Sujet Précédent Sujet Suivant

Impossible d'installer un antivirus

Fermé
tiky63 Messages postés 11 Date d'inscription mercredi 29 mars 2006 Statut Membre Dernière intervention 18 août 2007 - 18 août 2007 à 11:27
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 - 18 août 2007 à 16:57
Bonjour,

Depuis quelques jours l'antivirus que j'utilise (avast familial) ne fonction plus, tous mes raccourcis ont disparu et le exe d’ouverture du programme aussi.
Je le désinstalle avec l’utilitaire téléchargé sur leur site, pour le réinstaller, mais le file exe ne s’installe plus, j’ai téléchargé et essayé d’installé d’autres antivirus avg75 et KASPERSKY70 sans succès, voici la réponse de AVG75
« Local machine: installation failed
Installation: Error: Action failed for file avgamsvr.exe: creating file....
No such file or directory »
Pour KASPERSKY70 le PC se bloque
J’ai téléchargé Stinger.exe il ne trouve rien
Je ne comprends pas ce qui se passe….
Avez-vous une idée ??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:41, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zolfanello\Bureau\Nouveau dossier\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zolfanello.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2307c68b156a3eacac06/netzip/RdxIE601_fr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
A voir également:

3 réponses

Réponse 1 / 3
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
18 août 2007 à 12:13
salut tiky63

* Télécharge combofix.exe (par sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

* Double clique combofix.exe.
* Tape sur la touche 1 (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.


NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+
0
Réponse 2 / 3
tiky63 Messages postés 11 Date d'inscription mercredi 29 mars 2006 Statut Membre Dernière intervention 18 août 2007
18 août 2007 à 13:46
Bonjour moK´s@,

Merci d'avoir répondu à ma demande
voici le rapport
ComboFix 07-08-17.2 - "Zolfanello" 2007-08-18 13:23:03.5 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.273 [GMT 2:00]

[i] ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: Le fichier spécifié est introuvable. [/i]

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_M_HOOK


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-18 12:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 19:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-08-17 13:04 <REP> d--hs---- C:\FOUND.006
2007-08-17 12:34 <REP> d-------- C:\WINDOWS\pss
2007-08-13 21:18 <REP> d-------- C:\RD Industries
2007-08-11 19:38 <REP> d--hs---- C:\FOUND.005
2007-08-08 13:08 194,715 --a------ C:\WINDOWS\system32\trusted.exe
2007-08-08 13:07 1,901 --a------ C:\WINDOWS\panose.bin
2007-08-08 13:03 94,285 --a------ C:\WINDOWS\system32\MSVCIRTD.DLL
2007-08-08 13:03 6,144 --a------ C:\WINDOWS\system32\W95FIBER.DLL
2007-08-08 13:03 5,632 --a------ C:\WINDOWS\system32\MFCUIA32.DLL
2007-08-08 13:03 322,832 --a------ C:\WINDOWS\system32\MFC30.DLL
2007-08-08 13:03 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-08-08 13:03 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2007-08-08 13:03 133,904 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2007-08-08 13:03 133,392 --a------ C:\WINDOWS\system32\MFCO30.DLL
2007-08-08 13:03 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2007-08-02 08:52 <REP> d--hs---- C:\FOUND.004
2007-07-30 09:37 <REP> d--hs---- C:\FOUND.003
2007-07-29 12:34 <REP> d-------- C:\galerie d'art
2007-07-29 12:33 <REP> d-------- C:\Program Files\Metin2_France
2007-07-29 12:29 8,388,608 --a------ C:\DOCUME~1\ZOLFAN~1\ntuser.dat
2007-07-24 11:16 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-07-22 18:56 <REP> d-------- C:\Program Files\Ratajik Software


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-09 13:27 --------- d-------- C:\DOCUME~1\ZOLFAN~1\APPLIC~1\Druide
2007-07-09 13:24 --------- d-------- C:\Program Files\Druide
2007-07-04 12:57 --------- d-------- C:\Program Files\SourceTec
2007-07-04 12:57 --------- d-------- C:\Program Files\Fichiers communs\SourceTec
2007-07-03 10:52 --------- d-------- C:\Program Files\eChanblard
2007-06-28 10:37 --------- d-------- C:\DOCUME~1\ZOLFAN~1\APPLIC~1\.ABC
2007-06-28 10:36 --------- d-------- C:\Program Files\ABC
2007-06-28 10:28 --------- d-------- C:\DOCUME~1\ZOLFAN~1\APPLIC~1\.BitTornado
2007-06-26 15:25 --------- d-------- C:\DOCUME~1\ZOLFAN~1\APPLIC~1\CVitae
2007-06-26 15:18 --------- d-------- C:\Program Files\CVitae
2007-06-26 15:02 --------- d-------- C:\DOCUME~1\ZOLFAN~1\APPLIC~1\BitTorrent
2007-06-26 15:00 --------- d-------- C:\Program Files\BitTorrent
2007-06-20 21:41 --------- d-------- C:\DOCUME~1\ZOLFAN~1\APPLIC~1\Free Download Manager
1999-12-13 14:38 135168 --a------ C:\WINDOWS\inf\Agfa\message.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 21:00]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 18:09 C:\WINDOWS\SOUNDMAN.EXE]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-09 08:41]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-02 13:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 18:30]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-30 03:34]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-21 00:24]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 19:38]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Zolfanello\Menu D‚marrer\Programmes\D‚marrage\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-07-22 16:14:46]
Yahoo! Widget Engine.lnk - C:\Program Files\Pixoria\Konfabulator\YahooWidgetEngine.exe [2006-05-23 22:17:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LManager"=C:\Program Files\Launch Manager\CplBBQ12.EXE
"LaunchApp"=Alaunch
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

R1 srosa;Megadrv3;\??\C:\WINDOWS\system32\drivers\srosa.sys
R2 MicroGuard;MicroGuard Copy Protection;\??\C:\WINDOWS\system32\drivers\mgnt.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS
S3 EM9AB;WLAN a+b combo mini-PCI Service;C:\WINDOWS\system32\DRIVERS\em9ab.sys
S3 Packet;Packet Protocol Driver;\??\C:\WINDOWS\System32\packet.sys
S3 PRISM;Wistron NeWeb 802.11b Wireless LAN PCI Card Driver;C:\WINDOWS\system32\DRIVERS\EM9NDS.sys
S3 scsiscan;Pilote de scanneur SCSI;C:\WINDOWS\system32\DRIVERS\scsiscan.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-06-22 15:17:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-18 06:45:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF42F360-7DB7-4238-9842-0B148F6F5A3B}.job - C:\WINDOWS\system32\msfeedssync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 13:26:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="C:\\WINDOWS\\system32\\wintems.exe"

Completion time: 2007-08-18 13:27:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 13:28

--- E O F ---


il y a aussi autre fichier ComboFix-quarantined
[code]
2002-03-02 04:10 53299 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2003-04-04 14:54 208896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2003-04-04 15:03 57344 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2003-04-04 15:07 30336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2005-03-17 04:09 232873 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hldrrr.exe.vir
2007-05-17 08:45 86532 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\267390.exe.vir
2007-05-17 08:45 86532 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\268468.exe.vir
2007-05-17 12:45 86532 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\14674625.exe.vir
2007-05-17 12:45 86532 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\14678343.exe.vir
2007-05-18 08:25 86532 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\59888968.exe.vir
2007-05-18 08:25 86532 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\59889125.exe.vir
2007-05-20 12:34 172548 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\110236828.exe.vir
2007-05-20 12:34 172548 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\110238171.exe.vir
2007-05-20 12:34 53760 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
2007-05-21 07:06 172548 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\153859.exe.vir
2007-05-21 07:06 172548 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\153906.exe.vir
2007-05-23 10:58 172548 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\182921.exe.vir
2007-05-23 10:58 172548 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\184437.exe.vir
2007-05-27 20:03 169476 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\214084890.exe.vir
2007-05-27 20:03 169476 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\214085000.exe.vir
2007-06-01 09:38 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\2475734.exe.vir
2007-06-01 09:39 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\2510468.exe.vir
2007-06-02 09:46 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\190671.exe.vir
2007-06-02 09:46 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\193656.exe.vir
2007-06-02 13:55 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\15016687.exe.vir
2007-06-02 13:55 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\15021421.exe.vir
2007-06-03 15:33 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\107285500.exe.vir
2007-06-03 15:33 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\107288734.exe.vir
2007-06-04 10:50 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\176693609.exe.vir
2007-06-04 10:50 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\176707734.exe.vir
2007-06-05 08:35 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\255025656.exe.vir
2007-06-05 08:36 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\255035109.exe.vir
2007-06-06 09:53 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\176203.exe.vir
2007-06-06 09:55 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\290609.exe.vir
2007-06-06 18:37 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\31583984.exe.vir
2007-06-08 22:06 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\216896546.exe.vir
2007-06-08 22:06 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\216900765.exe.vir
2007-06-15 09:35 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\448953.exe.vir
2007-06-15 09:35 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\456031.exe.vir
2007-06-15 14:17 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\17304671.exe.vir
2007-06-15 14:17 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\17306437.exe.vir
2007-06-16 14:22 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\17567359.exe.vir
2007-06-18 08:59 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\285484.exe.vir
2007-06-18 08:59 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\298734.exe.vir
2007-06-20 01:11 508932 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\231812.exe.vir
2007-06-20 21:28 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\467953.exe.vir
2007-06-20 21:28 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\481921.exe.vir
2007-06-21 14:38 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\235859.exe.vir
2007-06-21 14:39 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\303218.exe.vir
2007-06-25 20:07 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\42171390.exe.vir
2007-06-26 10:55 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\95450359.exe.vir
2007-06-26 10:56 53252 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\95494218.exe.vir
2007-06-26 14:57 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\109982234.exe.vir
2007-06-26 14:57 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\109999296.exe.vir
2007-06-29 08:36 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\267937.exe.vir
2007-06-29 08:37 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\289234.exe.vir
2007-06-29 09:32 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\344031.exe.vir
2007-06-29 09:32 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\346015.exe.vir
2007-07-02 09:31 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\190062.exe.vir
2007-07-02 09:31 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\194562.exe.vir
2007-07-04 10:26 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\176301703.exe.vir
2007-07-04 10:26 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\176304281.exe.vir
2007-07-07 22:08 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\10186328.exe.vir
2007-07-07 22:08 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\10186312.exe.vir
2007-07-10 13:20 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\237697000.exe.vir
2007-07-10 13:20 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\237678125.exe.vir
2007-07-10 16:05 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\1428109.exe.vir
2007-07-11 12:31 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\17120484.exe.vir
2007-07-11 12:31 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\17114796.exe.vir
2007-07-12 08:50 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\1058265.exe.vir
2007-07-12 08:50 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\1061718.exe.vir
2007-07-13 12:31 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\64460890.exe.vir
2007-07-13 12:31 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\64457218.exe.vir
2007-07-14 08:42 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\194765.exe.vir
2007-07-16 08:53 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\173664593.exe.vir
2007-07-16 08:55 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\173791343.exe.vir
2007-07-16 18:49 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\209402515.exe.vir
2007-07-16 18:49 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\209444671.exe.vir
2007-07-17 08:30 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\258695015.exe.vir
2007-07-18 08:28 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\344956781.exe.vir
2007-07-19 15:17 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\15219328.exe.vir
2007-07-21 09:14 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\1825937.exe.vir
2007-07-21 09:14 85046 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\1839156.exe.vir
2007-07-22 09:46 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\260781.exe.vir
2007-07-22 18:32 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\279109.exe.vir
2007-07-22 18:32 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\300703.exe.vir
2007-07-25 08:01 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\171470531.exe.vir
2007-07-25 13:12 85018 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\190156562.exe.vir
2007-07-25 13:38 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\192062.exe.vir
2007-07-25 13:38 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\196234.exe.vir
2007-07-25 17:39 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\14624718.exe.vir
2007-07-25 17:39 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\14645437.exe.vir
2007-07-26 18:42 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\104830984.exe.vir
2007-07-27 08:14 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\200734.exe.vir
2007-08-02 08:31 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\256328.exe.vir
2007-08-02 08:33 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\396187.exe.vir
2007-08-03 09:10 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\87701828.exe.vir
2007-08-03 09:10 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\87701984.exe.vir
2007-08-08 10:34 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\197625.exe.vir
2007-08-08 10:34 179030 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\204453.exe.vir
2007-08-11 07:48 106035 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\831968.exe.vir
2007-08-11 07:49 106035 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\840562.exe.vir
2007-08-15 09:50 187495 --a------ C:\Qoobox\Quarantine\C\WINDOWS\exefld\202390.exe.vir
2007-08-18 12:38 1016 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_IPRIP.reg.cf
2007-08-18 12:38 1212 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
2007-08-18 12:38 2354 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.cf
2007-08-18 12:38 2646 --a------ C:\Qoobox\Quarantine\Registry_backups\services_rosa.reg.cf
2007-08-18 12:38 278 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_ROSA.reg.cf
2007-08-18 12:38 2994 --a------ C:\Qoobox\Quarantine\Registry_backups\services_m_hook.reg.cf
2007-08-18 12:38 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-08-18 12:38 3738 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Iprip.reg.cf
2007-08-18 13:23 1022 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_M_HOOK.reg.cf


Structure du dossier pour le volume ACER
Le num‚ro de s‚rie du volume est 3171-1DEA
C:\QOOBOX
\---Quarantine
+---Registry_backups
| LEGACY_IPRIP.reg.cf
| LEGACY_M_HOOK.reg.cf
| LEGACY_NPF.reg.cf
| LEGACY_ROSA.reg.cf
| services_Iprip.reg.cf
| services_m_hook.reg.cf
| services_nm.reg.cf
| services_NPF.reg.cf
| services_rosa.reg.cf
|
\---C
+---WINDOWS
| +---system32
| | | packet.dll.vir
| | | pthreadVC.dll.vir
| | | wpcap.dll.vir
| | | hldrrr.exe.vir
| | | wintems.exe.vir
| | |
| | \---drivers
| | npf.sys.vir
| |
| \---exefld
| 267390.exe.vir
| 268468.exe.vir
| 14674625.exe.vir
| 14678343.exe.vir
| 59888968.exe.vir
| 59889125.exe.vir
| 110236828.exe.vir
| 110238171.exe.vir
| 153859.exe.vir
| 153906.exe.vir
| 182921.exe.vir
| 184437.exe.vir
| 214084890.exe.vir
| 214085000.exe.vir
| 2475734.exe.vir
| 2510468.exe.vir
| 190671.exe.vir
| 193656.exe.vir
| 15016687.exe.vir
| 15021421.exe.vir
| 107285500.exe.vir
| 107288734.exe.vir
| 176693609.exe.vir
| 176707734.exe.vir
| 255025656.exe.vir
| 255035109.exe.vir
| 176203.exe.vir
| 290609.exe.vir
| 31583984.exe.vir
| 216896546.exe.vir
| 216900765.exe.vir
| 448953.exe.vir
| 456031.exe.vir
| 17304671.exe.vir
| 17306437.exe.vir
| 17567359.exe.vir
| 285484.exe.vir
| 298734.exe.vir
| 231812.exe.vir
| 467953.exe.vir
| 481921.exe.vir
| 235859.exe.vir
| 303218.exe.vir
| 42171390.exe.vir
| 95450359.exe.vir
| 95494218.exe.vir
| 109982234.exe.vir
| 109999296.exe.vir
| 267937.exe.vir
| 289234.exe.vir
| 344031.exe.vir
| 346015.exe.vir
| 190062.exe.vir
| 194562.exe.vir
| 176301703.exe.vir
| 176304281.exe.vir
| 10186312.exe.vir
| 10186328.exe.vir
| 237678125.exe.vir
| 237697000.exe.vir
| 1428109.exe.vir
| 17114796.exe.vir
| 17120484.exe.vir
| 1058265.exe.vir
| 1061718.exe.vir
| 64457218.exe.vir
| 64460890.exe.vir
| 194765.exe.vir
| 173664593.exe.vir
| 173791343.exe.vir
| 209402515.exe.vir
| 209444671.exe.vir
| 258695015.exe.vir
| 344956781.exe.vir
| 15219328.exe.vir
| 1825937.exe.vir
| 1839156.exe.vir
| 260781.exe.vir
| 279109.exe.vir
| 300703.exe.vir
| 171470531.exe.vir
| 190156562.exe.vir
| 192062.exe.vir
| 196234.exe.vir
| 14624718.exe.vir
| 14645437.exe.vir
| 104830984.exe.vir
| 200734.exe.vir
| 256328.exe.vir
| 396187.exe.vir
| 87701828.exe.vir
| 87701984.exe.vir
| 197625.exe.vir
| 204453.exe.vir
| 831968.exe.vir
| 840562.exe.vir
| 202390.exe.vir
|
\---DOCUME~1
\---ZOLFAN~1
\---APPLIC~1
[/code]
0
Réponse 3 / 3
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
18 août 2007 à 16:57
ok

¤ Télécharge Clean
----> http://www.malekal.com/download/clean.zip

Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu ici
0