si ce service est arrêté, ce type d'ouverture de session sera indisponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas." "DisplayName"="Secondary Logon" "ErrorControl"=dword:00000000 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Objectname"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000120 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "ServiceMain"="SvcEntry_Seclogon" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum] "0"="Root\\LEGACY_SECLOGON\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 ⴠⴭⴭⴭⴭⴭⴭ਍Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler] "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "Description"="Charge des fichiers en mémoire pour une impression ultérieure." "DisplayName"="Spouleur d'impression" "ErrorControl"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,e8,47,0c,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 "Group"="SpoolerGroup" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,70,00,6f,00,6f,00,6c,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00 "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000110 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance] "Close"="PerfClose" "Collect"="PerfCollect" "Collect Timeout"=dword:000007d0 "Library"="winspool.drv" "Object List"="1450" "Open"="PerfOpen" "Open Timeout"=dword:00000fa0 "WbemAdapFileSignature"=hex:bd,83,ab,a6,1e,8a,cc,c8,d9,ff,b8,69,f2,94,18,ce "WbemAdapFileTime"=hex:00,29,52,e3,7a,79,c4,01 "WbemAdapFileSize"=dword:00023c00 "WbemAdapStatus"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum] "0"="Root\\LEGACY_SPOOLER\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 ⴠⴭⴭⴭⴭⴭⴭ਍ Impossible de remettre la main sur le cd.....arrgghh je cherche. en exécutant ton batch ca suffit?

aprés avoir refait une analyse avira voila le résultat: aprés un petit scan avec avira: http://img33.imageshack.us/img33/2905/94182617.jpg et quand je fait réparer il me met ca: http://img34.imageshack.us/img34/8014/49986775.jpg que puis je faire?

et bah j'ai pris l'initiative de désinstaller avira pour le réinstaller. J'ai fais ca et mon pare feu c'est miraculeusement activé.... le scan en ligne est en cours! Sur ce que tu a vus des différents rapport, pour toi il y a toujours quelque chose? Sinon petit HS. Sur mes autres ordi j'utilise mc afee total protection qui m'a l'air bien (qu'en penses tu?) Par contre il prend pas mal de ressources (surtout quand le parefeu est actif!) et j'arrive pas a le paramétrer pour me faire un scan de ma machine une fois par jour. sais-tu si c'est possible? Je voudrais pas abuser de ta gentillesse mais tant qu'a faire je vais essayer de mettre en place une stratégie de sécurité légèrement plus performante pour mes ordis.... Merci

ok je vais faire le scan en ligne mais je sais pas si je ca sera fini ce soir avant que je parte donc résultat demain! Peut on forcer l'activation du pare feu en attendant car ca me fait peur....

ok je fais ca! mais qu'est ce que tu en pense pour l'instant? mon pare feu c'est pas grave? merci

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net Rootkit scan 2009-08-05 16:20:23 Windows 5.1.2600 Service Pack 3 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 695844523 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1478056413 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0xCA 0xAD 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0xCA 0xAD 0x1B ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\3da21691-e39d-4da6-8a4b-b43877bcb1b7@FlushCacheFiles ???y?y?????????????????????????????????????????????????????????????????????8?Thawte Personal Freemail CA??????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????n??????????????????????????????????N??y???y???e???y???????????z?????????????????????????????????????????????????????????????????????????????:?CertPlus Class 3P Primary CA??????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Rien! ca a rien trouvé! mais tu sais avira me dit qu'il trouve un truc mais dés que je fais supprimer ou deplacer en quarantaine, il me dit que le fichier existe plus comme la capture d'ecran que j'ai mis dns un message plus haut! J'ai vraiment l'impression que avira est buggé....car a part ça le pc va bien mais bon je sais pas...

voici: ComboFix 09-08-03.07 - NICOLAS BECQUET 05/08/2009 15:47.3.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1693 [GMT 2:00] Running from: c:\documents and settings\NICOLAS BECQUET.CPS-BE\Bureau\ComboFix.exe Command switches used :: c:\documents and settings\NICOLAS BECQUET.CPS-BE\Bureau\CFscriptJP.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinMessenger StartUp.lnk" "c:\documents and settings\NICOLAS BECQUET.CPS-BE\hp32_nword.exe" "c:\documents and settings\NICOLAS BECQUET\Menu Démarrer\Programmes\Démarrage\ikowin32.exe" "c:\program files\WinMessenger\WinMesgr.exe" "c:\windows\system32\hp32_nword.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Accélérateur de démarrage AutoCAD.lnk c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Adobe Reader Synchronizer.lnk c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Lancement rapide d'Adobe Reader.lnk c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\WinMessenger StartUp.lnk c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinMessenger StartUp.lnk c:\documents and settings\NICOLAS BECQUET.CPS-BE\Application Data\wiaserva.log c:\documents and settings\NICOLAS BECQUET.CPS-BE\hp32_nword.exe c:\documents and settings\NICOLAS BECQUET.CPS-BE\oashdihasidhasuidhiasdhiashdiuasdhasd c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe c:\program files\WinMessenger\WinMesgr.exe c:\windows\system32\hp32_nword.exe . ((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 ))))))))))))))))))))))))))))))) . 2009-08-04 14:29 . 2009-08-04 14:29 -------- d-----w- C:\_OTM 2009-08-04 14:00 . 2009-08-04 14:01 -------- d-----w- C:\rsit 2009-08-04 09:31 . 2009-08-04 09:31 -------- d-----w- c:\documents and settings\NICOLAS BECQUET\Application Data\Malwarebytes 2009-08-04 09:03 . 2009-08-04 09:03 18475 ----a-w- c:\documents and settings\NICOLAS BECQUET.CPS-BE\Local Settings\Application Data\cepy.sys 2009-08-04 09:03 . 2009-08-04 09:03 18398 ----a-w- c:\program files\Fichiers communs\fowy.dat 2009-08-04 09:03 . 2009-08-04 09:03 18077 ----a-w- c:\windows\system32\gifowola.vbs 2009-08-04 09:03 . 2009-08-04 09:03 17335 ----a-w- c:\windows\fovefisepa.dat 2009-08-04 09:03 . 2009-08-04 09:03 13892 ----a-w- c:\windows\eraqygywas.scr 2009-08-04 09:03 . 2009-08-04 09:03 13654 ----a-w- c:\windows\system32\dazevibyb.exe 2009-08-04 09:03 . 2009-08-04 09:03 11217 ----a-w- c:\documents and settings\All Users\Application Data\osyxaver.exe 2009-08-04 09:03 . 2009-08-04 09:03 10616 ----a-w- c:\windows\xazuvily.dll 2009-08-04 07:36 . 2009-08-04 07:36 -------- d-----w- c:\documents and settings\NICOLAS BECQUET.CPS-BE\Application Data\Malwarebytes 2009-08-04 07:36 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-04 07:36 . 2009-08-04 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-04 07:36 . 2009-08-04 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-04 07:36 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-05 13:49 . 2009-04-08 09:10 -------- d-----w- c:\program files\WinMessenger 2009-08-04 06:49 . 2008-04-14 12:00 619296 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-06-10 07:47 . 2009-06-10 07:47 -------- d-----w- c:\program files\Avira 2009-06-10 07:47 . 2009-06-10 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira . ------- Sigcheck ------- [-] 2009-08-04 06:49 619296 48FAB491F2DDAC025A0F5035035D5D11 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-04 06:49 619296 48FAB491F2DDAC025A0F5035035D5D11 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-04_10.05.47 ))))))))))))))))))))))))))))))))))))))))) . - 2009-08-04 10:05 . 2009-08-04 10:05 16384 c:\windows\temp\History\History.IE5\index.dat + 2009-08-05 13:51 . 2009-08-05 13:51 16384 c:\windows\temp\History\History.IE5\index.dat + 2009-08-05 13:51 . 2009-08-05 13:51 32768 c:\windows\temp\Fichiers Internet temporaires\Content.IE5\index.dat - 2009-08-04 10:05 . 2009-08-04 10:05 32768 c:\windows\temp\Fichiers Internet temporaires\Content.IE5\index.dat + 2009-08-05 13:51 . 2009-08-05 13:51 16384 c:\windows\temp\Cookies\index.dat - 2009-08-04 10:05 . 2009-08-04 10:05 16384 c:\windows\temp\Cookies\index.dat + 2009-08-04 10:06 . 2009-08-04 10:39 1910 c:\windows\SoftwareDistribution\EventCache\{E7FA0FB2-80E5-43F2-B7BF-72E73B6B0A14}.bin + 2009-08-04 11:51 . 2009-08-04 12:03 1978 c:\windows\SoftwareDistribution\EventCache\{1D72F027-AE71-4C9A-9E1A-D082FE5F4E7E}.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208] "hp32_nword"="c:\documents and settings\NICOLAS BECQUET.CPS-BE\hp32_nword.exe" [2009-08-05 27526] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "Internet Connection Wizard Setup Tool"="c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe" [2009-08-05 23040] "hp32_nword"="c:\windows\system32\hp32_nword.exe" [2009-08-05 27526] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\NICOLAS BECQUET.CPS-BE\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2008-4-14 29696] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-3-5 11000] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2009 09:47 108289] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AEB9D4A0-199B-4dfa-A18D-E2DD5D989EDF}] %ProgramFiles%\WinMessenger\Setup\Setup.exe /PERUSERINIT . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {E0CD094C-C97D-499F-8FB3-87C4C0FB0BAE} = 192.168.1.26 TCP: {E92561B5-E14E-4608-ABA3-FDE3649EF27E} = 192.168.1.26 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-05 15:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3636) c:\windows\system32\eappprxy.dll c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\windows\system32\notepad.exe . ************************************************************************** . Completion time: 2009-08-05 15:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-05 13:53 ComboFix2.txt 2009-08-05 07:45 ComboFix3.txt 2009-08-04 10:06 Pre-Run: 30 895 562 752 octets libres Post-Run: 30 858 272 768 octets libres 147 --- E O F --- 2009-04-03 08:52 Quand combofix a redémarrer le pc j'ai eu le message d'avira identique a la capture d'écran que je t'ai faite auparavant! avec install.exe... mon pare feu est toujours désactivé et impossible de l'activer (grisé) J'ai l'impression que avira déconne! il a l'air d'être lancé mais il ne s'affiche pas en bas prés de l'heure.... Merci de ton aide

voila le combofix: ComboFix 09-08-03.07 - NICOLAS _05/08/2009 9:42.2.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1607 [GMT 2:00] Running from: c:\documents and settings\NICOLAS _\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Accélérateur de démarrage AutoCAD.lnk c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Adobe Reader Synchronizer.lnk c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\Lancement rapide d'Adobe Reader.lnk c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\WinMessenger StartUp.lnk c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\NICOLAS _\Application Data\wiaserva.log c:\documents and settings\NICOLAS _\hp32_nword.exe c:\documents and settings\NICOLAS _\oashdihasidhasuidhiasdhiashdiuasdhasd c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe c:\windows\system32\hp32_nword.exe . ((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 ))))))))))))))))))))))))))))))) . 2009-08-04 14:29 . 2009-08-04 14:29 -------- d-----w- C:\_OTM 2009-08-04 14:00 . 2009-08-04 14:01 -------- d-----w- C:\rsit 2009-08-04 09:31 . 2009-08-04 09:31 -------- d-----w- c:\documents and settings\NICOLAS _\Application Data\Malwarebytes 2009-08-04 09:03 . 2009-08-04 09:03 18475 ----a-w- c:\documents and settings\NICOLAS _\Local Settings\Application Data\cepy.sys 2009-08-04 09:03 . 2009-08-04 09:03 18398 ----a-w- c:\program files\Fichiers communs\fowy.dat 2009-08-04 09:03 . 2009-08-04 09:03 18077 ----a-w- c:\windows\system32\gifowola.vbs 2009-08-04 09:03 . 2009-08-04 09:03 17335 ----a-w- c:\windows\fovefisepa.dat 2009-08-04 09:03 . 2009-08-04 09:03 13892 ----a-w- c:\windows\eraqygywas.scr 2009-08-04 09:03 . 2009-08-04 09:03 13654 ----a-w- c:\windows\system32\dazevibyb.exe 2009-08-04 09:03 . 2009-08-04 09:03 11217 ----a-w- c:\documents and settings\All Users\Application Data\osyxaver.exe 2009-08-04 09:03 . 2009-08-04 09:03 10616 ----a-w- c:\windows\xazuvily.dll 2009-08-04 07:36 . 2009-08-04 07:36 -------- d-----w- c:\documents and settings\NICOLAS _\Application Data\Malwarebytes 2009-08-04 07:36 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-04 07:36 . 2009-08-04 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-04 07:36 . 2009-08-04 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-04 07:36 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-04 06:49 . 2008-04-14 12:00 619296 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-06-10 07:47 . 2009-06-10 07:47 -------- d-----w- c:\program files\Avira 2009-06-10 07:47 . 2009-06-10 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira . ------- Sigcheck ------- [-] 2009-08-04 06:49 619296 48FAB491F2DDAC025A0F5035035D5D11 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-04 06:49 619296 48FAB491F2DDAC025A0F5035035D5D11 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-04_10.05.47 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-04 10:06 . 2009-08-04 10:39 1910 c:\windows\SoftwareDistribution\EventCache\{E7FA0FB2-80E5-43F2-B7BF-72E73B6B0A14}.bin + 2009-08-04 11:51 . 2009-08-04 12:03 1978 c:\windows\SoftwareDistribution\EventCache\{1D72F027-AE71-4C9A-9E1A-D082FE5F4E7E}.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208] "hp32_nword"="c:\documents and settings\NICOLAS BECQUET.CPS-BE\hp32_nword.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "hp32_nword"="c:\windows\system32\hp32_nword.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\NICOLAS _\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2008-4-14 29696] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-3-5 11000] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] WinMessenger StartUp.lnk - c:\program files\WinMessenger\WinMesgr.exe [2009-4-8 238808] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2009 09:47 108289] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AEB9D4A0-199B-4dfa-A18D-E2DD5D989EDF}] %ProgramFiles%\WinMessenger\Setup\Setup.exe /PERUSERINIT . - - - - ORPHANS REMOVED - - - - HKLM-Run-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {E0CD094C-C97D-499F-8FB3-87C4C0FB0BAE} = 192.168.1.26 TCP: {E92561B5-E14E-4608-ABA3-FDE3649EF27E} = 192.168.1.26 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-05 09:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-05 9:45 ComboFix-quarantined-files.txt 2009-08-05 07:45 ComboFix2.txt 2009-08-04 10:06 Pre-Run: 30 911 778 816 octets libres Post-Run: 30 895 218 688 octets libres 117 --- E O F --- 2009-04-03 08:52

merci de ton implication. Je n'ai plus accès à la machine jusqu'à demain matin! Je fais combofix des la première heure! a demain

voila ce qu'il me met au démarrage: http://img39.imageshack.us/img39/2603/22581096.jpg et quand je supprime ou que je met en quarantaine: http://img17.imageshack.us/img17/6249/32789202.jpg Tu me fais peur....lol c'est dangereux brava....faut savoir que je suis sur un réseau je voudrais pas que mes autres pc le chope....

par contre mon pare feu est toujours desactivé et impossible de l'activer (grisé...) a chaque fois que je fais mbam il me retrouve 7 ou 8 trojan.... le rapport hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01:12, on 04/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\hp32_nword.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\hp32_nword.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\WinMessenger\WinMesgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\NICOLA~1.CPS\LOCALS~1\Temp\LOADER1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [hp32_nword] C:\WINDOWS\system32\hp32_nword.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [hp32_nword] "C:\DOCUME~1\NICOLA~1.CPS\LOCALS~1\Temp\LOADER1.EXE" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: WinMessenger StartUp.lnk = C:\Program Files\WinMessenger\WinMesgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CPS-BE.local O17 - HKLM\Software\..\Telephony: DomainName = CPS-BE.local O17 - HKLM\System\CCS\Services\Tcpip\..\{E0CD094C-C97D-499F-8FB3-87C4C0FB0BAE}: NameServer = 192.168.1.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{E92561B5-E14E-4608-ABA3-FDE3649EF27E}: NameServer = 192.168.1.26 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CPS-BE.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CPS-BE.local O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5687 bytes

ok je te fais le rapport hijackthis: Par contre je viens de redémarrer et avira me trouve toujours un fichier intall.exe en trojan...

un petit mbam encore: Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2557 Windows 5.1.2600 Service Pack 3 04/08/2009 16:52:12 mbam-log-2009-08-04 (16-52-12).txt Type de recherche: Examen rapide Eléments examinés: 93627 Temps écoulé: 2 minute(s), 25 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet connection wizard setup tool (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\NICOLAS _\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. C:\Documents and Settings\NICOLAS _E\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

le rapport otmoveit: All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder C:\Documents and Settings\NICOLAS BECQUET\Menu Démarrer\Programmes\Démarrage\ikowin32.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010\ deleted successfully. ========== SERVICES/DRIVERS ========== Service\Driver catchme deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes User: NICOLAS BECQUET ->Temp folder emptied: 0 bytes User: NICOLAS BECQUET.CPS-BE File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\227LCA2KRLPKCABOF7EICAYR7B3YCAOPP3LACA0S1Q5DCAIE4J36CAWQDHEDCA48LD1SCA4DWDF KCA0NJJLTCAGSPC54CAMECGJ5CAHXP72BCALYFSR5CAHLN00UCALKXXCKCAWCCGZSCAGRAFZACATZVO7Y CAE3NREB scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\23J0CAU8S009CALDZPW8CAJF9HEJCAOLNB63CA64TA2KCAV1MVOQCAHDGH4ICA7FNVEOCAZY7GI FCAEHHCWKCA9FQY0NCA5ER86ICATWVY7ACADK0IGYCAO08WFWCA4PZ3CWCA77ZMPOCAERBCAQCA2DKKY5 CAH2BF23 scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CALB5I8RCAM7H6KGCA6RCM6QCA4024VCCASOREVWCA5OW55SCADLK39ACA4O6VLHCA68BCY6CAI OHP5DCA10T5AUCAM1JEYZCA6WDRPNCA0GZ3BYCAL3AMPFCA48BZNRCAV1117GCAML6AJPCA6ITTIDCAKI HW6Q.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAMNC26TCA6IOHD7CADSNV05CACLGGXOCA89BKCQCAS21KX0CAX8158LCAG7CXLXCATPEABGCAE DQRLQCAHQOWT8CAOEKBIRCA4JRAPNCAFMYSG1CA1WU26PCA4GXDX7CA5TKIVWCA90V97UCALKPLQUCASJ PVBD.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAXSFJLPCAF8S2EQCAZCP3IXCAVB8QNYCAJ8NT7ZCAVN4F2ZCALVG9YECAE2D4Z6CARSN38OCAA ARMUCCATQ5ZIOCAV7B1YUCA9UOF17CATTSQZFCAEH0SN4CADEFBOLCAC2DO23CALHGKAPCAKS4E7TCAJL 37FK.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\J8MGCAECESWNCA4OXARPCAKUYBODCAOE9KDBCAHRV19FCAPBPU8HCAM2RLE2CASTCT9MCAJVLR9 FCASA134QCABK14BRCA206QJ5CAGMZJHICAP5AY18CAVKJUVBCAQX12VRCAYLJ3CJCA9IW03NCARDJHMA CAMZTYKJ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\REK9CA2P5UOJCAOE334WCAFZNSA1CAHDG8MYCA95OJJZCA67CIN9CAJF08OWCAY0SAYBCAC25KS SCA3JJNDCCA7TRZDOCAS8UF32CAYNJMXMCA3W975TCAGVAO08CAR0L82ICA2BV066CACXAYLYCA4K49XM CADR8DZF scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\UEW8CAOQASRWCAFREGP1CAYMTU9RCAV09X2FCA5C6VV8CAQA0312CAJJSS7QCA68SAPHCAD34NM XCAGVYIRYCA2F97QDCAW4SAQ5CASE3H0GCAF366M9CAE9Q98WCAC4YNL1CAC9HTNMCAE4YOSOCARG96U2 CALWB9C3 scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAGBN0ZYCACP9CQACAN5QN8KCAAQHJMFCA3LCU81CA7RJDENCA1UCDPSCAF5YYGBCADZ4EACCAW VWKCFCAJJQJ8GCAY6KU0NCA0XFNA4CAD6SXEECA1X9JJSCAT9C6D7CA2XTCN0CAIKZPINCANFAS5PCA2F DEIY.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAI34R8DCA4DI0TRCAAN0ND2CA0ODSPNCA0MBBF0CA852RV4CASZBJT6CAEGQQXFCATWIG8TCA8 A8KHJCA5FJWGECA4CR3BQCAU5VZFQCAJM3NUPCA1RASQECA56E11YCA457NJTCATULBKDCAYFAF66CAZU P93H.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAKFNV0BCANAOKUXCAWN76QQCANW3LKZCAH5QNEYCAZ19AWMCALIBZ90CARFHBV6CA9FXM4RCAI YY6NNCA9QTXUNCAYTCGKRCAAIRHEVCAUFEMTZCABVC4C3CAB8D0WMCABJJY30CA1MGEB6CAFZQFN9CARL MD03.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAOH3H9KCA9JHF40CA0F9BM6CAU1SBT4CAZYD9J8CAB2LYH9CAEODYHICA0R770NCAQ76PWECAG HJ23DCA8YW6M6CAXXLN1QCA7S2Y1OCALA54CICAWOUJ77CAZPNGF2CA2Z5ZUPCAJYPEJKCAT9CXK5CA29 2GOQ.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAQKSLQ1CA1OGXLHCACD2VIZCARET60CCA6GIGFRCAJDX53BCASZT2PBCA3LXD26CA2GVY3TCAV B4PK8CABBTL69CAXWW7Y0CAHHJQHBCA7Y7H3GCA5X5NKQCASSRXD8CAFJ3WW0CAF8IXT8CAJTOSETCAFL X3BE.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA2XGKE5CAN9NK2ECAJ4VJMICALPF9DUCAMBWT9JCADV4Y6ICAHPMKEOCA3E3NAACAM0JNNQCA9 3RE8VCA1JMWF5CASRODF3CA5NMTBXCAH6U2G2CAMAYJ73CA6TLAOZCAKJ17WLCA06EYE7CAODCWX6CALJ UMNU.txt scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7NX99UCAMFHN64CA8LK7G7CADL9RUZCACO5C0UCAQ57353CA6Y2LZACA5XCCH2CAZB0WVGCAV GO2I0CACV452RCAYN0I5PCAOB8OPSCA7SU5VOCAQIXWEDCAXL4W5TCA8OUVSSCAWO9HX0CAHKPZY3CA4A SDSU.txt scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7UH7WCCAAVWX6GCA45F64GCAASO326CALOAT5FCAMC4NWECA0DQRB7CAM046LXCA05V8GICAU CGKEYCAH4AR8MCA12OE8ECAPOELR0CAO7HFQKCAMX6N65CAMEBDRJCAJA5AORCAN3UOM1CA1TNW5XCAWC T2EE.txt scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA9E01OECAQSTHU4CAF33OQ4CAFF6GSQCA5OGEG8CAKFWUHBCA0NK4AYCA28TTRZCA3AGRFYCAZ JO9ZMCAGSR66HCAGP1WEUCAJS003ECAPENMGICAHGN3IWCA3QXLZDCACWQD1SCAJODWEHCATGVRRNCA8A W441.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAKP6AIACA1UOZ1TCAZW4WCQCAX2COW3CAUYZTPMCAOYMW7WCAJNTKUBCAKQW6DXCAIU62O9CAJ H5GJMCAZK9CYHCAVVV3V1CA6810WOCAN4LRZ2CA3HF1I1CA76QJI7CADCBPM2CA04XWRMCAXUXNUZCA1X GIDK.txt scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAUJDZGHCAVMYW85CA1KOKV2CAFPD3LYCA8FVBNDCAY3JHDDCABVUYKLCA8P21Y6CAMWDYJMCA9 V1N4DCAJ0O47ECA10MW0XCA2IEGY4CAS053O7CATNEBUHCABPOLMUCAN9TMNQCAJKHA9GCA02Z03RCAZ7 WUS1.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\0VAWCA4UXC4MCA5VKGYICA3U3TNBCAJUMIE2CANMTHOMCA6FK6GGCAPTYG2BCAI1Y2IJCAHNMQOIC AK87D79CANTWI2SCAYZXOUGCADL3MVKCAUSUDG5CAC1X34ECAENZF4ECAVM94NECAGZV3N3CAN4A521CA Q5NSBZ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\2OVDCAYO80R2CAX31Y4NCAWTUQO9CAYG71QPCA4NBJIICA5S28OLCAXUYQX1CA11DUMZCA4QC68 RCAQ4FEQXCA0WHRBVCA8PQL2CCADBN5VWCAYLBN4WCAYJOW6PCAUT20E2CA2MR887CA5KV7NNCA2ZTVLI CA7WX2JD scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\9AFHCAVAAPX5CA1S0SJZCATEN01UCAP1WW5YCA23R304CAMOD0YVCA3BKX60CA0ZEE2ICAJGKBL NCA08KIPBCABEKME6CAV877A7CAGCJMP4CA33IR2NCAT7DH62CA95X34KCAFRZ3N0CADSRY0ZCA7RFGJP CAVSH0GA scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CA0E93U3CAD4XRI8CA54VXV7CA5AN30BCA0ZC3UICA3N30IOCAZBG90FCAFY0D0HCA1D251MCAG RRZL2CAP55FL8CA11MRUGCAIPAQQGCA48MIOKCA6XLEKQCA5LZD2NCACJRA9ICA21Q7ZBCA88DAY0CA6R GX0C.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CAUKR83ECACWB2QJCAP270YACATEZ99NCAQTDS9VCA9DP3JICAZOD94JCA5QG1HNCA7L4DJACA0 T0I5OCAFZJ3LBCAPCRWMJCA3CKQGHCAPYVMKOCAHIDGB6CAFB36BWCAPTMEK0CA02Y50MCAA330Q3CAFX LHGB.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\OZKJCAO8Z2UFCARYM2EICA2QD4H6CACAHOMACAQGVY9CCA1FHPMDCA2FLDCXCA4RGGW0CADKYSZ UCAL3L9KBCAPMKA33CA1T7WBXCAAM2IWCCAVLHNEYCARDZRB9CAYTUQACCA97AO4HCAM6JXQLCAF811VC CAAPT5M8 scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\TYKNCAGFAVIGCA87XOT0CAJZBCY2CA62VAP0CARUNON5CAPCG6Z3CAHJ98AWCA8M4R93CAR1SGM ICAH2E496CATIBE98CAJSOVSXCA7MG8DRCA4XDIYVCAHLP3RWCA5T09CUCAKUNBXSCAA2V469CAFTTRK4 CA0QWW71 scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\VZWXCARWSJ5ICATG47GTCAUKRTDPCA8NX54GCA2DUT3DCABX3QL1CAQXEWXVCA8HZSU0CAKS026 ACAJIBTJXCADJSQHWCA03H4OLCA1KOSHVCAE0193HCAZ3W5Z0CAJY5C0ECADI6SRRCAKL6HL9CAIUZZL2 CAXP15AU scheduled to be deleted on reboot. ->Temp folder emptied: 3284331 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2351795 bytes %systemroot%\System32 .tmp files removed: 3072 bytes Windows Temp folder emptied: 696261 bytes RecycleBin emptied: 781909 bytes Total Files Cleaned = 6,79 mb OTM by OldTimer - Version 3.0.0.5 log created on 08042009_162924 Files moved on Reboot... File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\227LCA2KRLPKCABOF7EICAYR7B3YCAOPP3LACA0S1Q5DCAIE4J36CAWQDHEDCA48LD1SCA4DWDF KCA0NJJLTCAGSPC54CAMECGJ5CAHXP72BCALYFSR5CAHLN00UCALKXXCKCAWCCGZSCAGRAFZACATZVO7Y CAE3NREB not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\23J0CAU8S009CALDZPW8CAJF9HEJCAOLNB63CA64TA2KCAV1MVOQCAHDGH4ICA7FNVEOCAZY7GI FCAEHHCWKCA9FQY0NCA5ER86ICATWVY7ACADK0IGYCAO08WFWCA4PZ3CWCA77ZMPOCAERBCAQCA2DKKY5 CAH2BF23 not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CALB5I8RCAM7H6KGCA6RCM6QCA4024VCCASOREVWCA5OW55SCADLK39ACA4O6VLHCA68BCY6CAI OHP5DCA10T5AUCAM1JEYZCA6WDRPNCA0GZ3BYCAL3AMPFCA48BZNRCAV1117GCAML6AJPCA6ITTIDCAKI HW6Q.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAMNC26TCA6IOHD7CADSNV05CACLGGXOCA89BKCQCAS21KX0CAX8158LCAG7CXLXCATPEABGCAE DQRLQCAHQOWT8CAOEKBIRCA4JRAPNCAFMYSG1CA1WU26PCA4GXDX7CA5TKIVWCA90V97UCALKPLQUCASJ PVBD.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAXSFJLPCAF8S2EQCAZCP3IXCAVB8QNYCAJ8NT7ZCAVN4F2ZCALVG9YECAE2D4Z6CARSN38OCAA ARMUCCATQ5ZIOCAV7B1YUCA9UOF17CATTSQZFCAEH0SN4CADEFBOLCAC2DO23CALHGKAPCAKS4E7TCAJL 37FK.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\J8MGCAECESWNCA4OXARPCAKUYBODCAOE9KDBCAHRV19FCAPBPU8HCAM2RLE2CASTCT9MCAJVLR9 FCASA134QCABK14BRCA206QJ5CAGMZJHICAP5AY18CAVKJUVBCAQX12VRCAYLJ3CJCA9IW03NCARDJHMA CAMZTYKJ not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\REK9CA2P5UOJCAOE334WCAFZNSA1CAHDG8MYCA95OJJZCA67CIN9CAJF08OWCAY0SAYBCAC25KS SCA3JJNDCCA7TRZDOCAS8UF32CAYNJMXMCA3W975TCAGVAO08CAR0L82ICA2BV066CACXAYLYCA4K49XM CADR8DZF not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\UEW8CAOQASRWCAFREGP1CAYMTU9RCAV09X2FCA5C6VV8CAQA0312CAJJSS7QCA68SAPHCAD34NM XCAGVYIRYCA2F97QDCAW4SAQ5CASE3H0GCAF366M9CAE9Q98WCAC4YNL1CAC9HTNMCAE4YOSOCARG96U2 CALWB9C3 not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAGBN0ZYCACP9CQACAN5QN8KCAAQHJMFCA3LCU81CA7RJDENCA1UCDPSCAF5YYGBCADZ4EACCAW VWKCFCAJJQJ8GCAY6KU0NCA0XFNA4CAD6SXEECA1X9JJSCAT9C6D7CA2XTCN0CAIKZPINCANFAS5PCA2F DEIY.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAI34R8DCA4DI0TRCAAN0ND2CA0ODSPNCA0MBBF0CA852RV4CASZBJT6CAEGQQXFCATWIG8TCA8 A8KHJCA5FJWGECA4CR3BQCAU5VZFQCAJM3NUPCA1RASQECA56E11YCA457NJTCATULBKDCAYFAF66CAZU P93H.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAKFNV0BCANAOKUXCAWN76QQCANW3LKZCAH5QNEYCAZ19AWMCALIBZ90CARFHBV6CA9FXM4RCAI YY6NNCA9QTXUNCAYTCGKRCAAIRHEVCAUFEMTZCABVC4C3CAB8D0WMCABJJY30CA1MGEB6CAFZQFN9CARL MD03.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAOH3H9KCA9JHF40CA0F9BM6CAU1SBT4CAZYD9J8CAB2LYH9CAEODYHICA0R770NCAQ76PWECAG HJ23DCA8YW6M6CAXXLN1QCA7S2Y1OCALA54CICAWOUJ77CAZPNGF2CA2Z5ZUPCAJYPEJKCAT9CXK5CA29 2GOQ.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAQKSLQ1CA1OGXLHCACD2VIZCARET60CCA6GIGFRCAJDX53BCASZT2PBCA3LXD26CA2GVY3TCAV B4PK8CABBTL69CAXWW7Y0CAHHJQHBCA7Y7H3GCA5X5NKQCASSRXD8CAFJ3WW0CAF8IXT8CAJTOSETCAFL X3BE.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA2XGKE5CAN9NK2ECAJ4VJMICALPF9DUCAMBWT9JCADV4Y6ICAHPMKEOCA3E3NAACAM0JNNQCA9 3RE8VCA1JMWF5CASRODF3CA5NMTBXCAH6U2G2CAMAYJ73CA6TLAOZCAKJ17WLCA06EYE7CAODCWX6CALJ UMNU.txt not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7NX99UCAMFHN64CA8LK7G7CADL9RUZCACO5C0UCAQ57353CA6Y2LZACA5XCCH2CAZB0WVGCAV GO2I0CACV452RCAYN0I5PCAOB8OPSCA7SU5VOCAQIXWEDCAXL4W5TCA8OUVSSCAWO9HX0CAHKPZY3CA4A SDSU.txt not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7UH7WCCAAVWX6GCA45F64GCAASO326CALOAT5FCAMC4NWECA0DQRB7CAM046LXCA05V8GICAU CGKEYCAH4AR8MCA12OE8ECAPOELR0CAO7HFQKCAMX6N65CAMEBDRJCAJA5AORCAN3UOM1CA1TNW5XCAWC T2EE.txt not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA9E01OECAQSTHU4CAF33OQ4CAFF6GSQCA5OGEG8CAKFWUHBCA0NK4AYCA28TTRZCA3AGRFYCAZ JO9ZMCAGSR66HCAGP1WEUCAJS003ECAPENMGICAHGN3IWCA3QXLZDCACWQD1SCAJODWEHCATGVRRNCA8A W441.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAKP6AIACA1UOZ1TCAZW4WCQCAX2COW3CAUYZTPMCAOYMW7WCAJNTKUBCAKQW6DXCAIU62O9CAJ H5GJMCAZK9CYHCAVVV3V1CA6810WOCAN4LRZ2CA3HF1I1CA76QJI7CADCBPM2CA04XWRMCAXUXNUZCA1X GIDK.txt not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAUJDZGHCAVMYW85CA1KOKV2CAFPD3LYCA8FVBNDCAY3JHDDCABVUYKLCA8P21Y6CAMWDYJMCA9 V1N4DCAJ0O47ECA10MW0XCA2IEGY4CAS053O7CATNEBUHCABPOLMUCAN9TMNQCAJKHA9GCA02Z03RCAZ7 WUS1.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\0VAWCA4UXC4MCA5VKGYICA3U3TNBCAJUMIE2CANMTHOMCA6FK6GGCAPTYG2BCAI1Y2IJCAHNMQOIC AK87D79CANTWI2SCAYZXOUGCADL3MVKCAUSUDG5CAC1X34ECAENZF4ECAVM94NECAGZV3N3CAN4A521CA Q5NSBZ not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\2OVDCAYO80R2CAX31Y4NCAWTUQO9CAYG71QPCA4NBJIICA5S28OLCAXUYQX1CA11DUMZCA4QC68 RCAQ4FEQXCA0WHRBVCA8PQL2CCADBN5VWCAYLBN4WCAYJOW6PCAUT20E2CA2MR887CA5KV7NNCA2ZTVLI CA7WX2JD not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\9AFHCAVAAPX5CA1S0SJZCATEN01UCAP1WW5YCA23R304CAMOD0YVCA3BKX60CA0ZEE2ICAJGKBL NCA08KIPBCABEKME6CAV877A7CAGCJMP4CA33IR2NCAT7DH62CA95X34KCAFRZ3N0CADSRY0ZCA7RFGJP CAVSH0GA not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CA0E93U3CAD4XRI8CA54VXV7CA5AN30BCA0ZC3UICA3N30IOCAZBG90FCAFY0D0HCA1D251MCAG RRZL2CAP55FL8CA11MRUGCAIPAQQGCA48MIOKCA6XLEKQCA5LZD2NCACJRA9ICA21Q7ZBCA88DAY0CA6R GX0C.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CAUKR83ECACWB2QJCAP270YACATEZ99NCAQTDS9VCA9DP3JICAZOD94JCA5QG1HNCA7L4DJACA0 T0I5OCAFZJ3LBCAPCRWMJCA3CKQGHCAPYVMKOCAHIDGB6CAFB36BWCAPTMEK0CA02Y50MCAA330Q3CAFX LHGB.htm not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\OZKJCAO8Z2UFCARYM2EICA2QD4H6CACAHOMACAQGVY9CCA1FHPMDCA2FLDCXCA4RGGW0CADKYSZ UCAL3L9KBCAPMKA33CA1T7WBXCAAM2IWCCAVLHNEYCARDZRB9CAYTUQACCA97AO4HCAM6JXQLCAF811VC CAAPT5M8 not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\TYKNCAGFAVIGCA87XOT0CAJZBCY2CA62VAP0CARUNON5CAPCG6Z3CAHJ98AWCA8M4R93CAR1SGM ICAH2E496CATIBE98CAJSOVSXCA7MG8DRCA4XDIYVCAHLP3RWCA5T09CUCAKUNBXSCAA2V469CAFTTRK4 CA0QWW71 not found! File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\VZWXCARWSJ5ICATG47GTCAUKRTDPCA8NX54GCA2DUT3DCABX3QL1CAQXEWXVCA8HZSU0CAKS026 ACAJIBTJXCADJSQHWCA03H4OLCA1KOSHVCAE0193HCAZ3W5Z0CAJY5C0ECADI6SRRCAKL6HL9CAIUZZL2 CAXP15AU not found! Registry entries deleted on Reboot... et virus total: Fichier gifowola.vbs reçu le 2009.08.04 14:43:50 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.04 - AhnLab-V3 5.0.0.2 2009.08.03 - AntiVir 7.9.0.240 2009.08.04 - Antiy-AVL 2.0.3.7 2009.08.04 - Authentium 5.1.2.4 2009.08.03 - Avast 4.8.1335.0 2009.08.04 - AVG 8.5.0.406 2009.08.04 - BitDefender 7.2 2009.08.04 - CAT-QuickHeal 10.00 2009.08.04 - ClamAV 0.94.1 2009.08.04 - Comodo 1863 2009.08.04 - DrWeb 5.0.0.12182 2009.08.04 - eSafe 7.0.17.0 2009.08.04 - eTrust-Vet 31.6.6657 2009.08.04 - F-Prot 4.4.4.56 2009.08.03 - F-Secure 8.0.14470.0 2009.08.04 - Fortinet 3.120.0.0 2009.08.04 - GData 19 2009.08.04 - Ikarus T3.1.1.64.0 2009.08.04 - Jiangmin 11.0.800 2009.08.04 - K7AntiVirus 7.10.810 2009.08.04 - Kaspersky 7.0.0.125 2009.08.04 - McAfee 5697 2009.08.03 - McAfee+Artemis 5697 2009.08.03 - McAfee-GW-Edition 6.8.5 2009.08.04 - Microsoft 1.4903 2009.08.04 - NOD32 4305 2009.08.04 - Norman 6.01.09 2009.08.04 - nProtect 2009.1.8.0 2009.08.04 - Panda 10.0.0.14 2009.08.03 - PCTools 4.4.2.0 2009.08.04 - Prevx 3.0 2009.08.04 - Rising 21.41.14.00 2009.08.04 - Sophos 4.44.0 2009.08.04 - Sunbelt 3.2.1858.2 2009.08.04 - Symantec 1.4.4.12 2009.08.04 - TheHacker 6.3.4.3.375 2009.08.01 - TrendMicro 8.950.0.1094 2009.08.04 - VBA32 3.12.10.9 2009.08.04 - ViRobot 2009.8.4.1867 2009.08.04 - VirusBuster 4.6.5.0 2009.08.04 - Information additionnelle File size: 18077 bytes MD5...: fb65de94da88747a5feb3c8ff5e91cb4 SHA1..: 6adfb68b733d3992ddb4aca20e36857f5cb1ff54 SHA256: a66f093d23855a07a99f3210f62b51eb8c237ff58ca85922554b1f2eb1ad6cb6 ssdeep: 384:JCTiKY2+1+KAMrAnHStMAzXbFRWyaw+GxiPmm7LZZI18LYkA2PeBAe8:0TiK<BR>J+1+KWSr/WwiP5X//yz8<BR> PEiD..: - TrID..: File type identification<BR>Unknown! PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set<BR>-

Fichier xazuvily.dll reçu le 2009.08.04 14:42:41 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.04 - AhnLab-V3 5.0.0.2 2009.08.03 - AntiVir 7.9.0.240 2009.08.04 - Antiy-AVL 2.0.3.7 2009.08.04 - Authentium 5.1.2.4 2009.08.03 - Avast 4.8.1335.0 2009.08.04 - AVG 8.5.0.406 2009.08.04 - BitDefender 7.2 2009.08.04 - CAT-QuickHeal 10.00 2009.08.04 - ClamAV 0.94.1 2009.08.04 - Comodo 1863 2009.08.04 - DrWeb 5.0.0.12182 2009.08.04 - eSafe 7.0.17.0 2009.08.04 - eTrust-Vet 31.6.6657 2009.08.04 - F-Prot 4.4.4.56 2009.08.03 - F-Secure 8.0.14470.0 2009.08.04 - Fortinet 3.120.0.0 2009.08.04 - GData 19 2009.08.04 - Ikarus T3.1.1.64.0 2009.08.04 - Jiangmin 11.0.800 2009.08.04 - K7AntiVirus 7.10.810 2009.08.04 - Kaspersky 7.0.0.125 2009.08.04 - McAfee 5697 2009.08.03 - McAfee+Artemis 5697 2009.08.03 - McAfee-GW-Edition 6.8.5 2009.08.04 - Microsoft 1.4903 2009.08.04 - NOD32 4305 2009.08.04 - Norman 6.01.09 2009.08.04 - nProtect 2009.1.8.0 2009.08.04 - Panda 10.0.0.14 2009.08.03 - PCTools 4.4.2.0 2009.08.04 - Prevx 3.0 2009.08.04 - Rising 21.41.14.00 2009.08.04 - Sophos 4.44.0 2009.08.04 - Sunbelt 3.2.1858.2 2009.08.04 - Symantec 1.4.4.12 2009.08.04 - TheHacker 6.3.4.3.375 2009.08.01 - TrendMicro 8.950.0.1094 2009.08.04 - VBA32 3.12.10.9 2009.08.04 - ViRobot 2009.8.4.1867 2009.08.04 - VirusBuster 4.6.5.0 2009.08.04 - Information additionnelle File size: 10616 bytes MD5...: b6f0b074e7da5bfa958aa3303e5c211b SHA1..: 60f3071a184abf95586cb818044eae2a5fa07248 SHA256: ca1960ec388441e9f6038c577e212d9532581033a8aca80cc9047e6aa38bb6e8 ssdeep: 192:giRvOdbBoBWk30UcHJQEb7rDW/LSOxByJLrn4O8AbJv6p68In/WuzLrerX9I<BR>VtI0:7vObuBFcHSJ/LPfyhrCAbJCo8e9vsMv<BR> PEiD..: - TrID..: File type identification<BR>MPEG Video (100.0%) PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set<BR>- Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.04 - AhnLab-V3 5.0.0.2 2009.08.03 - AntiVir 7.9.0.240 2009.08.04 - Antiy-AVL 2.0.3.7 2009.08.04 - Authentium 5.1.2.4 2009.08.03 - Avast 4.8.1335.0 2009.08.04 - AVG 8.5.0.406 2009.08.04 - BitDefender 7.2 2009.08.04 - CAT-QuickHeal 10.00 2009.08.04 - ClamAV 0.94.1 2009.08.04 - Comodo 1863 2009.08.04 - DrWeb 5.0.0.12182 2009.08.04 - eSafe 7.0.17.0 2009.08.04 - eTrust-Vet 31.6.6657 2009.08.04 - F-Prot 4.4.4.56 2009.08.03 - F-Secure 8.0.14470.0 2009.08.04 - Fortinet 3.120.0.0 2009.08.04 - GData 19 2009.08.04 - Ikarus T3.1.1.64.0 2009.08.04 - Jiangmin 11.0.800 2009.08.04 - K7AntiVirus 7.10.810 2009.08.04 - Kaspersky 7.0.0.125 2009.08.04 - McAfee 5697 2009.08.03 - McAfee+Artemis 5697 2009.08.03 - McAfee-GW-Edition 6.8.5 2009.08.04 - Microsoft 1.4903 2009.08.04 - NOD32 4305 2009.08.04 - Norman 6.01.09 2009.08.04 - nProtect 2009.1.8.0 2009.08.04 - Panda 10.0.0.14 2009.08.03 - PCTools 4.4.2.0 2009.08.04 - Prevx 3.0 2009.08.04 - Rising 21.41.14.00 2009.08.04 - Sophos 4.44.0 2009.08.04 - Sunbelt 3.2.1858.2 2009.08.04 - Symantec 1.4.4.12 2009.08.04 - TheHacker 6.3.4.3.375 2009.08.01 - TrendMicro 8.950.0.1094 2009.08.04 - VBA32 3.12.10.9 2009.08.04 - ViRobot 2009.8.4.1867 2009.08.04 - VirusBuster 4.6.5.0 2009.08.04 - Information additionnelle File size: 10616 bytes MD5...: b6f0b074e7da5bfa958aa3303e5c211b SHA1..: 60f3071a184abf95586cb818044eae2a5fa07248 SHA256: ca1960ec388441e9f6038c577e212d9532581033a8aca80cc9047e6aa38bb6e8 ssdeep: 192:giRvOdbBoBWk30UcHJQEb7rDW/LSOxByJLrn4O8AbJv6p68In/WuzLrerX9I<BR>VtI0:7vObuBFcHSJ/LPfyhrCAbJCo8e9vsMv<BR> PEiD..: - TrID..: File type identification<BR>MPEG Video (100.0%) PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set<BR>-

Fichier dazevibyb.exe reçu le 2009.08.04 14:30:18 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.04 - AhnLab-V3 5.0.0.2 2009.08.03 - AntiVir 7.9.0.240 2009.08.04 - Antiy-AVL 2.0.3.7 2009.08.04 - Authentium 5.1.2.4 2009.08.03 - Avast 4.8.1335.0 2009.08.04 - AVG 8.5.0.406 2009.08.04 - BitDefender 7.2 2009.08.04 - CAT-QuickHeal 10.00 2009.08.04 - ClamAV 0.94.1 2009.08.04 - Comodo 1863 2009.08.04 - DrWeb 5.0.0.12182 2009.08.04 - eSafe 7.0.17.0 2009.08.03 - eTrust-Vet 31.6.6657 2009.08.04 - F-Prot 4.4.4.56 2009.08.03 - F-Secure 8.0.14470.0 2009.08.04 - Fortinet 3.120.0.0 2009.08.04 - GData 19 2009.08.04 - Ikarus T3.1.1.64.0 2009.08.04 - Jiangmin 11.0.800 2009.08.04 - K7AntiVirus 7.10.810 2009.08.04 - Kaspersky 7.0.0.125 2009.08.04 - McAfee 5697 2009.08.03 - McAfee+Artemis 5697 2009.08.03 - McAfee-GW-Edition 6.8.5 2009.08.04 - Microsoft 1.4903 2009.08.04 - NOD32 4305 2009.08.04 - Norman 6.01.09 2009.08.04 - nProtect 2009.1.8.0 2009.08.04 - Panda 10.0.0.14 2009.08.03 - PCTools 4.4.2.0 2009.08.04 - Prevx 3.0 2009.08.04 - Rising 21.41.14.00 2009.08.04 - Sophos 4.44.0 2009.08.04 - Sunbelt 3.2.1858.2 2009.08.04 - Symantec 1.4.4.12 2009.08.04 - TheHacker 6.3.4.3.375 2009.08.01 - TrendMicro 8.950.0.1094 2009.08.04 - VBA32 3.12.10.9 2009.08.04 - ViRobot 2009.8.4.1867 2009.08.04 - VirusBuster 4.6.5.0 2009.08.04 - Information additionnelle File size: 13654 bytes MD5...: d13a87c9be5a18cec19afdf2f5c0a3b7 SHA1..: f24293e89519dcc2cece2ec00a98fca37eea8c7a SHA256: 6ab528284e1773d3395346d3f24aa5828b75348b847eb8c248f31dc9552b4e4e ssdeep: 384:QAajycuS6KGMEXtLY1BQszYTjqaSp40nOlm:8jFsXtLYBxjagjn<BR> PEiD..: - TrID..: File type identification<BR>Unknown! PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set<BR>- Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.08.04 - AhnLab-V3 5.0.0.2 2009.08.03 - AntiVir 7.9.0.240 2009.08.04 - Antiy-AVL 2.0.3.7 2009.08.04 - Authentium 5.1.2.4 2009.08.03 - Avast 4.8.1335.0 2009.08.04 - AVG 8.5.0.406 2009.08.04 - BitDefender 7.2 2009.08.04 - CAT-QuickHeal 10.00 2009.08.04 - ClamAV 0.94.1 2009.08.04 - Comodo 1863 2009.08.04 - DrWeb 5.0.0.12182 2009.08.04 - eSafe 7.0.17.0 2009.08.03 - eTrust-Vet 31.6.6657 2009.08.04 - F-Prot 4.4.4.56 2009.08.03 - F-Secure 8.0.14470.0 2009.08.04 - Fortinet 3.120.0.0 2009.08.04 - GData 19 2009.08.04 - Ikarus T3.1.1.64.0 2009.08.04 - Jiangmin 11.0.800 2009.08.04 - K7AntiVirus 7.10.810 2009.08.04 - Kaspersky 7.0.0.125 2009.08.04 - McAfee 5697 2009.08.03 - McAfee+Artemis 5697 2009.08.03 - McAfee-GW-Edition 6.8.5 2009.08.04 - Microsoft 1.4903 2009.08.04 - NOD32 4305 2009.08.04 - Norman 6.01.09 2009.08.04 - nProtect 2009.1.8.0 2009.08.04 - Panda 10.0.0.14 2009.08.03 - PCTools 4.4.2.0 2009.08.04 - Prevx 3.0 2009.08.04 - Rising 21.41.14.00 2009.08.04 - Sophos 4.44.0 2009.08.04 - Sunbelt 3.2.1858.2 2009.08.04 - Symantec 1.4.4.12 2009.08.04 - TheHacker 6.3.4.3.375 2009.08.01 - TrendMicro 8.950.0.1094 2009.08.04 - VBA32 3.12.10.9 2009.08.04 - ViRobot 2009.8.4.1867 2009.08.04 - VirusBuster 4.6.5.0 2009.08.04 - Information additionnelle File size: 13654 bytes MD5...: d13a87c9be5a18cec19afdf2f5c0a3b7 SHA1..: f24293e89519dcc2cece2ec00a98fca37eea8c7a SHA256: 6ab528284e1773d3395346d3f24aa5828b75348b847eb8c248f31dc9552b4e4e ssdeep: 384:QAajycuS6KGMEXtLY1BQszYTjqaSp40nOlm:8jFsXtLYBxjagjn<BR> PEiD..: - TrID..: File type identification<BR>Unknown! PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set<BR>-

ok je refais tout ca! j'ai refais une analyse mbam pour voir et il m'a trouvé ca: Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2557 Windows 5.1.2600 Service Pack 3 04/08/2009 15:45:51 mbam-log-2009-08-04 (15-45-51).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 138211 Temps écoulé: 23 minute(s), 44 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 34 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010280.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010312.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010330.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010347.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010350.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010353.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010358.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010366.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010382.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010399.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010405.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010406.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010417.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010422.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010424.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010428.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010430.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010436.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010437.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010438.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010446.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010460.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010466.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010469.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010498.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010571.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP81\A0010576.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\temp\wpv481249195745.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\wpv131249202403.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

info.txt logfile of random's system information tool 1.06 2009-08-04 16:01:04 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-aware 6 Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe AutoCAD LT 2007 - Français-->MsiExec.exe /I{5783F2D7-5009-040C-0002-0060B0CE6BBA} Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HijackThis 2.0.2-->"Q:\log\HijackThis.exe" /uninstall Language Pack for Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1036} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" WinMessenger 2.0-->%ProgramFiles%\WinMessenger\Setup\Setup.exe /UNINSTALL ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: NICOLAS Event Code: 7036 Message: Le service Service d'administration du Gestionnaire de disque logique est entré dans l'état : en cours d'exécution. Record Number: 1181 Source Name: Service Control Manager Time Written: 20090515112722.000000+120 Event Type: Informations User: Computer Name: NICOLAS Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service d'administration du Gestionnaire de disque logique. Record Number: 1180 Source Name: Service Control Manager Time Written: 20090515112722.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NICOLAS Event Code: 7036 Message: Le service Gestion d'applications est entré dans l'état : en cours d'exécution. Record Number: 1179 Source Name: Service Control Manager Time Written: 20090515104857.000000+120 Event Type: Informations User: Computer Name: NICOLAS Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications. Record Number: 1178 Source Name: Service Control Manager Time Written: 20090515104857.000000+120 Event Type: Informations User: CP_ Computer Name: NICOLAS Event Code: 7036 Message: Le service Autodesk Licensing Service est entré dans l'état : en cours d'exécution. Record Number: 1177 Source Name: Service Control Manager Time Written: 20090515093554.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: NICOLAS Event Code: 4096 Message: Le service AntiVir a bien démarré! Record Number: 331 Source Name: Avira AntiVir Time Written: 20090610094742.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NICOLAS Event Code: 11707 Message: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 -- Installation completed successfully. Record Number: 330 Source Name: MsiInstaller Time Written: 20090610094626.000000+120 Event Type: Informations User: CPS-BE\NICOLAS BECQUET Computer Name: NICOLAS Event Code: 1002 Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré. Record Number: 329 Source Name: Winlogon Time Written: 20090610090414.000000+120 Event Type: Informations User: Computer Name: NICOLAS Event Code: 1704 Message: La stratégie de sécurité dans les objets Stratégie de groupe a été appliquée correctement. Record Number: 328 Source Name: SceCli Time Written: 20090610085010.000000+120 Event Type: Informations User: Computer Name: NICOLAS Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 327 Source Name: SecurityCenter Time Written: 20090610085007.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=2b01 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

le fichier log: Logfile of random's system information tool 1.06 (written by random/random) Run by _ at 2009-08-04 16:00:53 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 30 GB (77%) free of 39 GB Total RAM: 2047 MB (80% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:01:03, on 04/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\hp32_nword.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hp32_nword.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\WinMessenger\WinMesgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\NICOLAS _\Bureau\RSIT.exe C:\WINDOWS\system32\wscntfy.exe Q:\log\_.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [hp32_nword] C:\WINDOWS\system32\hp32_nword.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [hp32_nword] C:\Documents and Settings\NICOLAS _\hp32_nword.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: WinMessenger StartUp.lnk = C:\Program Files\WinMessenger\WinMesgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CP_ O17 - HKLM\Software\..\Telephony: DomainName = CP_ O17 - HKLM\System\CCS\Services\Tcpip\..\{E0CD094C-C97D-499F-8FB3-87C4C0FB0BAE}: NameServer = 192.168.1._ O17 - HKLM\System\CCS\Services\Tcpip\..\{E92561B5-E14E-4608-ABA3-FDE3649EF27E}: NameServer = 192.168.1._ O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CP_ O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CP_ O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5591 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "hp32_nword"=C:\WINDOWS\system32\hp32_nword.exe [2009-08-04 27526] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] "braviax"=C:\WINDOWS\system32\braviax.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208] "hp32_nword"=C:\Documents and Settings\NICOLAS _E\hp32_nword.exe [2009-08-04 27526] "braviax"=C:\WINDOWS\system32\braviax.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010] C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe /hide [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Accélérateur de démarrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe WinMessenger StartUp.lnk - C:\Program Files\WinMessenger\WinMesgr.exe C:\Documents and Settings\NICOLAS _\Menu Démarrer\Programmes\Démarrage ikowin32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoWelcomeScreen"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home" ======File associations====== .scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-08-04 16:00:53 ----D---- C:\rsit 2009-08-04 12:14:18 ----A---- C:\WINDOWS\system32\hp32_nword.exe 2009-08-04 12:06:30 ----A---- C:\ComboFix.txt 2009-08-04 12:00:40 ----D---- C:\WINDOWS\temp 2009-08-04 11:59:12 ----A---- C:\WINDOWS\zip.exe 2009-08-04 11:59:12 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-04 11:59:12 ----A---- C:\WINDOWS\SWSC.exe 2009-08-04 11:59:12 ----A---- C:\WINDOWS\SWREG.exe 2009-08-04 11:59:12 ----A---- C:\WINDOWS\sed.exe 2009-08-04 11:59:12 ----A---- C:\WINDOWS\PEV.exe 2009-08-04 11:59:12 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-04 11:59:12 ----A---- C:\WINDOWS\grep.exe 2009-08-04 11:59:09 ----SD---- C:\ComboFix 2009-08-04 11:59:09 ----D---- C:\WINDOWS\ERDNT 2009-08-04 11:58:54 ----D---- C:\Qoobox 2009-08-04 11:24:42 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-04 11:08:44 ----D---- C:\WINDOWS\pss 2009-08-04 11:03:44 ----A---- C:\WINDOWS\xazuvily.dll 2009-08-04 11:03:44 ----A---- C:\WINDOWS\system32\gifowola.vbs 2009-08-04 11:03:44 ----A---- C:\WINDOWS\system32\dazevibyb.exe 2009-08-04 11:03:44 ----A---- C:\Documents and Settings\All Users\Application Data\osyxaver.exe 2009-08-04 09:36:14 ----D---- C:\Documents and Settings\NICOLAS _\Application Data\Malwarebytes 2009-08-04 09:36:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-04 09:36:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes ======List of files/folders modified in the last 1 months====== 2009-08-04 16:00:57 ----D---- C:\WINDOWS\Prefetch 2009-08-04 16:00:09 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-04 15:56:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-04 15:56:04 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-04 15:56:04 ----D---- C:\WINDOWS\system32\drivers 2009-08-04 15:56:03 ----D---- C:\WINDOWS\system32 2009-08-04 15:51:18 ----D---- C:\WINDOWS 2009-08-04 14:07:06 ----RD---- C:\Program Files 2009-08-04 12:05:47 ----A---- C:\WINDOWS\system.ini 2009-08-04 12:00:15 ----D---- C:\WINDOWS\AppPatch 2009-08-04 12:00:14 ----D---- C:\Program Files\Fichiers communs 2009-08-04 11:09:14 ----SH---- C:\boot.ini 2009-08-04 11:09:14 ----A---- C:\WINDOWS\win.ini 2009-08-04 08:50:24 ----D---- C:\WINDOWS\security 2009-08-03 11:24:51 ----A---- C:\WINDOWS\ccolwiz.ini 2009-07-30 08:57:09 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-17 10:46:26 ----D---- C:\ImageLT 2009-07-08 15:34:20 ----A---- C:\WINDOWS\PhotoSnapViewer.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-15 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-15 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-15 185089] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-04-03 77944] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:56:31, on 04/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\hp32_nword.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\NICOLAS _\hp32_nword.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\WinMessenger\WinMesgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\NICOLA~1.CPS\LOCALS~1\Temp\LOADER1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe Q:\log\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [hp32_nword] C:\WINDOWS\system32\hp32_nword.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [hp32_nword] C:\Documents and Settings\NICOLAS _\hp32_nword.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: WinMessenger StartUp.lnk = C:\Program Files\WinMessenger\WinMesgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = _.local O17 - HKLM\Software\..\Telephony: DomainName =_.local O17 - HKLM\System\CCS\Services\Tcpip\..\{E0CD094C-C97D-499F-8FB3-87C4C0FB0BAE}: NameServer = 192.168.1.26 O17 - HKLM\System\CCS\Services\Tcpip\..\{E92561B5-E14E-4608-ABA3-FDE3649EF27E}: NameServer = 192.168.1.26 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =_.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = _.local O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5529 bytes plus de message antivir sur figaro.sys par contre j'ai toujours un message sur install.exe. et quand je fais supprimer ou mettre en quarantaine, il me met une erreur comme quoi le fichier n'existe plus... j'ai aussi mon pare feu desactivé..

comment désactiver antivir alors qu'il me met le message comme quoi il a trouver un virus des que le pc s'allume? aprés si je fais une action le pc redémarre donc la seule facon c'est de laisser le message désactiver antivir et lancer mbam. Ce que j'ai fait mais au moment ou il dit qu'il doit redémarrer pour tout supprimer, j'ai encore le message d'antivir qui veut supprimer figaro et le pc ne redémarre pas avant que je lui dise supprimer ou mettre en quarantaine... j'ai refait du mbam! voici le rapport: Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2557 Windows 5.1.2600 Service Pack 3 04/08/2009 13:50:18 mbam-log-2009-08-04 (13-50-18).txt Type de recherche: Examen rapide Eléments examinés: 92803 Temps écoulé: 2 minute(s), 25 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 13 Processus mémoire infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NICOLAS _E\Local Settings\temp\BN6.tmp (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\NICOLAS_\Local Settings\temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\wpv271249202403.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\wpv321249195745.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\temp\wpv661249202403.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\NICOLAS _\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully. C:\Documents and Settings\NICOLAS _\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\NICOLAS _\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

SI SI j'ai bien fait ce que tu m'as dit le problème est que lorsque je supprime tous il me demande de redémarrer la machine pour finir la suppression. Et la quand ça redémarre aussitôt antivir se lance en me disant figaro.sys.....je n'ai même pas le temps de le désactiver.... et si je fait une action comme supprimer quarantaine....le pc redémarre.... Alors j'ai refait désactiver Antivir et teatimer en gardant le message figaro puis lancer mbam; il me trouve des infections, il redémarre pour tout tirer et rebelotte message d'antivir sur figaro....