Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Virus Coriace sujet à l'attention de WawaSeb [Résolu]

ipiyo

Par ipiyo
dans Analyses et éradication malwares

 Partager

Messages recommandés

ipiyo Junior Member

ipiyo

Posté(e)
Posté(e) (modifié)

Salut,

 

On m'as dit sur un autre forum de m'adresser ici (particulièrement à WawaSeb) pour mon virus, donc me voilà

Voilà mon problème,

j'ai choper un virus, j'avais oublier d'activer mon antivirus :P

 

Donc depuis mon pc est lent, j'ai wintems.exe en processus (dont je ne peux pas terminer le processus)

Je ne peux pas lancer mes applications antivirus ( il me dit que ce ne sont pas des applicaions win32)

 

Je ne peux pas lancer mon PC en mode sans echec :pt1cable:

Et apparement il se remet (le virus) au redémarrage

et j'ai aussi désactiver le point de restauration auto.

J'ai fait un log avec elibagle

 

Merci

Modifié par ipiyo

ipiyo Junior Member

ipiyo

Posté(e)
  • Auteur
Posté(e)

Mon rapport :

 

Fri Feb 15 11:56:09 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 15 12:03:39 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 15 12:09:39 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 15 12:14:12 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 15 17:59:56 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Fri Feb 15 18:08:56 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 15 18:34:52 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 15 18:35:15 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 15 19:59:40 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 15 19:59:43 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 15 20:03:07 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 15 20:03:13 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 808333870

Nº Total de Ficheros: 1344285472

Nº de Ficheros Analizados: 1751348321

Nº de Ficheros Infectados: 1548895790

Nº de Ficheros Limpiados: 540233805

 

Fri Feb 15 23:09:26 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Fri Feb 15 23:10:37 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Sat Feb 16 01:36:20 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Sat Feb 16 01:36:31 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Sat Feb 16 02:43:08 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Sat Feb 16 02:49:20 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 808333870

Nº Total de Ficheros: 1344285472

Nº de Ficheros Analizados: 1751348321

Nº de Ficheros Infectados: 1548895790

Nº de Ficheros Limpiados: 540233805

 

Fri Feb 22 17:41:06 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Fri Feb 22 17:42:42 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 22 17:46:24 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 22 17:47:10 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 22 17:53:19 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 22 17:54:12 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 22 17:59:17 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 22 18:00:06 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 22 20:28:10 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 22 20:29:03 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 22 20:35:51 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 22 20:37:19 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Fri Feb 22 20:46:52 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

 

Fri Feb 22 20:47:50 2008

EliBagle v11.00 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

angelique Devil Member !

angelique

Posté(e)
Posté(e)

wa² etant pas là , tu vas faire ceci:

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur TON BUREAU.

 

Dans la fenetre de dialogue d'enregistrement , tu renommes directement ComboFix par Combo-Fix << Tres Important!!! sinon bagle va le detecter

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique Combo-Fix.exe afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée,ne touche à rien pendant l'analyse, un rapport apparaîtra que tu me posteras.

ipiyo Junior Member

ipiyo

Posté(e)
  • Auteur
Posté(e) (modifié)

Le rapport

 

ComboFix 08-02-23.2 - XXXX 2008-02-23 12:15:29.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1409 [GMT 1:00]

Endroit: C:\Documents and Settings\XXXX\Bureau\Combo-Fix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\drivers\down

C:\WINDOWS\system32\drivers\down\103937.exe

C:\WINDOWS\system32\drivers\down\108890.exe

C:\WINDOWS\system32\drivers\down\109421.exe

C:\WINDOWS\system32\drivers\down\111703.exe

C:\WINDOWS\system32\drivers\down\112218.exe

C:\WINDOWS\system32\drivers\down\112609.exe

C:\WINDOWS\system32\drivers\down\116218.exe

C:\WINDOWS\system32\drivers\down\117062.exe

C:\WINDOWS\system32\drivers\down\117171.exe

C:\WINDOWS\system32\drivers\down\122921.exe

C:\WINDOWS\system32\drivers\down\123062.exe

C:\WINDOWS\system32\drivers\down\123250.exe

C:\WINDOWS\system32\drivers\down\124046.exe

C:\WINDOWS\system32\drivers\down\125781.exe

C:\WINDOWS\system32\drivers\down\126421.exe

C:\WINDOWS\system32\drivers\down\126796.exe

C:\WINDOWS\system32\drivers\down\128140.exe

C:\WINDOWS\system32\drivers\down\129953.exe

C:\WINDOWS\system32\drivers\down\130171.exe

C:\WINDOWS\system32\drivers\down\133562.exe

C:\WINDOWS\system32\drivers\down\134234.exe

C:\WINDOWS\system32\drivers\down\135093.exe

C:\WINDOWS\system32\drivers\down\135421.exe

C:\WINDOWS\system32\drivers\down\137609.exe

C:\WINDOWS\system32\drivers\down\140828.exe

C:\WINDOWS\system32\drivers\down\143843.exe

C:\WINDOWS\system32\drivers\down\144812.exe

C:\WINDOWS\system32\drivers\down\146171.exe

C:\WINDOWS\system32\drivers\down\147984.exe

C:\WINDOWS\system32\drivers\down\148109.exe

C:\WINDOWS\system32\drivers\down\14986750.exe

C:\WINDOWS\system32\drivers\down\14989015.exe

C:\WINDOWS\system32\drivers\down\14997968.exe

C:\WINDOWS\system32\drivers\down\15012562.exe

C:\WINDOWS\system32\drivers\down\15026000.exe

C:\WINDOWS\system32\drivers\down\15038796.exe

C:\WINDOWS\system32\drivers\down\15050421.exe

C:\WINDOWS\system32\drivers\down\15050437.exe

C:\WINDOWS\system32\drivers\down\15060453.exe

C:\WINDOWS\system32\drivers\down\15064531.exe

C:\WINDOWS\system32\drivers\down\15069468.exe

C:\WINDOWS\system32\drivers\down\15072765.exe

C:\WINDOWS\system32\drivers\down\15102921.exe

C:\WINDOWS\system32\drivers\down\15141968.exe

C:\WINDOWS\system32\drivers\down\15143515.exe

C:\WINDOWS\system32\drivers\down\15147703.exe

C:\WINDOWS\system32\drivers\down\15150859.exe

C:\WINDOWS\system32\drivers\down\15176750.exe

C:\WINDOWS\system32\drivers\down\15177578.exe

C:\WINDOWS\system32\drivers\down\15182468.exe

C:\WINDOWS\system32\drivers\down\15184375.exe

C:\WINDOWS\system32\drivers\down\15186609.exe

C:\WINDOWS\system32\drivers\down\15225078.exe

C:\WINDOWS\system32\drivers\down\15255437.exe

C:\WINDOWS\system32\drivers\down\15261609.exe

C:\WINDOWS\system32\drivers\down\153812.exe

C:\WINDOWS\system32\drivers\down\15549062.exe

C:\WINDOWS\system32\drivers\down\15550109.exe

C:\WINDOWS\system32\drivers\down\15746765.exe

C:\WINDOWS\system32\drivers\down\157593.exe

C:\WINDOWS\system32\drivers\down\15799796.exe

C:\WINDOWS\system32\drivers\down\158234.exe

C:\WINDOWS\system32\drivers\down\15874500.exe

C:\WINDOWS\system32\drivers\down\158953.exe

C:\WINDOWS\system32\drivers\down\15897718.exe

C:\WINDOWS\system32\drivers\down\159265.exe

C:\WINDOWS\system32\drivers\down\159609.exe

C:\WINDOWS\system32\drivers\down\160500.exe

C:\WINDOWS\system32\drivers\down\16063234.exe

C:\WINDOWS\system32\drivers\down\16104375.exe

C:\WINDOWS\system32\drivers\down\16114437.exe

C:\WINDOWS\system32\drivers\down\16124609.exe

C:\WINDOWS\system32\drivers\down\16202687.exe

C:\WINDOWS\system32\drivers\down\16229375.exe

C:\WINDOWS\system32\drivers\down\16443625.exe

C:\WINDOWS\system32\drivers\down\16496437.exe

C:\WINDOWS\system32\drivers\down\171578.exe

C:\WINDOWS\system32\drivers\down\176687.exe

C:\WINDOWS\system32\drivers\down\177218.exe

C:\WINDOWS\system32\drivers\down\177625.exe

C:\WINDOWS\system32\drivers\down\177984.exe

C:\WINDOWS\system32\drivers\down\179703.exe

C:\WINDOWS\system32\drivers\down\180484.exe

C:\WINDOWS\system32\drivers\down\181546.exe

C:\WINDOWS\system32\drivers\down\182500.exe

C:\WINDOWS\system32\drivers\down\182906.exe

C:\WINDOWS\system32\drivers\down\183500.exe

C:\WINDOWS\system32\drivers\down\187843.exe

C:\WINDOWS\system32\drivers\down\188203.exe

C:\WINDOWS\system32\drivers\down\188859.exe

C:\WINDOWS\system32\drivers\down\190734.exe

C:\WINDOWS\system32\drivers\down\192000.exe

C:\WINDOWS\system32\drivers\down\192718.exe

C:\WINDOWS\system32\drivers\down\193312.exe

C:\WINDOWS\system32\drivers\down\193906.exe

C:\WINDOWS\system32\drivers\down\194031.exe

C:\WINDOWS\system32\drivers\down\194312.exe

C:\WINDOWS\system32\drivers\down\196781.exe

C:\WINDOWS\system32\drivers\down\199875.exe

C:\WINDOWS\system32\drivers\down\201546.exe

C:\WINDOWS\system32\drivers\down\202218.exe

C:\WINDOWS\system32\drivers\down\203468.exe

C:\WINDOWS\system32\drivers\down\204984.exe

C:\WINDOWS\system32\drivers\down\206015.exe

C:\WINDOWS\system32\drivers\down\206296.exe

C:\WINDOWS\system32\drivers\down\206359.exe

C:\WINDOWS\system32\drivers\down\207187.exe

C:\WINDOWS\system32\drivers\down\207640.exe

C:\WINDOWS\system32\drivers\down\207718.exe

C:\WINDOWS\system32\drivers\down\208562.exe

C:\WINDOWS\system32\drivers\down\208890.exe

C:\WINDOWS\system32\drivers\down\209531.exe

C:\WINDOWS\system32\drivers\down\212531.exe

C:\WINDOWS\system32\drivers\down\213078.exe

C:\WINDOWS\system32\drivers\down\213609.exe

C:\WINDOWS\system32\drivers\down\214093.exe

C:\WINDOWS\system32\drivers\down\216359.exe

C:\WINDOWS\system32\drivers\down\216812.exe

C:\WINDOWS\system32\drivers\down\217375.exe

C:\WINDOWS\system32\drivers\down\221937.exe

C:\WINDOWS\system32\drivers\down\227187.exe

C:\WINDOWS\system32\drivers\down\230343.exe

C:\WINDOWS\system32\drivers\down\232906.exe

C:\WINDOWS\system32\drivers\down\233468.exe

C:\WINDOWS\system32\drivers\down\236265.exe

C:\WINDOWS\system32\drivers\down\236546.exe

C:\WINDOWS\system32\drivers\down\238031.exe

C:\WINDOWS\system32\drivers\down\239531.exe

C:\WINDOWS\system32\drivers\down\241765.exe

C:\WINDOWS\system32\drivers\down\246312.exe

C:\WINDOWS\system32\drivers\down\247578.exe

C:\WINDOWS\system32\drivers\down\249015.exe

C:\WINDOWS\system32\drivers\down\250625.exe

C:\WINDOWS\system32\drivers\down\256468.exe

C:\WINDOWS\system32\drivers\down\259140.exe

C:\WINDOWS\system32\drivers\down\259812.exe

C:\WINDOWS\system32\drivers\down\262375.exe

C:\WINDOWS\system32\drivers\down\263859.exe

C:\WINDOWS\system32\drivers\down\264984.exe

C:\WINDOWS\system32\drivers\down\266343.exe

C:\WINDOWS\system32\drivers\down\267671.exe

C:\WINDOWS\system32\drivers\down\269218.exe

C:\WINDOWS\system32\drivers\down\269718.exe

C:\WINDOWS\system32\drivers\down\286453.exe

C:\WINDOWS\system32\drivers\down\290671.exe

C:\WINDOWS\system32\drivers\down\292843.exe

C:\WINDOWS\system32\drivers\down\293781.exe

C:\WINDOWS\system32\drivers\down\296843.exe

C:\WINDOWS\system32\drivers\down\29755390.exe

C:\WINDOWS\system32\drivers\down\29802140.exe

C:\WINDOWS\system32\drivers\down\29840750.exe

C:\WINDOWS\system32\drivers\down\298531.exe

C:\WINDOWS\system32\drivers\down\299109.exe

C:\WINDOWS\system32\drivers\down\29958484.exe

C:\WINDOWS\system32\drivers\down\300937.exe

C:\WINDOWS\system32\drivers\down\30235765.exe

C:\WINDOWS\system32\drivers\down\30237531.exe

C:\WINDOWS\system32\drivers\down\30379250.exe

C:\WINDOWS\system32\drivers\down\30442000.exe

C:\WINDOWS\system32\drivers\down\30508656.exe

C:\WINDOWS\system32\drivers\down\30532828.exe

C:\WINDOWS\system32\drivers\down\30741515.exe

C:\WINDOWS\system32\drivers\down\30773718.exe

C:\WINDOWS\system32\drivers\down\30791468.exe

C:\WINDOWS\system32\drivers\down\30804140.exe

C:\WINDOWS\system32\drivers\down\30822234.exe

C:\WINDOWS\system32\drivers\down\30915968.exe

C:\WINDOWS\system32\drivers\down\30954203.exe

C:\WINDOWS\system32\drivers\down\309609.exe

C:\WINDOWS\system32\drivers\down\31060234.exe

C:\WINDOWS\system32\drivers\down\31099484.exe

C:\WINDOWS\system32\drivers\down\31139062.exe

C:\WINDOWS\system32\drivers\down\31151031.exe

C:\WINDOWS\system32\drivers\down\311703.exe

C:\WINDOWS\system32\drivers\down\31176375.exe

C:\WINDOWS\system32\drivers\down\31207453.exe

C:\WINDOWS\system32\drivers\down\312859.exe

C:\WINDOWS\system32\drivers\down\313781.exe

C:\WINDOWS\system32\drivers\down\31442046.exe

C:\WINDOWS\system32\drivers\down\31443046.exe

C:\WINDOWS\system32\drivers\down\31606921.exe

C:\WINDOWS\system32\drivers\down\31650906.exe

C:\WINDOWS\system32\drivers\down\31733890.exe

C:\WINDOWS\system32\drivers\down\31762390.exe

C:\WINDOWS\system32\drivers\down\318375.exe

C:\WINDOWS\system32\drivers\down\31903484.exe

C:\WINDOWS\system32\drivers\down\31929203.exe

C:\WINDOWS\system32\drivers\down\31940296.exe

C:\WINDOWS\system32\drivers\down\31952078.exe

C:\WINDOWS\system32\drivers\down\32018750.exe

C:\WINDOWS\system32\drivers\down\32040500.exe

C:\WINDOWS\system32\drivers\down\32236390.exe

C:\WINDOWS\system32\drivers\down\32327078.exe

C:\WINDOWS\system32\drivers\down\323875.exe

C:\WINDOWS\system32\drivers\down\325921.exe

C:\WINDOWS\system32\drivers\down\330562.exe

C:\WINDOWS\system32\drivers\down\337640.exe

C:\WINDOWS\system32\drivers\down\341593.exe

C:\WINDOWS\system32\drivers\down\353234.exe

C:\WINDOWS\system32\drivers\down\368234.exe

C:\WINDOWS\system32\drivers\down\369671.exe

C:\WINDOWS\system32\drivers\down\3702812.exe

C:\WINDOWS\system32\drivers\down\3709375.exe

C:\WINDOWS\system32\drivers\down\3716156.exe

C:\WINDOWS\system32\drivers\down\373546.exe

C:\WINDOWS\system32\drivers\down\3789515.exe

C:\WINDOWS\system32\drivers\down\3790250.exe

C:\WINDOWS\system32\drivers\down\3798640.exe

C:\WINDOWS\system32\drivers\down\3801734.exe

C:\WINDOWS\system32\drivers\down\3805093.exe

C:\WINDOWS\system32\drivers\down\3808484.exe

C:\WINDOWS\system32\drivers\down\3820328.exe

C:\WINDOWS\system32\drivers\down\3823953.exe

C:\WINDOWS\system32\drivers\down\3824984.exe

C:\WINDOWS\system32\drivers\down\3825812.exe

C:\WINDOWS\system32\drivers\down\3827671.exe

C:\WINDOWS\system32\drivers\down\3833250.exe

C:\WINDOWS\system32\drivers\down\3930156.exe

C:\WINDOWS\system32\drivers\down\3959281.exe

C:\WINDOWS\system32\drivers\down\410109.exe

C:\WINDOWS\system32\drivers\down\410250.exe

C:\WINDOWS\system32\drivers\down\411875.exe

C:\WINDOWS\system32\drivers\down\416078.exe

C:\WINDOWS\system32\drivers\down\423812.exe

C:\WINDOWS\system32\drivers\down\427500.exe

C:\WINDOWS\system32\drivers\down\46901140.exe

C:\WINDOWS\system32\drivers\down\46984453.exe

C:\WINDOWS\system32\drivers\down\47068640.exe

C:\WINDOWS\system32\drivers\down\47225140.exe

C:\WINDOWS\system32\drivers\down\473046.exe

C:\WINDOWS\system32\drivers\down\47347359.exe

C:\WINDOWS\system32\drivers\down\478828.exe

C:\WINDOWS\system32\drivers\down\48007218.exe

C:\WINDOWS\system32\drivers\down\48037218.exe

C:\WINDOWS\system32\drivers\down\48397265.exe

C:\WINDOWS\system32\drivers\down\484859.exe

C:\WINDOWS\system32\drivers\down\48505234.exe

C:\WINDOWS\system32\drivers\down\48636875.exe

C:\WINDOWS\system32\drivers\down\48714093.exe

C:\WINDOWS\system32\drivers\down\487750.exe

C:\WINDOWS\system32\drivers\down\49088359.exe

C:\WINDOWS\system32\drivers\down\49152031.exe

C:\WINDOWS\system32\drivers\down\49184484.exe

C:\WINDOWS\system32\drivers\down\49213281.exe

C:\WINDOWS\system32\drivers\down\49331078.exe

C:\WINDOWS\system32\drivers\down\49380312.exe

C:\WINDOWS\system32\drivers\down\49644296.exe

C:\WINDOWS\system32\drivers\down\49751156.exe

C:\WINDOWS\system32\drivers\down\558312.exe

C:\WINDOWS\system32\drivers\down\560156.exe

C:\WINDOWS\system32\drivers\down\561921.exe

C:\WINDOWS\system32\drivers\down\591218.exe

C:\WINDOWS\system32\drivers\down\64556468.exe

C:\WINDOWS\system32\drivers\down\64668828.exe

C:\WINDOWS\system32\drivers\down\64730281.exe

C:\WINDOWS\system32\drivers\down\64792140.exe

C:\WINDOWS\system32\drivers\down\65153281.exe

C:\WINDOWS\system32\drivers\down\65154812.exe

C:\WINDOWS\system32\drivers\down\94765.exe

C:\WINDOWS\system32\drivers\down\99734.exe

C:\WINDOWS\system32\drivers\hldrrr.exe

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\drivers\srosa.sys

C:\WINDOWS\system32\mdelk.exe

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\tmp44.tmp

C:\WINDOWS\system32\wanpacket.dll

C:\WINDOWS\system32\wintems.exe

C:\WINDOWS\system32\wl.exe

C:\WINDOWS\system32\wpcap.dll

 

----- BITS: Possible sites infects -----

 

hxxp://au.download.windowsupdaõj

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_SROSA

-------\NPF

-------\srosa

 

 

((((((((((((((((((((((((((((( Fichiers crs 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))

.

 

2008-02-22 17:25 . 2008-02-22 17:25 <REP> d-------- C:\Program Files\Navilog1

2008-02-16 02:13 . 2008-02-23 12:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-02-15 17:32 . 2008-02-15 17:32 <REP> d-------- C:\_OTMoveIt

2008-02-15 17:15 . 2008-02-15 17:20 <REP> d-------- C:\HjackThis

2008-02-15 00:23 . 2008-02-15 00:23 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-15 00:21 . 2008-02-15 00:21 <REP> d-------- C:\Documents and Settings\XXXX\.housecall6.6

2008-02-15 00:11 . 2008-02-22 16:18 401,720 --a------ C:\HijackThis.exe

2008-02-14 23:21 . 2008-02-14 23:21 <REP> d-------- C:\Program Files\Alwil Software

2008-02-14 23:21 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-14 23:21 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-14 23:21 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-14 23:21 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-14 23:21 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-14 23:21 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-14 23:21 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-02-14 22:53 . 2008-02-14 22:53 <REP> d-------- C:\Program Files\Promixis

2008-02-10 15:30 . 2008-02-10 15:30 <REP> d-------- C:\Documents and Settings\XXXX\Application Data\iolo

2008-02-10 15:30 . 2008-02-10 15:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iolo

2008-02-06 14:36 . 2008-02-23 14:14 64,748 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000007-00001102-00000005-0034415A}.rfx

2008-02-06 14:36 . 2008-02-23 14:14 53,744 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-0034415A}.rfx

2008-02-06 14:36 . 2008-02-23 14:14 53,744 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000007-00001102-00000005-0034415A}.rfx

2008-01-26 21:23 . 2008-01-26 21:23 <REP> d-------- C:\Program Files\ASIO4ALL v2

2008-01-26 14:36 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE

2008-01-26 14:36 . 2007-11-06 13:54 12,457 --------- C:\WINDOWS\system32\AudioDrv.ini

2008-01-26 14:22 . 2007-12-17 23:45 1,316,864 -ra------ C:\WINDOWS\system32\CTEXFIFX.DLL

2008-01-26 13:29 . 2008-01-26 14:35 <REP> d-------- C:\WINDOWS\system32\Data

2008-01-26 13:29 . 2007-10-08 14:44 11,776 --a------ C:\WINDOWS\INRES.DLL

2008-01-26 13:29 . 2006-06-09 15:20 3,072 --a------ C:\WINDOWS\CTXFIFRN.DLL

2008-01-26 13:27 . 2008-01-26 14:33 <REP> d-------- C:\Program Files\Auzentech

2008-01-23 18:46 . 2008-01-23 18:46 <REP> d-------- C:\Program Files\Actual Earth 3D

2008-01-23 18:46 . 2008-01-23 18:46 111,616 --a------ C:\WINDOWS\system32\ActualEarth.scr

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-23 13:13 --------- d-----w C:\Program Files\RSSoft

2008-02-23 11:38 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys

2008-02-23 10:27 --------- d-----w C:\Program Files\Steam

2008-02-23 10:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware

2008-02-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware

2008-02-15 16:32 --------- d-----w C:\Program Files\Microsoft IntelliPoint

2008-02-15 11:45 --------- d-----w C:\Program Files\FlashGet

2008-02-14 21:26 --------- d-----w C:\Documents and Settings\XXXX\Application Data\foobar2000

2008-02-14 05:27 895,148 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-02-14 05:27 88,592,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-02-14 05:27 2,856,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-02-14 05:27 1,194,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-02-09 21:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-09 20:32 --------- d-----w C:\Program Files\rFactor

2008-01-30 20:08 --------- d-----w C:\Program Files\Pinnacle

2008-01-26 15:25 --------- d-----w C:\Documents and Settings\XXXX\Application Data\Creative

2008-01-26 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative

2008-01-26 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-26 10:43 --------- d-----w C:\Program Files\Creative

2008-01-21 15:34 --------- d-----w C:\Documents and Settings\XXXX\Application Data\NewsLeecher

2008-01-21 13:32 --------- d-----w C:\Program Files\GameSpy Arcade

2008-01-21 11:09 --------- d-----w C:\Program Files\NewsLeecher

2008-01-12 20:28 --------- d-----w C:\Program Files\GrabIt

2008-01-07 17:21 --------- d-----w C:\Program Files\foobar2000

2008-01-03 20:38 --------- d-----w C:\Documents and Settings\XXXX\Application Data\SystemRequirementsLab

2008-01-03 18:17 --------- d-----w C:\Program Files\adslTV

2008-01-03 17:00 --------- d-----w C:\Program Files\Windows Live

2008-01-03 16:59 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-01-03 16:56 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-01-03 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-03 00:29 --------- d-----w C:\Program Files\MediaMonkey

2008-01-02 22:21 --------- d-----w C:\Program Files\Java

2007-12-30 01:17 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-12-30 01:17 --------- d-----w C:\Program Files\FireTune

2007-12-28 18:06 --------- d-----w C:\Program Files\Exact Audio Copy

2007-12-28 18:06 --------- d-----w C:\Documents and Settings\XXXX\Application Data\AccurateRip

2007-12-27 02:09 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-12-26 22:38 --------- d-----w C:\Program Files\iTunes

2007-12-26 22:38 --------- d-----w C:\Program Files\iPod

2007-12-26 22:36 --------- d-----w C:\Program Files\QuickTime

2007-12-26 22:35 --------- d-----w C:\Program Files\Fichiers communs\Apple

2007-12-26 22:35 --------- d-----w C:\Program Files\Apple Software Update

2007-12-26 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2007-11-17 18:47 22,328 ----a-w C:\Documents and Settings\XXXX\Application Data\PnkBstrK.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les lments vides & les lments initiaux lgitimes ne sont pas lists

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-03-01 18:43 90112]

"Steam"="C:\Program Files\Steam\Steam.exe" [2007-12-21 02:07 1266936]

"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-01-11 16:07 972432]

"nHancer"="C:\Program Files\KSE\nHancer 32bit\nHancer.exe" [ ]

"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-07-19 03:17 62436]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-06-11 03:01 694076]

"SetDefaultMIDI"="MIDIDef.exe" [2007-12-17 23:41 28672 C:\WINDOWS\system32\MIDIDEF.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 16:52 113152]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-23 12:55 58992]

"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 18:09 1537648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]

"Matchlock Scheduling"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe" [2008-02-23 12:55 45056]

"Ulead Remote Control Center"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe" [2005-05-28 16:54 49152]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12 131072]

"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2005-07-21 07:21 589824]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"EPSON PictureMate"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.exe" [2003-10-10 04:00 99840]

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]

"DJ Console Mk2"="C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2006-01-18 10:50 212992]

"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 16:53 856064]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]

"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [ ]

"P17Helper"="SPIRun.dll" [2006-07-03 11:43 10752 C:\WINDOWS\system32\SPIRun.dll]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01 32768]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"VolPanel"="C:\Program Files\Auzentech\Auzen X-Fi Prelude 7.1\Volume Panel\VolPanlu.exe" [2007-11-05 16:21 217192]

"CTxfiHlp"="CTXFIHLP.EXE" [2007-12-17 23:52 19968 C:\WINDOWS\system32\Ctxfihlp.exe]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-23 12:55 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\adslTV\\vlc.exe"=

"C:\\Program Files\\adslTV\\adslTV.exe"=

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe"=

"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Documents and Settings\\XXXX\\Bureau\\vlc-0.8.5-freehd\\vlc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000

"C:\\Program Files\\FlashGet\\flashget.exe"=

"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"=

"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

 

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2007-11-26 09:22]

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-08-18 10:00]

R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe" [2006-07-15 19:47]

R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe" [2006-07-25 17:36]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2007-12-17 23:44]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys [2006-01-16 16:23]

S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

S3 CrystalSysInfo;CrystalSysInfo;C:\Program Files\OCCT\SysInfo.sys [2005-09-19 06:08]

S3 DigiCellDriver;DigiCellDriver;C:\Program Files\MSI\DigiCell\NTGLM7X.sys [2006-06-07 09:00]

S3 HDJAsioK;HDJAsioK;C:\WINDOWS\system32\Drivers\HDJAsioK.sys [2006-01-16 16:17]

S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2006-01-16 16:22]

S3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 16:58]

S3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys [2006-10-11 23:54]

S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2006-10-24 15:21]

S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-10-25 13:40]

S3 PTV332;DualTV USB;C:\WINDOWS\system32\DRIVERS\PTV332.SYS [2005-10-24 21:25]

S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2006-12-19 09:49]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\Shell\AutoRun\command - "L:\Install FreeAgent Tools.exe" /run

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifies'

"2008-02-21 16:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-23 14:15:27

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachs ...

 

Balayage cach autostart entries ...

 

Balayage des fichiers cachs ...

 

Scan termin avec succŠs

Les fichiers cachs: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-02-23 14:20:35 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-23 13:20:32

.

2008-02-13 02:04:21 --- E O F ---

Modifié par ipiyo
angelique Devil Member !

angelique

Posté(e)
Posté(e)

:P bagle a été nicked

 

je suis pas chez moi , je fais au plus court :P

 

**desinstalle Combo-Fix en copiant|collant la ligne ci dessous dans executer et valide par "enter"

 

Combo-Fix /u

 

**desinstalle avast et norton via ajout\supp de programmes

 

utilise apres la desinstallation de symantec:: ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe

 

execute le

 

pour avast >>> supprime le repertoire en gras apres desinstallation %programfiles%\alwil software

 

à lire >> http://forum.malekal.com/ftopic3528.php

 

**Installe antivir:

 

tuto >> http://www.malekal.com//tutorial_antivir.php

 

et realise un scan , poste le rapport generé

 

 

 

**telecharge sur ton bureau

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected et patiente jusqu'à la fin du nettoyage

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

ipiyo Junior Member

ipiyo

Posté(e)
  • Auteur
Posté(e)

C'est mieux que je remette Kaspersky ou je garde AntiVir ?

 

le rapport:

 

 

 

AntiVir PersonalEdition Classic

Report file date: samedi 23 février 2008 16:48

 

Scanning for 1120425 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: XXXX

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:47:19

ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 15:47:19

ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 15:47:19

AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 23/02/2008 15:47:19

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/02/2008 15:47:19

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: samedi 23 février 2008 16:48

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned

Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'vmnat.exe' - '1' Module(s) have been scanned

Scan process 'vmount2.exe' - '1' Module(s) have been scanned

Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned

Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned

Scan process 'Apache.exe' - '1' Module(s) have been scanned

Scan process 'tagsrv.exe' - '1' Module(s) have been scanned

Scan process 'nisvcloc.exe' - '1' Module(s) have been scanned

Scan process 'nidmsrv.exe' - '1' Module(s) have been scanned

Scan process 'nimxs.exe' - '1' Module(s) have been scanned

Scan process 'lktsrv.exe' - '1' Module(s) have been scanned

Scan process 'lkads.exe' - '1' Module(s) have been scanned

Scan process 'YzShadow.exe' - '1' Module(s) have been scanned

Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned

Scan process 'RocketDock.exe' - '1' Module(s) have been scanned

Scan process 'lkcitdl.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'DigiCell.exe' - '1' Module(s) have been scanned

Scan process 'Apache.exe' - '1' Module(s) have been scanned

Scan process 'ADCDLicSvc.exe' - '1' Module(s) have been scanned

Scan process 'CoreCenter.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'RedSwoosh.exe' - '1' Module(s) have been scanned

Scan process 'CTxfispi.exe' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'Ctxfihlp.exe' - '1' Module(s) have been scanned

Scan process 'VolPanlu.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'soundman.exe' - '1' Module(s) have been scanned

Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned

Scan process 'daemon.exe' - '1' Module(s) have been scanned

Scan process 'acrotray.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'HDJ2CPL.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'point32.exe' - '1' Module(s) have been scanned

Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned

Scan process 'rmc.exe' - '1' Module(s) have been scanned

Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'CTAudSvc.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

73 processes with 73 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '41' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\XXXX\Mes documents\Themes\1164Themes\1164 Themes\Coco\views\Views.zip

[0] Archive type: ZIP

--> Views/viewgui.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

--> Views/views.zip

[1] Archive type: ZIP

--> views.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was deleted!

C:\Documents and Settings\XXXX\Mes documents\Themes\1164Themes\1164 Themes\Destiny\destiny.exe

[DETECTION] Is the Trojan horse TR/Agent.894276

[iNFO] The file was deleted!

C:\Program Files\Windows Media Player\wmpnscfg.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '48306814.qua'!

C:\QooBox\Quarantine\catchme2008-02-23_141523.28.zip

[0] Archive type: ZIP

--> srosa.sys

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

--> wintems.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> mdelk.exe

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

--> hldrrr.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was moved to '48346840.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir

[DETECTION] Is the Trojan horse TR/Trash.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\103937.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\108890.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\111703.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\112218.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\112609.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\117171.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\122921.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\123062.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\124046.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\125781.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\128140.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14989015.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14997968.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15038796.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\15102921.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\247578.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29755390.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29802140.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\31060234.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\3702812.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\46901140.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\46984453.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\64556468.exe.vir

[DETECTION] Is the Trojan horse TR/Bagle.Gen.B

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\94765.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\99734.exe.vir

[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen

[iNFO] The file was deleted!

C:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\A0000542.exe

[DETECTION] Is the Trojan horse TR/Patch.DX

[iNFO] The file was deleted!

C:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\A0000544.exe

[DETECTION] Is the Trojan horse TR/Patch.DX

[iNFO] The file was deleted!

C:\System Volume Information\_restore{70A61453-00EB-4225-8944-323645251CD2}\RP3\A0000545.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

 

 

End of the scan: samedi 23 février 2008 19:55

Used time: 3:07:01 min

 

The scan has been done completely.

 

23269 Scanning directories

1016661 Files were scanned

42 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

36 files were deleted

0 files were repaired

2 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

1016619 Files not concerned

8526 Archives were scanned

2 Warnings

147 Notes

angelique Devil Member !

angelique

Posté(e)
Posté(e)

**vide la quarantaine d'antivir et desintalle Combo-Fix comme SUS-dit!!

 

C'est mieux que je remette Kaspersky ou je garde AntiVir ?

 

c'est ton pc ? t'es co en ethernet Freebox.... assure toi que tu es en mode routeur et garde antivir

 

http://www.freenews.fr/index.php?itemid=454

 

**telecharge sur ton BUREAU que tu dois deja avoir ^^ message precedent!!

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

- http://downloads.ewido.net/ewido_micro.exe

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected et aptiente jusqu'à la fin

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

 

**

  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau que tu posteras
  • Poste le dans ta prochaine réponse.

  • Nb, clique sur Remove infections

***telecharge sur ton bureau http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Double-clique sur HJTInstall.exe pour lancer le programme

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

 

------------------------

 

du coup ; à part un bagle chopé via une PJ ou crack , c'est pas grand chose....

ipiyo Junior Member

ipiyo

Posté(e)
  • Auteur
Posté(e) (modifié)

Oui, c'est mon PC et ma freebox est déjà en routeur.

Je trouve qu'antivir "sonne l'alarme" pour rien par rapport a kaspersky.

 

Il me dit que windows ne trouve pas combo-fix, quand j'essaye de le désinstaller.

 

J'ai déjà fait çà AtfCleaner

 

Sous Firefox les forums ne ressemble plus a rien (l'apparence ne s'affiche plus on voit juste le texte) et sous IE çà fonctionne correctement.

 

Cà fait au moins 10 ans que je m'étais pas pris de virus, un manque d'inattention et hop.

Modifié par ipiyo
ipiyo Junior Member

ipiyo

Posté(e)
  • Auteur
Posté(e)

Le rapport

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:08, on 23/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Auzentech\Auzen X-Fi Prelude 7.1\Volume Panel\VolPanlu.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\RSSoft\RedSwoosh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\MSI\Core Center\CoreCenter.exe

C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\MSI\DigiCell\DigiCell.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\National Instruments\MAX\nimxs.exe

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wbem\unsecapp.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe

O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Auzentech\Auzen X-Fi Prelude 7.1\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [nHancer] "C:\Program Files\KSE\nHancer 32bit\nHancer.exe" /tray

O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143578245258

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198262293281

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A5B56E79-0DC7-4C3B-890C-EC91FEAAEDBC}: NameServer = 192.168.0.254

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 17725 bytes

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir ipiyo, coucou angelique ! :P

 

angelique > Je te remercie vraiment d'avoir pris ipiyo en charge aujourd'hui, je viens de rentrer du boulot... Bisous !

 

ipiyo > Tu as vraiment de la chance qu'angelique se soit occupée de ton problème... C'est une "pro" ! Elle ne m'en voudra (je pense) pas de continuer la procédure avec toi...

 

 

1) Rends-toi sur ce site-ci

  • Clique sur "Parcourir" (comme indiqué sur le dessin) jotti.gif
  • Recherche le fichier suivant : C:\Program Files\RSSoft\RedSwoosh.exe
  • Clique sur "Submit"
  • Copie-colle le rapport dans ta prochaine réponse...

*** Si le site est trop surchargé, tu peux refaire la même opération ici ("Send" à la place de "Submit")

 

 

Il me dit que windows ne trouve pas combo-fix, quand j'essaye de le désinstaller.

--> Nous le désinstallerons autrement après... :P

 

 

2) Peux-tu suivre la procédure d'angelique avec Ewido_micro stp ?

 

 

3) Es-tu en mesure de poster une capture d'écran de ton problème avec FireFox ?

 

 

Bonne nuit à toi !

:P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...