alky

non non je ne disparais pas, j ai juste hesite quant a la reponse a t envoyer dimanche et du coup ca a trainé jusqu au jourd hui ecoute je sais que c est ingrat mais ne m y connaissant pas assez pour etre sur de ce que j envoie je prefere ne rien envoyer (principe de precaution...) désolé.. par contre merci 1000 fois pour ton soutien

Que contiennent ces fichiers et pour quelle boite antivirus vont ils servir ? je t avoue que je suis moyennement chaud pour envoyer des fichiers qui peuvent contenir des infos personnelles sur le net

tout a l air d aller bien on peut sécuriser

tu veux que je lance des programmes habituels pour voir ? (ca ne craind pas ? )

oups, ok voila pour le hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:17:09, on 16/08/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Update Service (gupdate1c985cab2e6c148) (gupdate1c985cab2e6c148) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5617 bytes

voila pour le rapport : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2634 Windows 5.1.2600 Service Pack 2 16/08/2009 15:05:05 mbam-log-2009-08-16 (15-05-05).txt Type de recherche: Examen rapide Eléments examinés: 151865 Temps écoulé: 1 minute(s), 45 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

ca m a l air d aller : Avast est actif et ne semble rien detecter ...

voila, j ai fait ce que tu m as dit et le rapport est celui ci : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2634 Windows 5.1.2600 Service Pack 2 16/08/2009 14:44:36 mbam-log-2009-08-16 (14-44-36).txt Type de recherche: Examen rapide Eléments examinés: 151857 Temps écoulé: 9 minute(s), 47 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 4 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 7 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 4 Fichier(s) infecté(s): 36 Processus mémoire infecté(s): C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot. C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot. C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot. C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Menu Démarrer\Programmes\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BSHZ9JFR\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BSHZ9JFR\Install[2].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S4ML2O4T\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T728VD60\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Menu Démarrer\Programmes\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Menu Démarrer\Programmes\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Bureau\PC_Antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

j ai lancé le scan de mbam mais pas fait supprimer les fichiers infestés suite a ca, PC antispyware s est lancé tout seul (c est peut etre un logiciel que j ai installé ya deux 3 jours) et il scan a son tour... voici pour le rapport : (je poste mes message en plusieurs fois pour eviter que le redemarrage ne me jette du forum avant d avoir terminé d ecrire...) Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2634 Windows 5.1.2600 Service Pack 2 16/08/2009 12:17:22 mbam-log-2009-08-16 (12-17-19).txt Type de recherche: Examen rapide Eléments examinés: 151744 Temps écoulé: 2 minute(s), 45 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 19 Processus mémoire infecté(s): C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_Antispyware2010) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BSHZ9JFR\Install[1].exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BSHZ9JFR\Install[2].exe (Rogue.PC_Antispyware2010) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S4ML2O4T\Install[1].exe (Rogue.PC_Antispyware2010) -> No action taken. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T728VD60\Install[1].exe (Rogue.PC_Antispyware2010) -> No action taken. C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken. C:\WINDOWS\braviax.exe (Trojan.Downloader) -> No action taken.

je n ai que ca dans le script : killall:: file:: c:\windows\Temp\BN4.tmp c est normal ? d autres éléments : l alim n a q un an, elle ne montrait pas de symptome de fatigue il y a deux jours. depuis ce matin : firefox me dit qu il demarre en mode "safe", il n est plus mon navigateur par defaut et IE a reapparu (alors que je n en avais aucune icone sur mon bureau) sinon j ai retelecharge svchost.exe depuis le lien que tu m as donné, j ai refait glisser ton script dessus, il a démarré au bout d un instant j ai eu une fenetre bleu me disant qu il (svchost.exe) avait ete désinstallé... C est normal ? (je commence à avoir un peu peur de devoir tout formater là...)

non pas d ecran bleu : il etait deja parametré pour s afficher (case redemarrer automatiquement decochee) et le nom de mon combofix est Combofix.exe Edit : Je viens de capter qu il fallait renommer combofix en svchost.exe , a quelle etape faut il que je reprenne ?

etapes 1 et 2 faites par contre le pc redemarre toutes ls 3 minutes depuis ce matin etape 3 : il semble que rien ne se passe apres le glissé sur l icone combofix mis a part que j ai un warning qui me demande si je veux effectivement lancer ce logiciel, je dit oui et puis plus rien (jusqu au prochain reboot)

Merci de ton aide juste pour info, avast se reactive au redemarrage de windows (suite au redemarrage automatique fait par combofix) et il me trouve le Rootkit suivant : C:\WINDOWS\SYSTEM32\DLLCACHE\FIGARO.sys Je suivrais tes instructions à la lettre sans faire de zele no worries voila pour mon rapport : ComboFix 09-08-10.06 - Admin 16/08/2009 0:13.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3327.2872 [GMT 2:00] Running from: c:\documents and settings\Admin\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\system32\braviax.exe c:\windows\system32\wisdstr.exe c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-15 22:19 . 2009-08-15 22:19 -------- d-----w- c:\windows\system32\wbem\snmp 2009-08-15 22:19 . 2009-08-15 22:19 -------- d-----w- c:\windows\srchasst 2009-08-15 22:19 . 2009-08-15 22:19 -------- d-----w- c:\windows\system32\xircom 2009-08-15 22:19 . 2009-08-15 22:19 -------- d-----w- c:\program files\microsoft frontpage 2009-08-15 22:10 . 2009-08-15 22:10 -------- d-----w- c:\temp\plugtmp-4 2009-08-15 10:14 . 2009-08-15 10:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2009-08-15 10:14 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-15 10:14 . 2009-08-15 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-15 10:14 . 2009-08-15 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-15 10:14 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-15 09:47 . 2009-08-15 09:47 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-15 09:43 . 2009-08-15 09:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 09:42 . 2009-08-15 22:18 -------- d-----w- c:\temp\is-OI1UQ.tmp 2009-08-15 09:42 . 2009-08-15 10:28 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-08-15 09:41 . 2009-08-15 22:18 -------- d-----w- c:\temp\is-R9T5Q.tmp 2009-08-15 09:41 . 2009-08-15 22:18 -------- d-----w- c:\temp\is-PMDDD.tmp 2009-07-18 13:47 . 2009-07-18 13:47 -------- d-----w- C:\Arquivos de programas 2009-07-18 05:41 . 2009-07-18 05:42 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 22:20 . 2009-01-06 21:17 -------- d-----w- c:\program files\DNA 2009-08-15 22:20 . 2009-01-06 21:17 -------- d-----w- c:\documents and settings\Admin\Application Data\DNA 2009-08-15 22:01 . 2002-08-30 11:00 48616 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-15 22:01 . 2002-08-30 11:00 367658 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-15 06:49 . 2007-02-09 10:23 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-14 11:45 . 2008-12-30 21:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-08-14 11:45 . 2009-03-03 21:21 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-08-07 19:21 . 2008-12-30 13:04 -------- d-----w- c:\documents and settings\Admin\Application Data\teamspeak2 2009-07-19 17:31 . 2009-01-06 21:17 -------- d-----w- c:\documents and settings\Admin\Application Data\BitTorrent 2009-07-19 08:32 . 2008-12-27 18:16 16736 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-18 21:52 . 2008-12-29 12:37 737280 ----a-w- c:\windows\iun6002.exe 2009-07-18 13:53 . 2009-05-10 13:43 1328 ----a-w- C:\FSUIPC_reg.bin 2009-06-29 20:36 . 2008-12-30 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2009-06-28 16:39 . 2009-06-29 20:36 504320 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{ED99A50F-64D0-4596-9BB4-3B4DC4C373C7}\_Setup.dll 2009-06-25 04:03 . 2009-06-29 20:36 223744 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{ED99A50F-64D0-4596-9BB4-3B4DC4C373C7}\Setup.exe 2009-06-21 13:37 . 2009-06-29 20:01 487424 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{1CA456D7-C35D-41FE-9718-BDFB48E06556}\_Setup.dll 2008-12-27 18:29 . 2008-12-27 18:29 61 --sh--w- c:\windows\cnerolf.dat . ------- Sigcheck ------- [-] 2009-08-15 09:47 619584 251DF0EE5E900EC7DE6E738991B6030C c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-15 06:49 619584 251DF0EE5E900EC7DE6E738991B6030C c:\windows\system32\drivers\ntfs.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-06 342848] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-09 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-09 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-27 98304] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-09 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-17 124928] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2009-4-27 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [24/06/2008 00:21 150568] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/06/2009 20:31 114768] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [27/12/2008 20:19 36864] S2 gupdate1c985cab2e6c148;Google Update Service (gupdate1c985cab2e6c148);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 08:43 133104] . - - - - ORPHANS REMOVED - - - - HKLM-Run-braviax - (no file) HKU-Default-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe HKU-Default-Run-braviax - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ceai3tu1.default\ FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 00:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(6344) c:\windows\TEMP\logishrd\LVPrcInj01.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe c:\windows\system32\wscntfy.exe c:\windows\Temp\BN4.tmp c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2009-08-15 0:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-15 22:24 Pre-Run: 16 068 853 760 octets libres Post-Run: 16 345 321 472 octets libres 171

Bonjour, Je viens de recevoir la visite d un cheval de troie que je n arrive pas a supprimer Avast me trouve différents fichiers tels que : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\19QL3YM1\Install[1].exe C:\WINDOWS\system32\wisdstr.exe C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\19QL3YM1\Install[2].exe ou bien figaro.sys si je les supprime, ils reviennent si je veux les mettre en quarantaine, avast me signal que c est impossible j ai fait les 2 tests suivant : 1/ desactivaton de avast et lancement de Malwarebytes' Anti-Malware qui me detecte une dixaine de fichier malveillants je demande à MAM de les supprimer, il y parvient, redemarre l ordi, mais au redemarrage, ces fichiers réapparaissent 2/ meme tentative en deconnectant internet et la les fichiers ne réaparaissent pas pour info je suis sous XP SP2, j utilise essentiellement mozzila firefox pour internet mais il arrive quand meme que l on utilise IE de temps en temps Merci par avance de votre aide, parceque la je ne sais plus quoi faire ...

Bonjour, j ai lu le thread en entier et le problème semble être le même que le mien : cheval de Troie figaro.sys installé sur mon pc, que je réussi à tuer via Malwarebytes' Anti-Malware mais qui se régénère dès que je réactive ma connexion internet.. Il y a des étapes dans ce thread ou vous mettez en garde sur le fait que les manips ne peuvent pas etre reproduites sur une autre machine que celle de jeanphy... Qu en est il ? Est ce que maintenant que vous avez cerné le pb vous pourriez donner la procédure à suivre sans passer par toutes ces étapes ? Ou à défaut et s il faut passer par toutes ces étapes, est il possible de le faire depuis mon pc ? merci bp