Infection virus et trojan-dropper.win32.agent

Résolu
vince59400 -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

Je me suis aperçu à la lenteur de mon système de l'infection de virus et de trojan(s).
Kaspersky semble incapable de résoudre ces menaces.

Pouvez-vous m'aider, svp

Voici la dernière analyse Hijackthis puis celle de Kaspersky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14, on 2008-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {f43efa2d-1584-b5da-2664-08abb22d8de1} - {1ed8d22b-ba80-4662-ad5b-4851d2afe34f} - C:\WINDOWS\system32\ixnsutpo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /b
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\vincent\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\vincent\Application Data\Microsoft\Windows\gxtqqi.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6267 bytes
********************************************************************************************************

découvert : cheval de Troie Trojan-Dropper.Win32.Agent.dgo Le module: avp.exe\avp.exe
découvert : cheval de Troie Trojan-Dropper.Win32.Agent.dgo Le fichier: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
découvert : cheval de Troie Trojan-Dropper.Win32.Agent.dgo Le module: a2guard.exe\a2guard.exe
découvert : cheval de Troie Trojan-Dropper.Win32.Agent.dgo Le fichier: C:\Program Files\a-squared Anti-Malware\a2guard.exe
découvert : cheval de Troie Trojan-Dropper.Win32.Agent.dgo Le module: SUPERAntiSpyware.exe\SUPERAntiSpyware.exe
découvert : cheval de Troie Trojan-Dropper.Win32.Agent.dgo Le fichier: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
découvert : cheval de Troie Trojan-Dropper.Win32.Agent.dgo Le fichier: c:\windows\system32\xxwuu.exe
non trouvé : virus Heur.Invader (modification) Le fichier: c:\documents and settings\vincent\bureau\combofix.exe//PE_Patch.UPX/catchme.cfexe

Merci de votre aide
Configuration: Windows XP
Internet Explorer 6.0 et Mozilla Firefox

26 réponses

  • 1
  • 2
Résumé de la discussion

La lenteur du système est due à une infection par des chevaux de Troie et un dropper détecté (Trojan-Dropper.Win32.Agent.dgo) et plusieurs composants malware actifs malgré Kaspersky.
Selon le rapport HijackThis, des entrées de démarrage et services malveillants touchent plusieurs programmes (Kaspersky, a-squared, SUPERAntiSpyware, BitDefender), avec des DLLs et composants qui se relancent au boot et compromettent le système.
Des solutions préconisées incluent la vidange de la quarantaine, l’analyse avec BitDefender et l’utilisation d’un outil de désinstallation pour certains programmes, puis l’examen des fichiers suspectés sur VirusTotal et l’emploi de ComboFix.
Il peut être utile de planifier une réinstallation propre si des traces subsistent après nettoyage, afin d’éviter une réinfection et de garantir l’intégrité des données, les sauvegardes restant à vérifier.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut vince,

    tout d´abord supprime un de tes deux antivirus, sinon cela cré des conflits

    puis fais ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    @+
    0
    1. vince59400
       
      J'ai désinstallé Bit Défender et j'ai conservé Kaspersky.

      @+ Vince
      0
  2. vince59400
     
    Voila Combofix a enfin terminé la tache et voici le rapport
    C'est grave?

    ComboFix 08-01-14.4 - vincent 2008-01-14 15:28:47.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.440 [GMT 1:00]
    Running from: C:\Documents and Settings\vincent\Bureau\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\uuwxx.ini
    C:\WINDOWS\system32\uuwxx.ini2
    C:\WINDOWS\system32\xxwuu.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-14 14:24 . 2008-01-14 14:26 <REP> d-------- C:\WINDOWS\nview
    2008-01-14 14:24 . 2005-02-24 00:32 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
    2008-01-14 14:24 . 2005-02-24 00:32 14,435 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-01-14 14:22 . 2004-05-02 09:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
    2008-01-14 14:17 . 2008-01-14 15:44 340,480 --a------ C:\WINDOWS\system32\xxwuu.exe
    2008-01-14 12:00 . 2007-11-10 21:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-01-14 12:00 . 2007-11-10 21:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-14 12:00 . 2007-11-10 20:41 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-14 12:00 . 2007-11-10 21:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-14 11:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-14 11:28 . 2008-01-14 11:28 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-14 09:58 . 2008-01-14 09:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-01-14 09:55 . 2008-01-14 14:26 <REP> d-------- C:\Program Files\SUPERAntiSpyware
    2008-01-14 09:55 . 2008-01-14 09:55 <REP> d-------- C:\Documents and Settings\vincent\Application Data\SUPERAntiSpyware.com
    2008-01-14 09:52 . 2008-01-14 09:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-13 21:35 . 2008-01-14 14:26 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-01-13 21:24 . 2008-01-13 21:31 <REP> d-------- C:\Program Files\RegCleaner
    2008-01-13 14:18 . 2008-01-13 14:18 <REP> d-------- C:\Muestras
    2008-01-13 12:41 . 2008-01-14 09:37 <REP> d-------- C:\VundoFix Backups
    2008-01-13 11:22 . 2008-01-13 11:22 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-01-13 11:22 . 2008-01-14 15:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-13 11:22 . 2008-01-14 15:53 3,155,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-13 11:22 . 2008-01-14 15:54 113,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-01-13 11:22 . 2008-01-13 11:22 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-01-13 11:22 . 2008-01-13 11:22 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-01-13 11:22 . 2008-01-14 15:52 46,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-13 11:22 . 2008-01-14 15:52 11,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-01-13 11:18 . 2008-01-13 11:18 <REP> d-------- C:\kav
    2008-01-13 11:11 . 2008-01-14 13:31 50,251 --a------ C:\Program Files\update.zip
    2008-01-13 11:11 . 2008-01-14 15:45 37,376 --a------ C:\WINDOWS\system32\sysrest32 .exe
    2008-01-13 11:10 . 2008-01-14 13:58 18,300,416 --a------ C:\WINDOWS\system32\MRT.RB0
    2008-01-13 11:10 . 2008-01-13 11:10 1,026,560 --a------ C:\WINDOWS\system32\drivers\hldrrr.RB0
    2008-01-13 11:10 . 2008-01-14 15:33 684,290 --a------ C:\WINDOWS\system32\drivers\hldrrr .exe
    2008-01-13 11:10 . 2008-01-14 13:58 497,152 --a------ C:\WINDOWS\system32\NeroCheck.RB0
    2008-01-12 18:30 . 2008-01-13 09:41 14 --a------ C:\Documents and Settings\vincent\getfile.dat
    2008-01-12 15:27 . 2008-01-12 15:27 2,957 --a------ C:\WINDOWS\system32\x_dtrace_log
    2008-01-12 15:27 . 2008-01-12 15:27 14 --a------ C:\WINDOWS\system32\getfile.dat
    2008-01-12 13:44 . 2008-01-12 13:44 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-12 13:44 . 2008-01-12 13:24 34,954,501 --a------ C:\WINDOWS\LPT$VPN.941
    2008-01-12 13:25 . 2008-01-12 13:25 <REP> d-------- C:\WINDOWS\report
    2008-01-12 13:24 . 2008-01-12 13:44 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-12 13:24 . 2008-01-12 13:24 34,954,501 --a------ C:\WINDOWS\VPTNFILE.941
    2008-01-12 13:24 . 2008-01-12 13:24 1,909,671 --a------ C:\WINDOWS\tsc.ptn
    2008-01-12 13:24 . 2008-01-12 13:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-12 13:24 . 2008-01-12 13:24 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-12 13:24 . 2008-01-12 13:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-12 13:24 . 2008-01-12 13:24 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-12 13:24 . 2008-01-12 13:45 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-12 13:22 . 2008-01-12 13:22 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-12 13:22 . 2008-01-12 13:44 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-12 13:21 . 2008-01-12 13:21 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-12 13:21 . 2008-01-12 13:21 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-12 13:21 . 2008-01-12 13:21 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-12 00:11 . 2008-01-12 00:11 698 --a------ C:\WINDOWS\system32\MRT.INI
    2008-01-12 00:00 . 2008-01-12 00:00 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
    2008-01-12 00:00 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-01-11 23:11 . 2008-01-14 13:58 163,904 --a------ C:\WINDOWS\system32\xqtogcid.dll.vir
    2008-01-10 20:54 . 2008-01-10 21:02 <REP> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
    2008-01-10 20:54 . 2008-01-10 21:14 <REP> d-------- C:\Program Files\Minitab 15
    2008-01-10 20:54 . 2008-01-13 11:35 65 --a------ C:\WINDOWS\minitab.ini
    2008-01-09 18:45 . 2008-01-13 11:25 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
    2008-01-09 18:45 . 2008-01-13 11:25 90,112 --a------ C:\WINDOWS\Updreg .exe
    2008-01-09 17:57 . 2008-01-13 11:25 <REP> d-------- C:\Program Files\Dot1XCfg
    2008-01-09 15:52 . 2008-01-09 15:52 <REP> dr-h----- C:\Documents and Settings\vincent\Application Data\SecuROM
    2008-01-09 15:42 . 2008-01-09 17:59 <REP> d-------- C:\Program Files\Electronic Arts
    2008-01-09 15:31 . 2008-01-13 11:47 <REP> d-------- C:\Program Files\DAEMON Tools
    2008-01-08 12:08 . 2008-01-08 12:08 17,024 --a------ C:\Documents and Settings\vincent\Application Data\GDIPFONTCACHEV1.DAT
    2008-01-07 15:53 . 2008-01-07 15:53 <REP> d-------- C:\Documents and Settings\vincent\Application Data\InstallShield
    2008-01-07 15:50 . 2008-01-07 15:52 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-06 12:51 . 2008-01-06 18:05 <REP> d-------- C:\Documents and Settings\vincent\phelix
    2008-01-06 12:50 . 2008-01-06 12:50 <REP> d-------- C:\Program Files\Phonome Labs
    2008-01-03 14:46 . 2008-01-13 11:11 <REP> d-------- C:\Program Files\Shareaza
    2008-01-03 14:46 . 2008-01-14 08:50 <REP> d-------- C:\Documents and Settings\vincent\Application Data\Shareaza
    2007-12-31 09:30 . 2008-01-13 11:10 <REP> d-------- C:\WINDOWS\system32\drivers\down
    2007-12-31 09:24 . 2007-12-31 10:20 <REP> d-------- C:\Program Files\MixVibesPro5
    2007-12-30 23:53 . 2007-12-31 00:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-30 23:35 . 2007-12-30 23:35 <REP> d--hs---- C:\WINDOWS\ftpcache
    2007-12-30 23:35 . 2007-12-30 23:35 280 --a------ C:\WINDOWS\game.ini
    2007-12-30 23:31 . 2007-12-30 23:31 <REP> d-------- C:\Program Files\Activision
    2007-12-30 22:07 . 2007-12-30 23:31 36 --a------ C:\WINDOWS\plugSpk.INI
    2007-12-30 21:54 . 1999-10-11 02:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
    2007-12-30 21:53 . 2000-04-13 09:05 424,960 --a------ C:\WINDOWS\system32\MSMS001.vwp
    2007-12-30 21:53 . 2000-04-13 09:05 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2007-12-30 21:53 . 2000-04-13 09:05 281,600 --a------ C:\WINDOWS\system32\Mvoice.vwp
    2007-12-30 21:53 . 2000-04-13 09:05 278,016 --a------ C:\WINDOWS\system32\VCT3216.dll
    2007-12-30 21:53 . 2000-04-13 09:05 82,944 --a------ C:\WINDOWS\system32\VCT3216.acm
    2007-12-30 21:53 . 2000-04-13 09:05 29,184 --a------ C:\WINDOWS\system32\popup.ocx
    2007-12-30 21:50 . 1999-01-21 18:31 2,259,070 --a------ C:\WINDOWS\system32\drivers\eapci2m.ecw
    2007-12-30 21:50 . 2001-08-14 16:17 775,296 --a------ C:\WINDOWS\system32\drivers\emu10k1f.sys
    2007-12-30 21:50 . 1998-10-14 17:03 59,392 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
    2007-12-30 21:50 . 1998-10-14 17:03 59,392 --a------ C:\WINDOWS\system32\a3d.dll
    2007-12-30 21:50 . 2001-08-31 14:37 36,992 --a------ C:\WINDOWS\system32\drivers\sfman.sys
    2007-12-30 21:50 . 2001-07-11 12:34 6,912 --a------ C:\WINDOWS\system32\drivers\ctlface.sys
    2007-12-30 21:48 . 1998-01-08 01:00 1,048,576 --a------ C:\WINDOWS\system32\sfman.dat
    2007-12-30 21:48 . 1995-01-13 14:10 149,504 --a------ C:\WINDOWS\system32\mfcans32.dll
    2007-12-30 21:48 . 1995-01-13 14:10 108,032 --a------ C:\WINDOWS\system32\mfcuia32.dll
    2007-12-30 21:48 . 1998-06-05 02:00 84,992 --a------ C:\WINDOWS\system32\sfcvrt32.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-14 14:29 --------- d-----w C:\Program Files\QuickTime
    2008-01-14 13:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-01-14 13:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-13 11:13 --------- d-----w C:\Documents and Settings\vincent\Application Data\WinButler
    2008-01-13 10:25 --------- d-----w C:\Program Files\iTunes
    2008-01-13 10:19 --------- d-----w C:\Program Files\Alwil Software
    2008-01-10 17:11 10 ----a-w C:\Program Files\.autoreg
    2008-01-09 14:16 --------- d-----w C:\Documents and Settings\vincent\Application Data\Ahead
    2008-01-07 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-07 14:54 --------- d-----w C:\Program Files\Sierra
    2008-01-03 22:01 --------- d-----w C:\Program Files\VstPlugins
    2007-12-29 15:54 --------- d-----w C:\Documents and Settings\vincent\Application Data\PlayFirst
    2007-12-29 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-12-24 13:18 --------- d-----w C:\Program Files\Image-Line
    2007-12-16 01:21 --------- d-----w C:\Program Files\BoontyGames
    2007-12-16 01:12 --------- d-----w C:\Program Files\ALCATech
    2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
    2007-12-08 21:25 --------- d-----w C:\Documents and Settings\vincent\Application Data\GetRightToGo
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-01 11:38 --------- d-----w C:\Program Files\iPod
    2007-12-01 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-01 11:35 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-01 11:34 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-12-01 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-01 10:40 --------- d-----w C:\Documents and Settings\vincent\Application Data\Apple Computer
    2007-11-29 21:08 --------- d-----w C:\Program Files\Java
    2007-11-29 21:07 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-19 18:41 --------- d-----w C:\Documents and Settings\vincent\Application Data\Super-Cow
    2007-11-18 20:57 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
    2007-11-17 15:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-11-17 11:59 --------- d-----w C:\Program Files\Wedding Dash
    .
    [code]<pre>
    ----a-w 1,816,208 2008-01-14 13:27:00 C:\Program Files\a-squared Anti-Malware\a2guard .exe
    ----a-w 39,792 2008-01-13 10:25:41 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    ----a-w 219,520 2008-01-13 10:26:18 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe
    ----a-w 180,224 2008-01-13 10:25:53 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB .EXE
    ----a-w 102,400 2008-01-13 10:25:52 C:\Program Files\Creative\SBLive\Program\AHQInit .exe
    ----a-w 157,592 2008-01-12 06:15:59 C:\Program Files\DAEMON Tools\daemon .exe
    ----a-w 61,440 2008-01-13 10:26:19 C:\Program Files\Dot1XCfg\Dot1XCfg .exe
    ----a-w 267,048 2008-01-13 10:25:43 C:\Program Files\iTunes\iTunesHelper .exe
    ----a-w 132,496 2008-01-13 10:25:43 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 227,856 2008-01-14 14:52:55 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
    ----a-w 1,694,208 2008-01-13 10:26:17 C:\Program Files\Messenger\msmsgs .exe
    ----a-w 654,336 2008-01-14 13:26:53 C:\Program Files\QuickTime\qttask .exe
    ----a-w 654,336 2008-01-14 13:19:20 C:\Program Files\QuickTime\qttask .exe
    ----a-w 4,739,072 2008-01-12 22:39:14 C:\Program Files\Shareaza\Shareaza .exe
    ----a-w 1,318,912 2008-01-14 13:27:06 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
    ----a-w 90,112 2008-01-13 10:25:49 C:\WINDOWS\Updreg .exe
    ----a-w 155,648 2008-01-13 10:25:40 C:\WINDOWS\system32\NeroCheck .exe
    ----a-w 37,376 2008-01-14 14:45:43 C:\WINDOWS\system32\sysrest32 .exe
    ----a-w 684,290 2008-01-14 14:33:42 C:\WINDOWS\system32\drivers\hldrrr .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((( snapshot@2008-01-14_12.04.35,58 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-14 10:53:06 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-14 14:25:06 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-14 10:53:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-14 14:25:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-14 10:53:08 3,764,224 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-01-14 14:25:06 3,817,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-14 10:53:08 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-14 14:25:07 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-14 14:25:07 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    + 2008-01-14 14:25:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    - 2008-01-07 15:10:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    + 2008-01-14 13:43:06 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    + 2005-02-23 23:32:00 3,454,144 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
    - 2004-08-03 22:29:56 1,897,408 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    + 2005-02-23 23:32:00 3,454,144 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    + 2005-02-23 23:32:00 393,216 ----a-w C:\WINDOWS\system32\keystone.exe
    - 2004-08-04 00:54:36 4,274,816 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    + 2005-02-23 23:32:00 3,973,888 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    + 2005-02-23 23:32:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    + 2005-02-23 23:32:00 32,256 ----a-w C:\WINDOWS\system32\nvcod.dll
    + 2005-02-23 23:32:00 32,256 ----a-w C:\WINDOWS\system32\nvcodins.dll
    + 2005-02-23 23:32:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    + 2005-02-23 23:32:00 5,537,792 ----a-w C:\WINDOWS\system32\nvcpl.dll
    + 2005-02-23 23:32:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    + 2005-02-23 23:32:00 540,672 ----a-w C:\WINDOWS\system32\nvhwvid.dll
    + 2005-02-23 23:32:00 1,458,176 ----a-w C:\WINDOWS\system32\nview.dll
    + 2005-02-23 23:32:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
    + 2005-02-23 23:32:00 245,760 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    + 2005-02-23 23:32:00 5,332,992 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    + 2005-02-23 23:32:00 307,200 ----a-w C:\WINDOWS\system32\nvrsar.dll
    + 2005-02-23 23:32:00 229,376 ----a-w C:\WINDOWS\system32\nvrscs.dll
    + 2005-02-23 23:32:00 237,568 ----a-w C:\WINDOWS\system32\nvrsda.dll
    + 2005-02-23 23:32:00 258,048 ----a-w C:\WINDOWS\system32\nvrsde.dll
    + 2005-02-23 23:32:00 262,144 ----a-w C:\WINDOWS\system32\nvrsel.dll
    + 2005-02-23 23:32:00 229,376 ----a-w C:\WINDOWS\system32\nvrseng.dll
    + 2005-02-23 23:32:00 262,144 ----a-w C:\WINDOWS\system32\nvrses.dll
    + 2005-02-23 23:32:00 253,952 ----a-w C:\WINDOWS\system32\nvrsesm.dll
    + 2005-02-23 23:32:00 229,376 ----a-w C:\WINDOWS\system32\nvrsfi.dll
    + 2005-02-23 23:32:00 266,240 ----a-w C:\WINDOWS\system32\nvrsfr.dll
    + 2005-02-23 23:32:00 303,104 ----a-w C:\WINDOWS\system32\nvrshe.dll
    + 2005-02-23 23:32:00 241,664 ----a-w C:\WINDOWS\system32\nvrshu.dll
    + 2005-02-23 23:32:00 262,144 ----a-w C:\WINDOWS\system32\nvrsit.dll
    + 2005-02-23 23:32:00 249,856 ----a-w C:\WINDOWS\system32\nvrsja.dll
    + 2005-02-23 23:32:00 245,760 ----a-w C:\WINDOWS\system32\nvrsko.dll
    + 2005-02-23 23:32:00 253,952 ----a-w C:\WINDOWS\system32\nvrsnl.dll
    + 2005-02-23 23:32:00 237,568 ----a-w C:\WINDOWS\system32\nvrsno.dll
    + 2005-02-23 23:32:00 237,568 ----a-w C:\WINDOWS\system32\nvrspl.dll
    + 2005-02-23 23:32:00 253,952 ----a-w C:\WINDOWS\system32\nvrspt.dll
    + 2005-02-23 23:32:00 249,856 ----a-w C:\WINDOWS\system32\nvrsptb.dll
    + 2005-02-23 23:32:00 249,856 ----a-w C:\WINDOWS\system32\nvrsru.dll
    + 2005-02-23 23:32:00 237,568 ----a-w C:\WINDOWS\system32\nvrssk.dll
    + 2005-02-23 23:32:00 237,568 ----a-w C:\WINDOWS\system32\nvrssl.dll
    + 2005-02-23 23:32:00 237,568 ----a-w C:\WINDOWS\system32\nvrssv.dll
    + 2005-02-23 23:32:00 237,568 ----a-w C:\WINDOWS\system32\nvrstr.dll
    + 2005-02-23 23:32:00 208,896 ----a-w C:\WINDOWS\system32\nvrszhc.dll
    + 2005-02-23 23:32:00 114,688 ----a-w C:\WINDOWS\system32\nvrszht.dll
    + 2005-02-23 23:32:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    + 2005-02-23 23:32:00 127,043 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    + 2005-02-23 23:32:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    + 2005-02-23 23:32:00 1,662,976 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    + 2005-02-23 23:32:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    + 2005-02-23 23:32:00 274,432 ----a-w C:\WINDOWS\system32\nvwrsar.dll
    + 2005-02-23 23:32:00 278,528 ----a-w C:\WINDOWS\system32\nvwrscs.dll
    + 2005-02-23 23:32:00 290,816 ----a-w C:\WINDOWS\system32\nvwrsda.dll
    + 2005-02-23 23:32:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsde.dll
    + 2005-02-23 23:32:00 331,776 ----a-w C:\WINDOWS\system32\nvwrsel.dll
    + 2005-02-23 23:32:00 278,528 ----a-w C:\WINDOWS\system32\nvwrseng.dll
    + 2005-02-23 23:32:00 327,680 ----a-w C:\WINDOWS\system32\nvwrses.dll
    + 2005-02-23 23:32:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
    + 2005-02-23 23:32:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
    + 2005-02-23 23:32:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
    + 2005-02-23 23:32:00 274,432 ----a-w C:\WINDOWS\system32\nvwrshe.dll
    + 2005-02-23 23:32:00 307,200 ----a-w C:\WINDOWS\system32\nvwrshu.dll
    + 2005-02-23 23:32:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsit.dll
    + 2005-02-23 23:32:00 208,896 ----a-w C:\WINDOWS\system32\nvwrsja.dll
    + 2005-02-23 23:32:00 192,512 ----a-w C:\WINDOWS\system32\nvwrsko.dll
    + 2005-02-23 23:32:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
    + 2005-02-23 23:32:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsno.dll
    + 2005-02-23 23:32:00 290,816 ----a-w C:\WINDOWS\system32\nvwrspl.dll
    + 2005-02-23 23:32:00 319,488 ----a-w C:\WINDOWS\system32\nvwrspt.dll
    + 2005-02-23 23:32:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
    + 2005-02-23 23:32:00 307,200 ----a-w C:\WINDOWS\system32\nvwrsru.dll
    + 2005-02-23 23:32:00 290,816 ----a-w C:\WINDOWS\system32\nvwrssk.dll
    + 2005-02-23 23:32:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssl.dll
    + 2005-02-23 23:32:00 290,816 ----a-w C:\WINDOWS\system32\nvwrssv.dll
    + 2005-02-23 23:32:00 299,008 ----a-w C:\WINDOWS\system32\nvwrstr.dll
    + 2005-02-23 23:32:00 159,744 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
    + 2005-02-23 23:32:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszht.dll
    + 2005-02-23 23:32:00 1,495,040 ----a-w C:\WINDOWS\system32\nwiz.exe
    - 2008-01-14 10:08:19 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-14 13:31:29 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-14 10:08:19 71,488 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-14 13:31:29 71,488 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-14 10:08:19 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-14 13:31:29 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-14 10:08:19 458,648 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-14 13:31:29 458,648 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2004-08-04 00:54:36 4,274,816 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\nv4_disp.dll
    + 2004-08-03 22:29:56 1,897,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\nv4_mini.sys
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinButler"="C:\Documents and Settings\vincent\Application Data\WinButler\WinButler.exe" [ ]
    "SfKg6wIPu"="C:\Documents and Settings\vincent\Application Data\Microsoft\Windows\gxtqqi.exe" [ ]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-14 15:57 1773056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Audio Engine"="mmrtkrnl.exe" [2005-04-28 00:00 53248 C:\WINDOWS\system32\MMRTKRNL.EXE]
    "sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [ ]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-14 15:52 227856]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-14 15:57 2177024]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 00:32 5537792]
    "nwiz"="nwiz.exe" [2005-02-24 00:32 1495040 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 00:32 86016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\xxwuu

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
    R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
    R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
    R2 Tdlpt;Tdlpt;C:\WINDOWS\system32\drivers\Tdlpt.sys [2001-10-16 12:58]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
    S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-14 15:52]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-13 21:52]
    S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-11 12:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-09 16:53:53 C:\WINDOWS\Tasks\At1.job"
    - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
    "2008-01-09 16:53:53 C:\WINDOWS\Tasks\At2.job"
    - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
    "2008-01-09 19:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-14 15:54:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-14 16:02:09 - machine was rebooted [vincent]
    ComboFix-quarantined-files.txt 2008-01-14 15:00:26
    ComboFix2.txt 2008-01-14 11:04:55
    .
    2008-01-12 15:16:16 --- E O F ---
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok,

    C'est grave?
    tout est relatif...

    on continue :

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\xxwuu.exe
    C:\WINDOWS\system32\xqtogcid.dll.vir
    C:\Documents and Settings\vincent\Application Data\WinButler\WinButler.exe
    C:\Documents and Settings\vincent\Application Data\Microsoft\Windows\gxtqqi.exe
    C:\WINDOWS\system32\sysrest32.exe

    Folder::
    C:\VundoFix Backups
    C:\Documents and Settings\vincent\Application Data\WinButler

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinButler"=-
    "SfKg6wIPu"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sysrest32.exe"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt3 accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports

    @+
    0
    1. vince59400
       
      Par contre, après ces opérations Kaspersy est désactivé.
      Est-ce que je dois le remettre en service?

      @+
      Vince
      0
  4. vince59400
     
    Voici le Hijackthis mais je ne trouve pas Combofix.txt3

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:04, on 2008-01-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\a-squared Anti-Malware\a2guard .exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\xxwuu.exe
    O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /b
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. vince59400
     
    Par contre un fichier ComboFix.txt (sans le 3)

    ComboFix 08-01-14.4 - vincent 2008-01-14 16:29:53.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.653 [GMT 1:00]
    Running from: C:\Documents and Settings\vincent\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\vincent\Bureau\CFScript.txt
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

    FILE
    C:\Documents and Settings\vincent\Application Data\Microsoft\Windows\gxtqqi.exe
    C:\Documents and Settings\vincent\Application Data\WinButler\WinButler.exe
    C:\WINDOWS\system32\sysrest32.exe
    C:\WINDOWS\system32\xqtogcid.dll.vir
    C:\WINDOWS\system32\xxwuu.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\vincent\Application Data\WinButler
    C:\Documents and Settings\vincent\Application Data\WinButler\config.cfg
    C:\VundoFix Backups
    C:\VundoFix Backups\ixnsutpo.dll.bad
    C:\VundoFix Backups\xqtogcid.dllbox.bad
    C:\WINDOWS\system32\xqtogcid.dll.vir
    C:\WINDOWS\system32\xxwuu.dll
    C:\WINDOWS\system32\xxwuu.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
    .
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    oui c´est bien celui la de rapport combofix.

    j´aurais quand meme souhaité le voir en entier...

    on continue

    a l´aide de hijack this coche et ficx les lignes suivantes :

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    F3 - REG:win.ini: load=C:\WINDOWS\system32\xxwuu.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    click sur demarrer > executer > dans la boite de dialogue tape : services.msc et valide par ok

    dans la fenetre des services recherche et arrete ceci :

    Boonty Games - BOONTY

    puis supprime

    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    en faite desinstale completement boonty.

    puis

    refais un nouveau hijack this en le renomant en scan.exe par exemple et post le

    si tu as moyen post aussi le rapport de combofix ( le dernier ) en entier stp

    @+
    0
    1. vince59400
       
      J'ai vérifié mais je n'ai rien de plus dans Combofix.txt.
      Je continue quand même?

      Vince
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    oui continue
    0
    1. vince59400
       
      Je n'arrive pas à supprimer totalement boonty games.
      Voici le rapport de scan.exe

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:45, on 2008-01-14
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\a-squared Anti-Malware\a2guard.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\a-squared Anti-Malware\a2guard .exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /b
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
      O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
      O15 - Trusted Zone: http://www.secuser.com
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-click sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY

    Click sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    click sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
    Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
    http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe < tu ne l´as pas renommé...

    il faut que tu renomme l´application : HijackThis.exe deviens scan.exe

    puis depuis les derniers rapports, je constate que kaspersky n´est plus actif??!!

    dis moi quoi

    @+
    0
    1. vince59400
       
      Je m'en suis apercu aussi, je restaure l'installation de Kaspersky et je continue les opérations
      Encore merci pour ton aide

      @+
      0
    2. vince59400
       
      Pas de succès avec OTMoveIt.exe


      File/Folder C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe not found.
      File/Folder C:\Program Files\Fichiers communs\BOONTY Shared not found.
      File/Folder C:\Program Files\Fichiers communs\BOONTY not found.

      Created on 01-14-2008 18:05:32

      Puis le rapport Scan.exe

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:07, on 2008-01-14
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      C:\Program Files\a-squared Anti-Malware\a2guard.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\a-squared Anti-Malware\a2guard .exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Trend Micro\HijackThis\scan.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {74EBCE75-982B-4AF6-972A-6FB1599F2D7F} - C:\WINDOWS\system32\xxwuu.dll
      O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /b
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
      O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
      O15 - Trusted Zone: http://www.secuser.com
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    @ toute`
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    bon,

    ksapersky est a nouveau actif ;-)

    peux tu refaire un combofix et poster le rapport ici stp

    @+
    0
    1. vince59400
       
      Voici le dernier rapport Combofix (complet je l'espère ; ) )

      @+

      ComboFix 08-01-14.4 - vincent 2008-01-14 20:43:08.5 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.548 [GMT 1:00]
      Running from: C:\Documents and Settings\vincent\Bureau\ComboFix.exe

      [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\uuwxx.ini
      C:\WINDOWS\system32\uuwxx.ini2
      C:\WINDOWS\system32\xxwuu.dll
      .
      ---- Previous Run -------
      .
      C:\Documents and Settings\vincent\Application Data\WinButler
      C:\Documents and Settings\vincent\Application Data\WinButler\config.cfg
      C:\VundoFix Backups
      C:\VundoFix Backups\ixnsutpo.dll.bad
      C:\VundoFix Backups\xqtogcid.dllbox.bad
      C:\WINDOWS\system32\RCX5.tmp
      C:\WINDOWS\system32\uuwxx.ini
      C:\WINDOWS\system32\uuwxx.ini2
      C:\WINDOWS\system32\xqtogcid.dll.vir
      C:\WINDOWS\system32\xxwuu.dll
      C:\WINDOWS\system32\xxwuu.exe

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
      .

      2008-01-14 21:04 . 2008-01-14 21:04 336,896 --------- C:\WINDOWS\system32\xxwuu.dll
      2008-01-14 16:52 . 2008-01-14 21:08 340,480 --a------ C:\WINDOWS\system32\xxwuu.exe
      2008-01-14 14:24 . 2008-01-14 14:26 <REP> d-------- C:\WINDOWS\nview
      2008-01-14 14:24 . 2005-02-24 00:32 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
      2008-01-14 14:24 . 2005-02-24 00:32 14,435 --a------ C:\WINDOWS\system32\nvdisp.nvu
      2008-01-14 14:22 . 2004-05-02 09:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-01-14 12:00 . 2007-11-10 20:41 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-01-14 11:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-14 11:28 . 2008-01-14 11:28 <REP> d-------- C:\Program Files\Trend Micro
      2008-01-14 09:58 . 2008-01-14 09:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-01-14 09:55 . 2008-01-14 16:51 <REP> d-------- C:\Program Files\SUPERAntiSpyware
      2008-01-14 09:55 . 2008-01-14 09:55 <REP> d-------- C:\Documents and Settings\vincent\Application Data\SUPERAntiSpyware.com
      2008-01-14 09:52 . 2008-01-14 09:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-01-13 21:35 . 2008-01-14 21:04 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-01-13 21:24 . 2008-01-13 21:31 <REP> d-------- C:\Program Files\RegCleaner
      2008-01-13 14:18 . 2008-01-13 14:18 <REP> d-------- C:\Muestras
      2008-01-13 11:22 . 2008-01-13 11:22 <REP> d-------- C:\Program Files\Kaspersky Lab
      2008-01-13 11:22 . 2008-01-14 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-01-13 11:22 . 2008-01-14 21:08 3,989,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
      2008-01-13 11:22 . 2008-01-14 21:08 130,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
      2008-01-13 11:22 . 2008-01-13 11:22 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
      2008-01-13 11:22 . 2008-01-13 11:22 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
      2008-01-13 11:22 . 2008-01-14 21:02 57,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
      2008-01-13 11:22 . 2008-01-14 21:02 13,196 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
      2008-01-13 11:18 . 2008-01-13 11:18 <REP> d-------- C:\kav
      2008-01-13 11:11 . 2008-01-14 13:31 50,251 --a------ C:\Program Files\update.zip
      2008-01-13 11:11 . 2008-01-14 20:54 37,376 --a------ C:\WINDOWS\system32\sysrest32 .exe
      2008-01-13 11:10 . 2008-01-14 18:01 18,300,416 --a------ C:\WINDOWS\system32\MRT.RB0
      2008-01-13 11:10 . 2008-01-13 11:10 1,026,560 --a------ C:\WINDOWS\system32\drivers\hldrrr.RB0
      2008-01-13 11:10 . 2008-01-14 20:47 684,290 --a------ C:\WINDOWS\system32\drivers\hldrrr .exe
      2008-01-13 11:10 . 2008-01-14 18:01 497,152 --a------ C:\WINDOWS\system32\NeroCheck.RB0
      2008-01-12 18:30 . 2008-01-13 09:41 14 --a------ C:\Documents and Settings\vincent\getfile.dat
      2008-01-12 15:27 . 2008-01-12 15:27 2,957 --a------ C:\WINDOWS\system32\x_dtrace_log
      2008-01-12 15:27 . 2008-01-12 15:27 14 --a------ C:\WINDOWS\system32\getfile.dat
      2008-01-12 13:44 . 2008-01-12 13:44 <REP> d-------- C:\WINDOWS\AU_Temp
      2008-01-12 13:44 . 2008-01-12 13:24 34,954,501 --a------ C:\WINDOWS\LPT$VPN.941
      2008-01-12 13:25 . 2008-01-12 13:25 <REP> d-------- C:\WINDOWS\report
      2008-01-12 13:24 . 2008-01-12 13:44 <REP> d-------- C:\WINDOWS\AU_Backup
      2008-01-12 13:24 . 2008-01-12 13:24 34,954,501 --a------ C:\WINDOWS\VPTNFILE.941
      2008-01-12 13:24 . 2008-01-12 13:24 1,909,671 --a------ C:\WINDOWS\tsc.ptn
      2008-01-12 13:24 . 2008-01-12 13:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
      2008-01-12 13:24 . 2008-01-12 13:24 267,845 --a------ C:\WINDOWS\tsc.exe
      2008-01-12 13:24 . 2008-01-12 13:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
      2008-01-12 13:24 . 2008-01-12 13:24 71,749 --a------ C:\WINDOWS\hcextoutput.dll
      2008-01-12 13:24 . 2008-01-12 13:45 823 --a------ C:\WINDOWS\tsc.ini
      2008-01-12 13:22 . 2008-01-12 13:22 <REP> d-------- C:\WINDOWS\AU_Log
      2008-01-12 13:22 . 2008-01-12 13:44 170 --a------ C:\WINDOWS\GetServer.ini
      2008-01-12 13:21 . 2008-01-12 13:21 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
      2008-01-12 13:21 . 2008-01-12 13:21 286,720 --a------ C:\WINDOWS\PATCH.EXE
      2008-01-12 13:21 . 2008-01-12 13:21 69,689 --a------ C:\WINDOWS\UNZIP.DLL
      2008-01-12 00:11 . 2008-01-12 00:11 698 --a------ C:\WINDOWS\system32\MRT.INI
      2008-01-12 00:00 . 2008-01-12 00:00 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
      2008-01-12 00:00 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
      2008-01-10 20:54 . 2008-01-10 21:02 <REP> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
      2008-01-10 20:54 . 2008-01-10 21:14 <REP> d-------- C:\Program Files\Minitab 15
      2008-01-10 20:54 . 2008-01-13 11:35 65 --a------ C:\WINDOWS\minitab.ini
      2008-01-09 18:45 . 2008-01-13 11:25 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
      2008-01-09 18:45 . 2008-01-13 11:25 90,112 --a------ C:\WINDOWS\Updreg .exe
      2008-01-09 17:57 . 2008-01-13 11:25 <REP> d-------- C:\Program Files\Dot1XCfg
      2008-01-09 15:52 . 2008-01-09 15:52 <REP> dr-h----- C:\Documents and Settings\vincent\Application Data\SecuROM
      2008-01-09 15:42 . 2008-01-09 17:59 <REP> d-------- C:\Program Files\Electronic Arts
      2008-01-09 15:31 . 2008-01-13 11:47 <REP> d-------- C:\Program Files\DAEMON Tools
      2008-01-08 12:08 . 2008-01-08 12:08 17,024 --a------ C:\Documents and Settings\vincent\Application Data\GDIPFONTCACHEV1.DAT
      2008-01-07 15:53 . 2008-01-07 15:53 <REP> d-------- C:\Documents and Settings\vincent\Application Data\InstallShield
      2008-01-07 15:50 . 2008-01-07 15:52 <REP> d--h----- C:\WINDOWS\msdownld.tmp
      2008-01-06 12:51 . 2008-01-06 18:05 <REP> d-------- C:\Documents and Settings\vincent\phelix
      2008-01-06 12:50 . 2008-01-06 12:50 <REP> d-------- C:\Program Files\Phonome Labs
      2008-01-03 14:46 . 2008-01-13 11:11 <REP> d-------- C:\Program Files\Shareaza
      2008-01-03 14:46 . 2008-01-14 08:50 <REP> d-------- C:\Documents and Settings\vincent\Application Data\Shareaza
      2007-12-31 09:30 . 2008-01-13 11:10 <REP> d-------- C:\WINDOWS\system32\drivers\down
      2007-12-31 09:24 . 2007-12-31 10:20 <REP> d-------- C:\Program Files\MixVibesPro5
      2007-12-30 23:53 . 2007-12-31 00:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-30 23:35 . 2007-12-30 23:35 <REP> d--hs---- C:\WINDOWS\ftpcache
      2007-12-30 23:35 . 2007-12-30 23:35 280 --a------ C:\WINDOWS\game.ini
      2007-12-30 23:31 . 2007-12-30 23:31 <REP> d-------- C:\Program Files\Activision
      2007-12-30 22:07 . 2007-12-30 23:31 36 --a------ C:\WINDOWS\plugSpk.INI
      2007-12-30 21:54 . 1999-10-11 02:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
      2007-12-30 21:53 . 2000-04-13 09:05 424,960 --a------ C:\WINDOWS\system32\MSMS001.vwp
      2007-12-30 21:53 . 2000-04-13 09:05 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
      2007-12-30 21:53 . 2000-04-13 09:05 281,600 --a------ C:\WINDOWS\system32\Mvoice.vwp
      2007-12-30 21:53 . 2000-04-13 09:05 278,016 --a------ C:\WINDOWS\system32\VCT3216.dll
      2007-12-30 21:53 . 2000-04-13 09:05 82,944 --a------ C:\WINDOWS\system32\VCT3216.acm
      2007-12-30 21:53 . 2000-04-13 09:05 29,184 --a------ C:\WINDOWS\system32\popup.ocx
      2007-12-30 21:50 . 1999-01-21 18:31 2,259,070 --a------ C:\WINDOWS\system32\drivers\eapci2m.ecw
      2007-12-30 21:50 . 2001-08-14 16:17 775,296 --a------ C:\WINDOWS\system32\drivers\emu10k1f.sys
      2007-12-30 21:50 . 1998-10-14 17:03 59,392 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
      2007-12-30 21:50 . 1998-10-14 17:03 59,392 --a------ C:\WINDOWS\system32\a3d.dll
      2007-12-30 21:50 . 2001-08-31 14:37 36,992 --a------ C:\WINDOWS\system32\drivers\sfman.sys
      2007-12-30 21:50 . 2001-07-11 12:34 6,912 --a------ C:\WINDOWS\system32\drivers\ctlface.sys
      2007-12-30 21:48 . 1998-01-08 01:00 1,048,576 --a------ C:\WINDOWS\system32\sfman.dat
      2007-12-30 21:48 . 1995-01-13 14:10 149,504 --a------ C:\WINDOWS\system32\mfcans32.dll
      2007-12-30 21:48 . 1995-01-13 14:10 108,032 --a------ C:\WINDOWS\system32\mfcuia32.dll
      2007-12-30 21:48 . 1998-06-05 02:00 84,992 --a------ C:\WINDOWS\system32\sfcvrt32.dll
      2007-12-30 21:48 . 1995-08-30 02:02 82,432 --a------ C:\WINDOWS\system32\ctwflt32.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-14 16:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-01-14 14:29 --------- d-----w C:\Program Files\QuickTime
      2008-01-14 13:43 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2008-01-14 13:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-01-13 10:25 --------- d-----w C:\Program Files\iTunes
      2008-01-13 10:19 --------- d-----w C:\Program Files\Alwil Software
      2008-01-10 17:11 10 ----a-w C:\Program Files\.autoreg
      2008-01-09 14:16 --------- d-----w C:\Documents and Settings\vincent\Application Data\Ahead
      2008-01-07 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-07 14:54 --------- d-----w C:\Program Files\Sierra
      2008-01-03 22:01 --------- d-----w C:\Program Files\VstPlugins
      2007-12-29 15:54 --------- d-----w C:\Documents and Settings\vincent\Application Data\PlayFirst
      2007-12-29 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
      2007-12-24 13:18 --------- d-----w C:\Program Files\Image-Line
      2007-12-16 01:12 --------- d-----w C:\Program Files\ALCATech
      2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
      2007-12-08 21:25 --------- d-----w C:\Documents and Settings\vincent\Application Data\GetRightToGo
      2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
      2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
      2007-12-01 11:38 --------- d-----w C:\Program Files\iPod
      2007-12-01 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2007-12-01 11:35 --------- d-----w C:\Program Files\Apple Software Update
      2007-12-01 11:34 --------- d-----w C:\Program Files\Fichiers communs\Apple
      2007-12-01 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
      2007-12-01 10:40 --------- d-----w C:\Documents and Settings\vincent\Application Data\Apple Computer
      2007-11-29 21:08 --------- d-----w C:\Program Files\Java
      2007-11-29 21:07 --------- d-----w C:\Program Files\Fichiers communs\Java
      2007-11-19 18:41 --------- d-----w C:\Documents and Settings\vincent\Application Data\Super-Cow
      2007-11-18 20:57 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
      2007-11-17 15:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2007-11-17 11:59 --------- d-----w C:\Program Files\Wedding Dash
      2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
      2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
      .
      [code]<pre>
      ----a-w 1,816,208 2008-01-14 20:04:09 C:\Program Files\a-squared Anti-Malware\a2guard .exe
      ----a-w 39,792 2008-01-13 10:25:41 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
      ----a-w 219,520 2008-01-13 10:26:18 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe
      ----a-w 180,224 2008-01-13 10:25:53 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB .EXE
      ----a-w 102,400 2008-01-13 10:25:52 C:\Program Files\Creative\SBLive\Program\AHQInit .exe
      ----a-w 157,592 2008-01-12 06:15:59 C:\Program Files\DAEMON Tools\daemon .exe
      ----a-w 61,440 2008-01-13 10:26:19 C:\Program Files\Dot1XCfg\Dot1XCfg .exe
      ----a-w 267,048 2008-01-13 10:25:43 C:\Program Files\iTunes\iTunesHelper .exe
      ----a-w 132,496 2008-01-13 10:25:43 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
      ----a-w 1,694,208 2008-01-13 10:26:17 C:\Program Files\Messenger\msmsgs .exe
      ----a-w 654,336 2008-01-14 13:26:53 C:\Program Files\QuickTime\qttask .exe
      ----a-w 654,336 2008-01-14 13:19:20 C:\Program Files\QuickTime\qttask .exe
      ----a-w 4,739,072 2008-01-12 22:39:14 C:\Program Files\Shareaza\Shareaza .exe
      ----a-w 1,318,912 2008-01-14 15:47:54 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
      ----a-w 90,112 2008-01-13 10:25:49 C:\WINDOWS\Updreg .exe
      ----a-w 155,648 2008-01-13 10:25:40 C:\WINDOWS\system32\NeroCheck .exe
      ----a-w 37,376 2008-01-14 19:54:59 C:\WINDOWS\system32\sysrest32 .exe
      ----a-w 684,290 2008-01-14 19:47:28 C:\WINDOWS\system32\drivers\hldrrr .exe
      </pre>[/code]


      ((((((((((((((((((((((((((((( snapshot_2008-01-14_20.33.31.05 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCB7D2D5-87A9-4936-8A72-C4FE625EF269}]
      2008-01-14 21:04 336896 --------- C:\WINDOWS\system32\xxwuu.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Realtime Audio Engine"="mmrtkrnl.exe" [2005-04-28 00:00 53248 C:\WINDOWS\system32\MMRTKRNL.EXE]
      "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
      "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-14 18:28 2177024]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
      "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 00:32 5537792]
      "nwiz"="nwiz.exe" [2005-02-24 00:32 1495040 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 00:32 86016]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

      [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
      "load"=C:\WINDOWS\system32\xxwuu.exe

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\xxwuu

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
      @="Driver"

      R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
      R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
      R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
      R2 Tdlpt;Tdlpt;C:\WINDOWS\system32\drivers\Tdlpt.sys [2001-10-16 12:58]
      R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
      S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" []
      S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
      S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-01-11 12:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-09 16:53:53 C:\WINDOWS\Tasks\At1.job"
      - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
      "2008-01-09 16:53:53 C:\WINDOWS\Tasks\At2.job"
      - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
      "2008-01-09 19:00:00 C:\WINDOWS\Tasks\At3.job"
      - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-14 21:05:20
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\WINDOWS\system32\xxwuu.dll
      .
      Completion time: 2008-01-14 21:14:15 - machine was rebooted [vincent]
      ComboFix-quarantined-files.txt 2008-01-14 20:13:56
      ComboFix2.txt 2008-01-14 15:02:10
      ComboFix3.txt 2008-01-14 11:04:55
      .
      2008-01-12 15:16:16 --- E O F ---
      0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    peux tu reposter un nouveau hijack this

    @+
    0
    1. vince59400
       
      J'ai l'impression que certains éléments reviennent

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:59:26, on 14/01/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      C:\Program Files\a-squared Anti-Malware\a2guard.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\a-squared Anti-Malware\a2guard .exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Sierra\Caesar IV\CaesarIV.exe
      C:\Program Files\Trend Micro\HijackThis\scan.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F3 - REG:win.ini: load=C:\WINDOWS\system32\xxwuu.exe
      O2 - BHO: (no name) - {FCB7D2D5-87A9-4936-8A72-C4FE625EF269} - C:\WINDOWS\system32\xxwuu.dll
      O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /b
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
      O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
      O15 - Trusted Zone: http://www.secuser.com
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut vince,

    oui ce n´est pas qu´une impression...

    on reessaie :

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\xxwuu.dll
    C:\WINDOWS\system32\xxwuu.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCB7D2D5-87A9-4936-8A72-C4FE625EF269}]
    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. vince59400
       
      Salut Girly,

      J'ai fait comme tu m'a demandé.
      Voici les rapports Combofix puis Hijackthis puis Kaspersky (il y en a déjà moins mais on dirait que Combofix est touché)

      @+

      ComboFix 08-01-14.4 - vincent 2008-01-15 17:40:16.6 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.445 [GMT 1:00]
      Running from: C:\Documents and Settings\vincent\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\vincent\Bureau\CFScript.txt

      [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

      FILE
      C:\WINDOWS\system32\xxwuu.dll
      C:\WINDOWS\system32\xxwuu.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\uuwxx.ini
      C:\WINDOWS\system32\uuwxx.ini2
      C:\WINDOWS\system32\xxwuu.dll
      C:\WINDOWS\system32\xxwuu.exe

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-01-15 15:18 . 2008-01-15 15:18 <REP> d-------- C:\Program Files\SEC
      2008-01-15 15:18 . 2003-02-24 16:20 827,392 -ra------ C:\WINDOWS\system32\Flash.ocx
      2008-01-15 15:18 . 2005-10-21 07:25 13,396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys
      2008-01-15 15:01 . 2008-01-15 15:01 30,208 --a------ C:\WINDOWS\system32\usb496.dat
      2008-01-15 14:51 . 2008-01-15 14:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
      2008-01-15 14:51 . 2008-01-15 14:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
      2008-01-14 14:24 . 2008-01-14 14:26 <REP> d-------- C:\WINDOWS\nview
      2008-01-14 14:24 . 2005-02-24 00:32 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
      2008-01-14 14:24 . 2005-02-24 00:32 14,435 --a------ C:\WINDOWS\system32\nvdisp.nvu
      2008-01-14 14:22 . 2004-05-02 09:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-01-14 12:00 . 2007-11-10 20:41 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-01-14 12:00 . 2007-11-10 21:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-01-14 11:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-14 11:28 . 2008-01-14 11:28 <REP> d-------- C:\Program Files\Trend Micro
      2008-01-14 09:58 . 2008-01-14 09:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-01-14 09:55 . 2008-01-14 16:51 <REP> d-------- C:\Program Files\SUPERAntiSpyware
      2008-01-14 09:55 . 2008-01-14 09:55 <REP> d-------- C:\Documents and Settings\vincent\Application Data\SUPERAntiSpyware.com
      2008-01-14 09:52 . 2008-01-14 09:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-01-13 21:35 . 2008-01-15 15:10 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-01-13 21:24 . 2008-01-13 21:31 <REP> d-------- C:\Program Files\RegCleaner
      2008-01-13 14:18 . 2008-01-13 14:18 <REP> d-------- C:\Muestras
      2008-01-13 11:22 . 2008-01-13 11:22 <REP> d-------- C:\Program Files\Kaspersky Lab
      2008-01-13 11:22 . 2008-01-15 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-01-13 11:22 . 2008-01-15 17:56 5,709,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
      2008-01-13 11:22 . 2008-01-15 17:56 133,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
      2008-01-13 11:22 . 2008-01-13 11:22 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
      2008-01-13 11:22 . 2008-01-13 11:22 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
      2008-01-13 11:22 . 2008-01-15 17:56 61,448 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
      2008-01-13 11:22 . 2008-01-15 17:56 13,556 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
      2008-01-13 11:18 . 2008-01-13 11:18 <REP> d-------- C:\kav
      2008-01-13 11:11 . 2008-01-14 23:37 50,251 --a------ C:\Program Files\update.zip
      2008-01-13 11:11 . 2008-01-15 17:47 37,376 --a------ C:\WINDOWS\system32\sysrest32 .exe
      2008-01-13 11:10 . 2008-01-15 16:12 18,300,416 --a------ C:\WINDOWS\system32\MRT.RB0
      2008-01-13 11:10 . 2008-01-15 01:00 1,026,560 --a------ C:\WINDOWS\system32\drivers\hldrrr.RB0
      2008-01-13 11:10 . 2008-01-15 17:42 684,290 --a------ C:\WINDOWS\system32\drivers\hldrrr .exe
      2008-01-13 11:10 . 2008-01-15 16:12 497,152 --a------ C:\WINDOWS\system32\NeroCheck.RB0
      2008-01-12 18:30 . 2008-01-13 09:41 14 --a------ C:\Documents and Settings\vincent\getfile.dat
      2008-01-12 15:27 . 2008-01-12 15:27 2,957 --a------ C:\WINDOWS\system32\x_dtrace_log
      2008-01-12 15:27 . 2008-01-12 15:27 14 --a------ C:\WINDOWS\system32\getfile.dat
      2008-01-12 13:44 . 2008-01-12 13:44 <REP> d-------- C:\WINDOWS\AU_Temp
      2008-01-12 13:44 . 2008-01-12 13:24 34,954,501 --a------ C:\WINDOWS\LPT$VPN.941
      2008-01-12 13:25 . 2008-01-12 13:25 <REP> d-------- C:\WINDOWS\report
      2008-01-12 13:24 . 2008-01-12 13:44 <REP> d-------- C:\WINDOWS\AU_Backup
      2008-01-12 13:24 . 2008-01-12 13:24 34,954,501 --a------ C:\WINDOWS\VPTNFILE.941
      2008-01-12 13:24 . 2008-01-12 13:24 1,909,671 --a------ C:\WINDOWS\tsc.ptn
      2008-01-12 13:24 . 2008-01-12 13:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
      2008-01-12 13:24 . 2008-01-12 13:24 267,845 --a------ C:\WINDOWS\tsc.exe
      2008-01-12 13:24 . 2008-01-12 13:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
      2008-01-12 13:24 . 2008-01-12 13:24 71,749 --a------ C:\WINDOWS\hcextoutput.dll
      2008-01-12 13:24 . 2008-01-12 13:45 823 --a------ C:\WINDOWS\tsc.ini
      2008-01-12 13:22 . 2008-01-12 13:22 <REP> d-------- C:\WINDOWS\AU_Log
      2008-01-12 13:22 . 2008-01-12 13:44 170 --a------ C:\WINDOWS\GetServer.ini
      2008-01-12 13:21 . 2008-01-12 13:21 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
      2008-01-12 13:21 . 2008-01-12 13:21 286,720 --a------ C:\WINDOWS\PATCH.EXE
      2008-01-12 13:21 . 2008-01-12 13:21 69,689 --a------ C:\WINDOWS\UNZIP.DLL
      2008-01-12 00:11 . 2008-01-12 00:11 698 --a------ C:\WINDOWS\system32\MRT.INI
      2008-01-12 00:00 . 2008-01-12 00:00 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
      2008-01-12 00:00 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
      2008-01-10 20:54 . 2008-01-10 21:02 <REP> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
      2008-01-10 20:54 . 2008-01-10 21:14 <REP> d-------- C:\Program Files\Minitab 15
      2008-01-10 20:54 . 2008-01-13 11:35 65 --a------ C:\WINDOWS\minitab.ini
      2008-01-09 18:45 . 2008-01-13 11:25 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
      2008-01-09 18:45 . 2008-01-13 11:25 90,112 --a------ C:\WINDOWS\Updreg .exe
      2008-01-09 17:57 . 2008-01-13 11:25 <REP> d-------- C:\Program Files\Dot1XCfg
      2008-01-09 15:52 . 2008-01-09 15:52 <REP> dr-h----- C:\Documents and Settings\vincent\Application Data\SecuROM
      2008-01-09 15:42 . 2008-01-09 17:59 <REP> d-------- C:\Program Files\Electronic Arts
      2008-01-09 15:31 . 2008-01-13 11:47 <REP> d-------- C:\Program Files\DAEMON Tools
      2008-01-08 12:08 . 2008-01-08 12:08 17,024 --a------ C:\Documents and Settings\vincent\Application Data\GDIPFONTCACHEV1.DAT
      2008-01-07 15:53 . 2008-01-07 15:53 <REP> d-------- C:\Documents and Settings\vincent\Application Data\InstallShield
      2008-01-07 15:50 . 2008-01-07 15:52 <REP> d--h----- C:\WINDOWS\msdownld.tmp
      2008-01-06 12:51 . 2008-01-06 18:05 <REP> d-------- C:\Documents and Settings\vincent\phelix
      2008-01-06 12:50 . 2008-01-06 12:50 <REP> d-------- C:\Program Files\Phonome Labs
      2008-01-03 14:46 . 2008-01-13 11:11 <REP> d-------- C:\Program Files\Shareaza
      2008-01-03 14:46 . 2008-01-14 08:50 <REP> d-------- C:\Documents and Settings\vincent\Application Data\Shareaza
      2007-12-31 09:30 . 2008-01-13 11:10 <REP> d-------- C:\WINDOWS\system32\drivers\down
      2007-12-31 09:24 . 2007-12-31 10:20 <REP> d-------- C:\Program Files\MixVibesPro5
      2007-12-30 23:53 . 2007-12-31 00:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-30 23:35 . 2007-12-30 23:35 <REP> d--hs---- C:\WINDOWS\ftpcache
      2007-12-30 23:35 . 2007-12-30 23:35 280 --a------ C:\WINDOWS\game.ini
      2007-12-30 23:31 . 2007-12-30 23:31 <REP> d-------- C:\Program Files\Activision
      2007-12-30 22:07 . 2007-12-30 23:31 36 --a------ C:\WINDOWS\plugSpk.INI
      2007-12-30 21:54 . 1999-10-11 02:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
      2007-12-30 21:53 . 2000-04-13 09:05 424,960 --a------ C:\WINDOWS\system32\MSMS001.vwp
      2007-12-30 21:53 . 2000-04-13 09:05 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
      2007-12-30 21:53 . 2000-04-13 09:05 281,600 --a------ C:\WINDOWS\system32\Mvoice.vwp
      2007-12-30 21:53 . 2000-04-13 09:05 278,016 --a------ C:\WINDOWS\system32\VCT3216.dll
      2007-12-30 21:53 . 2000-04-13 09:05 82,944 --a------ C:\WINDOWS\system32\VCT3216.acm
      2007-12-30 21:53 . 2000-04-13 09:05 29,184 --a------ C:\WINDOWS\system32\popup.ocx
      2007-12-30 21:50 . 1999-01-21 18:31 2,259,070 --a------ C:\WINDOWS\system32\drivers\eapci2m.ecw
      2007-12-30 21:50 . 2001-08-14 16:17 775,296 --a------ C:\WINDOWS\system32\drivers\emu10k1f.sys
      2007-12-30 21:50 . 1998-10-14 17:03 59,392 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll
      2007-12-30 21:50 . 1998-10-14 17:03 59,392 --a------ C:\WINDOWS\system32\a3d.dll
      2007-12-30 21:50 . 2001-08-31 14:37 36,992 --a------ C:\WINDOWS\system32\drivers\sfman.sys
      2007-12-30 21:50 . 2001-07-11 12:34 6,912 --a------ C:\WINDOWS\system32\drivers\ctlface.sys
      2007-12-30 21:48 . 1998-01-08 01:00 1,048,576 --a------ C:\WINDOWS\system32\sfman.dat

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-15 14:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-15 13:47 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-01-14 14:29 --------- d-----w C:\Program Files\QuickTime
      2008-01-14 13:43 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2008-01-14 13:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-01-13 10:25 --------- d-----w C:\Program Files\iTunes
      2008-01-13 10:19 --------- d-----w C:\Program Files\Alwil Software
      2008-01-10 17:11 10 ----a-w C:\Program Files\.autoreg
      2008-01-09 14:16 --------- d-----w C:\Documents and Settings\vincent\Application Data\Ahead
      2008-01-07 14:54 --------- d-----w C:\Program Files\Sierra
      2008-01-03 22:01 --------- d-----w C:\Program Files\VstPlugins
      2007-12-29 15:54 --------- d-----w C:\Documents and Settings\vincent\Application Data\PlayFirst
      2007-12-29 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
      2007-12-24 13:18 --------- d-----w C:\Program Files\Image-Line
      2007-12-16 01:12 --------- d-----w C:\Program Files\ALCATech
      2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
      2007-12-08 21:25 --------- d-----w C:\Documents and Settings\vincent\Application Data\GetRightToGo
      2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
      2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
      2007-12-01 11:38 --------- d-----w C:\Program Files\iPod
      2007-12-01 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2007-12-01 11:35 --------- d-----w C:\Program Files\Apple Software Update
      2007-12-01 11:34 --------- d-----w C:\Program Files\Fichiers communs\Apple
      2007-12-01 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
      2007-12-01 10:40 --------- d-----w C:\Documents and Settings\vincent\Application Data\Apple Computer
      2007-11-29 21:08 --------- d-----w C:\Program Files\Java
      2007-11-29 21:07 --------- d-----w C:\Program Files\Fichiers communs\Java
      2007-11-19 18:41 --------- d-----w C:\Documents and Settings\vincent\Application Data\Super-Cow
      2007-11-18 20:57 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
      2007-11-17 15:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2007-11-17 11:59 --------- d-----w C:\Program Files\Wedding Dash
      2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
      2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
      .
      [code]<pre>
      ----a-w 1,816,208 2008-01-15 13:51:00 C:\Program Files\a-squared Anti-Malware\a2guard .exe
      ----a-w 39,792 2008-01-13 10:25:41 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
      ----a-w 219,520 2008-01-13 10:26:18 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe
      ----a-w 180,224 2008-01-13 10:25:53 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB .EXE
      ----a-w 102,400 2008-01-13 10:25:52 C:\Program Files\Creative\SBLive\Program\AHQInit .exe
      ----a-w 157,592 2008-01-12 06:15:59 C:\Program Files\DAEMON Tools\daemon .exe
      ----a-w 61,440 2008-01-13 10:26:19 C:\Program Files\Dot1XCfg\Dot1XCfg .exe
      ----a-w 267,048 2008-01-13 10:25:43 C:\Program Files\iTunes\iTunesHelper .exe
      ----a-w 132,496 2008-01-13 10:25:43 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
      ----a-w 1,694,208 2008-01-13 10:26:17 C:\Program Files\Messenger\msmsgs .exe
      ----a-w 654,336 2008-01-14 23:36:23 C:\Program Files\QuickTime\qttask .exe
      ----a-w 654,336 2008-01-14 23:36:24 C:\Program Files\QuickTime\qttask .exe
      ----a-w 4,739,072 2008-01-12 22:39:14 C:\Program Files\Shareaza\Shareaza .exe
      ----a-w 1,318,912 2008-01-14 15:47:54 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
      ----a-w 90,112 2008-01-13 10:25:49 C:\WINDOWS\Updreg .exe
      ----a-w 155,648 2008-01-13 10:25:40 C:\WINDOWS\system32\NeroCheck .exe
      ----a-w 37,376 2008-01-15 16:47:56 C:\WINDOWS\system32\sysrest32 .exe
      ----a-w 684,290 2008-01-15 16:42:25 C:\WINDOWS\system32\drivers\hldrrr .exe
      </pre>[/code]


      ((((((((((((((((((((((((((((( snapshot_2008-01-14_20.33.31.05 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-01-14 15:29:31 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
      + 2008-01-15 16:33:34 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
      - 2008-01-14 15:29:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
      + 2008-01-15 16:33:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
      - 2008-01-14 15:29:31 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
      + 2008-01-15 16:33:35 3,891,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
      - 2008-01-14 15:29:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
      + 2008-01-15 16:33:35 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
      - 2008-01-14 15:29:31 3,817,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
      + 2008-01-15 16:33:35 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
      - 2008-01-14 15:29:31 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
      + 2008-01-15 16:33:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
      + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
      - 2008-01-14 10:30:27 471,556 ----a-w C:\WINDOWS\system32\drivers\down\102111879.exe
      + 2008-01-15 00:00:35 471,556 ----a-w C:\WINDOWS\system32\drivers\down\102111879.exe
      - 2008-01-14 10:30:28 471,556 ----a-w C:\WINDOWS\system32\drivers\down\102119419.exe
      + 2008-01-15 00:00:35 471,556 ----a-w C:\WINDOWS\system32\drivers\down\102119419.exe
      - 2008-01-14 10:30:28 471,556 ----a-w C:\WINDOWS\system32\drivers\down\116711342.exe
      + 2008-01-15 00:00:37 471,556 ----a-w C:\WINDOWS\system32\drivers\down\116711342.exe
      - 2008-01-14 10:30:29 471,556 ----a-w C:\WINDOWS\system32\drivers\down\118270.exe
      + 2008-01-15 00:00:38 471,556 ----a-w C:\WINDOWS\system32\drivers\down\118270.exe
      - 2008-01-14 10:30:30 471,556 ----a-w C:\WINDOWS\system32\drivers\down\131905800.exe
      + 2008-01-15 00:00:39 471,556 ----a-w C:\WINDOWS\system32\drivers\down\131905800.exe
      - 2008-01-14 10:30:31 471,556 ----a-w C:\WINDOWS\system32\drivers\down\14598731.exe
      + 2008-01-15 00:00:41 471,556 ----a-w C:\WINDOWS\system32\drivers\down\14598731.exe
      - 2008-01-14 10:30:31 458,244 ----a-w C:\WINDOWS\system32\drivers\down\14650135.exe
      + 2008-01-15 00:00:42 458,244 ----a-w C:\WINDOWS\system32\drivers\down\14650135.exe
      - 2008-01-14 10:30:31 471,556 ----a-w C:\WINDOWS\system32\drivers\down\146510240.exe
      + 2008-01-15 00:00:42 471,556 ----a-w C:\WINDOWS\system32\drivers\down\146510240.exe
      - 2008-01-14 10:30:32 471,556 ----a-w C:\WINDOWS\system32\drivers\down\14679698.exe
      + 2008-01-15 00:00:44 471,556 ----a-w C:\WINDOWS\system32\drivers\down\14679698.exe
      - 2008-01-14 10:30:33 471,556 ----a-w C:\WINDOWS\system32\drivers\down\160473839.exe
      + 2008-01-15 00:00:46 471,556 ----a-w C:\WINDOWS\system32\drivers\down\160473839.exe
      - 2008-01-14 10:30:33 471,556 ----a-w C:\WINDOWS\system32\drivers\down\161059681.exe
      + 2008-01-15 00:00:47 471,556 ----a-w C:\WINDOWS\system32\drivers\down\161059681.exe
      - 2008-01-14 10:30:34 471,556 ----a-w C:\WINDOWS\system32\drivers\down\161089774.exe
      + 2008-01-15 00:00:47 471,556 ----a-w C:\WINDOWS\system32\drivers\down\161089774.exe
      - 2008-01-14 10:30:34 471,556 ----a-w C:\WINDOWS\system32\drivers\down\174983683.exe
      + 2008-01-15 00:00:48 471,556 ----a-w C:\WINDOWS\system32\drivers\down\174983683.exe
      - 2008-01-14 10:30:34 471,556 ----a-w C:\WINDOWS\system32\drivers\down\174989972.exe
      + 2008-01-15 00:00:48 471,556 ----a-w C:\WINDOWS\system32\drivers\down\174989972.exe
      - 2008-01-14 10:30:35 471,556 ----a-w C:\WINDOWS\system32\drivers\down\175718089.exe
      + 2008-01-15 00:00:49 471,556 ----a-w C:\WINDOWS\system32\drivers\down\175718089.exe
      - 2008-01-14 10:30:35 471,556 ----a-w C:\WINDOWS\system32\drivers\down\189510251.exe
      + 2008-01-15 00:00:50 471,556 ----a-w C:\WINDOWS\system32\drivers\down\189510251.exe
      - 2008-01-14 10:30:36 471,556 ----a-w C:\WINDOWS\system32\drivers\down\190247371.exe
      + 2008-01-15 00:00:51 471,556 ----a-w C:\WINDOWS\system32\drivers\down\190247371.exe
      - 2008-01-14 10:30:36 471,556 ----a-w C:\WINDOWS\system32\drivers\down\204203629.exe
      + 2008-01-15 00:00:52 471,556 ----a-w C:\WINDOWS\system32\drivers\down\204203629.exe
      - 2008-01-14 10:30:37 471,556 ----a-w C:\WINDOWS\system32\drivers\down\204943172.exe
      + 2008-01-15 00:00:53 471,556 ----a-w C:\WINDOWS\system32\drivers\down\204943172.exe
      - 2008-01-14 10:30:37 471,556 ----a-w C:\WINDOWS\system32\drivers\down\218848407.exe
      + 2008-01-15 00:00:54 471,556 ----a-w C:\WINDOWS\system32\drivers\down\218848407.exe
      - 2008-01-14 10:30:37 471,556 ----a-w C:\WINDOWS\system32\drivers\down\219695585.exe
      + 2008-01-15 00:00:54 471,556 ----a-w C:\WINDOWS\system32\drivers\down\219695585.exe
      - 2008-01-14 10:30:38 471,556 ----a-w C:\WINDOWS\system32\drivers\down\234333253.exe
      + 2008-01-15 00:00:56 471,556 ----a-w C:\WINDOWS\system32\drivers\down\234333253.exe
      - 2008-01-14 10:30:38 471,556 ----a-w C:\WINDOWS\system32\drivers\down\234350858.exe
      + 2008-01-15 00:00:56 471,556 ----a-w C:\WINDOWS\system32\drivers\down\234350858.exe
      - 2008-01-14 10:30:39 471,556 ----a-w C:\WINDOWS\system32\drivers\down\249005941.exe
      + 2008-01-15 00:00:57 471,556 ----a-w C:\WINDOWS\system32\drivers\down\249005941.exe
      - 2008-01-14 10:30:40 471,556 ----a-w C:\WINDOWS\system32\drivers\down\262435932.exe
      + 2008-01-15 00:00:58 471,556 ----a-w C:\WINDOWS\system32\drivers\down\262435932.exe
      - 2008-01-14 10:30:40 471,556 ----a-w C:\WINDOWS\system32\drivers\down\277135229.exe
      + 2008-01-15 00:00:59 471,556 ----a-w C:\WINDOWS\system32\drivers\down\277135229.exe
      - 2008-01-14 10:30:41 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29147551.exe
      + 2008-01-15 00:01:00 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29147551.exe
      - 2008-01-14 10:30:41 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29268896.exe
      + 2008-01-15 00:01:01 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29268896.exe
      - 2008-01-14 10:30:41 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29275245.exe
      + 2008-01-15 00:01:01 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29275245.exe
      - 2008-01-14 10:30:42 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29396199.exe
      + 2008-01-15 00:01:02 471,556 ----a-w C:\WINDOWS\system32\drivers\down\29396199.exe
      - 2008-01-14 10:30:42 471,556 ----a-w C:\WINDOWS\system32\drivers\down\43846247.exe
      + 2008-01-15 00:01:03 471,556 ----a-w C:\WINDOWS\system32\drivers\down\43846247.exe
      - 2008-01-14 10:30:43 471,556 ----a-w C:\WINDOWS\system32\drivers\down\43988111.exe
      + 2008-01-15 00:01:04 471,556 ----a-w C:\WINDOWS\system32\drivers\down\43988111.exe
      - 2008-01-14 10:30:43 471,556 ----a-w C:\WINDOWS\system32\drivers\down\56621.exe
      + 2008-01-15 00:01:04 471,556 ----a-w C:\WINDOWS\system32\drivers\down\56621.exe
      - 2008-01-14 10:30:44 471,556 ----a-w C:\WINDOWS\system32\drivers\down\58505085.exe
      + 2008-01-15 00:01:05 471,556 ----a-w C:\WINDOWS\system32\drivers\down\58505085.exe
      - 2008-01-14 10:30:44 471,556 ----a-w C:\WINDOWS\system32\drivers\down\67657.exe
      + 2008-01-15 00:01:07 471,556 ----a-w C:\WINDOWS\system32\drivers\down\67657.exe
      - 2008-01-14 10:30:44 471,556 ----a-w C:\WINDOWS\system32\drivers\down\72733014.exe
      + 2008-01-15 00:01:07 471,556 ----a-w C:\WINDOWS\system32\drivers\down\72733014.exe
      - 2008-01-14 10:30:45 471,556 ----a-w C:\WINDOWS\system32\drivers\down\73010112.exe
      + 2008-01-15 00:01:08 471,556 ----a-w C:\WINDOWS\system32\drivers\down\73010112.exe
      - 2008-01-14 10:30:46 471,556 ----a-w C:\WINDOWS\system32\drivers\down\82999.exe
      + 2008-01-15 00:01:09 471,556 ----a-w C:\WINDOWS\system32\drivers\down\82999.exe
      - 2008-01-14 10:30:46 471,556 ----a-w C:\WINDOWS\system32\drivers\down\83199.exe
      + 2008-01-15 00:01:09 471,556 ----a-w C:\WINDOWS\system32\drivers\down\83199.exe
      - 2008-01-14 10:30:46 471,556 ----a-w C:\WINDOWS\system32\drivers\down\87529160.exe
      + 2008-01-15 00:01:09 471,556 ----a-w C:\WINDOWS\system32\drivers\down\87529160.exe
      - 2008-01-14 10:30:46 471,556 ----a-w C:\WINDOWS\system32\drivers\down\87540686.exe
      + 2008-01-15 00:01:09 471,556 ----a-w C:\WINDOWS\system32\drivers\down\87540686.exe
      - 2008-01-14 17:33:07 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-01-15 16:02:11 58,732 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-01-14 17:33:08 71,488 ----a-w C:\WINDOWS\system32\perfc00C.dat
      + 2008-01-15 16:02:11 71,488 ----a-w C:\WINDOWS\system32\perfc00C.dat
      - 2008-01-14 17:33:07 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-01-15 16:02:11 392,432 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-01-14 17:33:09 458,648 ----a-w C:\WINDOWS\system32\perfh00C.dat
      + 2008-01-15 16:02:11 458,648 ----a-w C:\WINDOWS\system32\perfh00C.dat
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Realtime Audio Engine"="mmrtkrnl.exe" [2005-04-28 00:00 53248 C:\WINDOWS\system32\MMRTKRNL.EXE]
      "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
      "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 00:32 5537792]
      "nwiz"="nwiz.exe" [2005-02-24 00:32 1495040 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 00:32 86016]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
      @="Driver"

      R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
      R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
      R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
      R2 Tdlpt;Tdlpt;C:\WINDOWS\system32\drivers\Tdlpt.sys [2001-10-16 12:58]
      R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
      S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" []
      S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
      S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-01-11 12:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-09 16:53:53 C:\WINDOWS\Tasks\At1.job"
      - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
      "2008-01-09 16:53:53 C:\WINDOWS\Tasks\At2.job"
      - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
      "2008-01-09 19:00:00 C:\WINDOWS\Tasks\At3.job"
      - C:\Documents and Settings\vincent\Application Data\wunauclt.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-15 17:57:24
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2008-01-15 18:03:54 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-15 17:03:47
      ComboFix2.txt 2008-01-14 20:14:19
      ComboFix3.txt 2008-01-14 15:02:10
      ComboFix4.txt 2008-01-14 11:04:55
      .
      2008-01-12 15:16:16 --- E O F ---
      ____________________________________________________________________________________________________________


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:08:01, on 15/01/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /b
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: NCProTray.lnk = ?
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
      O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
      O15 - Trusted Zone: http://www.secuser.com
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe (file missing)
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    kaspersky ne doit pas trop aimer combofix, c´est pour cela qu´il le signal...

    peux faire analyser les fichiers decouvert par kaspersky sur virus total et poster les rapport ici :

    C:\WINDOWS\system32\findstr.exe
    C:\DOCUME~1\VINCENT\LOCALS~1\TEMP\RCX9.TMP

    https://www.virustotal.com/gui/

    @+
    0
    1. vince59400
       
      Voici les résultats d'analyse pour C:\WINDOWS\system32\findstr.exe

      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.1.16.10 2008.01.15 -
      AntiVir 7.6.0.48 2008.01.15 -
      Authentium 4.93.8 2008.01.13 -
      Avast 4.7.1098.0 2008.01.14 -
      AVG 7.5.0.516 2008.01.14 -
      BitDefender 7.2 2008.01.15 -
      CAT-QuickHeal 9.00 2008.01.15 -
      ClamAV 0.91.2 2008.01.14 -
      DrWeb 4.44.0.09170 2008.01.15 -
      eSafe 7.0.15.0 2008.01.14 -
      eTrust-Vet 31.3.5459 2008.01.15 -
      Ewido 4.0 2008.01.15 -
      FileAdvisor 1 2008.01.15 -
      Fortinet 3.14.0.0 2008.01.15 -
      F-Prot 4.4.2.54 2008.01.14 -
      F-Secure 6.70.13030.0 2008.01.15 -
      Ikarus T3.1.1.20 2008.01.15 -
      Kaspersky 7.0.0.125 2008.01.15 -
      McAfee 5208 2008.01.15 -
      Microsoft 1.3109 2008.01.15 -
      NOD32v2 2793 2008.01.15 -
      Norman 5.80.02 2008.01.15 -
      Panda 9.0.0.4 2008.01.14 -
      Prevx1 V2 2008.01.15 -
      Rising 20.27.12.00 2008.01.15 -
      Sophos 4.24.0 2008.01.15 -
      Sunbelt 2.2.907.0 2008.01.15 -
      Symantec 10 2008.01.15 -
      TheHacker 6.2.9.187 2008.01.13 -
      VBA32 3.12.2.5 2008.01.13 -
      VirusBuster 4.3.26:9 2008.01.15 -
      Webwasher-Gateway 6.6.2 2008.01.15 -
      Information additionnelle
      File size: 29184 bytes
      MD5: eebd08dfa30456e77ec2bd527af7145d
      SHA1: e9106266fd84c7025ed6c041d68d1154648a3f37
      PEiD: -
      0
    2. vince59400
       
      Par contre impossible de trouver le second fichier (ni le dossier dans lequel il est censé se trouver).
      J'ai fait une recherche avec l'explorateur sans résultat aussi.

      @+
      0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    ok

    fais ceci :

    nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

    http://www.infosecu.fr/atf.html

    telecharge le ici :

    http://serveur1.archive-host.com/membres/up/1366464061/ATF-Cleaner.rar

    et fais ce scan en ligne, on y verra plus claire :

    Scan en ligne bitdefender :

    https://www.bitdefender.com/toolbox/

    Clicker sur " I agree " et suivre les indications

    A faire imperativement sous internet explorer, en acceptant l´activ x

    tutoriel en image en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    post le rapport ici stp

    @+
    0
    1. vince59400
       
      Salut G!irly,

      L'analyse est enfin terminée (environ 7heures!!), voici le résultat avec Bit Defender.

      @+


      HTML>
      <HEAD>
      <TITLE>BitDefender Online Scanner -Scan Report</TITLE>
      <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
      <meta name="generator" content="Namo WebEditor v5.0(Trial)">
      </HEAD>
      <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


      <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
      <tr>
      <td width="458">
      <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
      Online Scanner</b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>
      <tr>
      <td colspan="3" width="912">
      <p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
      at: Wed, Jan 16, 2008 - 15:07:55</b></span></font></p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B>Scan
      path: </b></span><span style="font-size:10pt;">C:\;</span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Statistics</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Time</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">05:56:32</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Files</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">310726</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Folders</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">5274</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Boot Sectors</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">5</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Archives</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">25435</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Packed Files</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">13523</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>



      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Results</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Identified Viruses </font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">2</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Infected Files </font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">4</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Suspect Files </font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">0</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Warnings</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">0</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Disinfected</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">0</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Deleted Files</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">0</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Engines Info</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Virus Definitions</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">890451</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Engine build</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Scan plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">14</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Archive plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">38</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Unpack plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">7</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">E-mail plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">6</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">System plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">1</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">First Action</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Disinfect</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Second Action</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Delete</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Heuristics</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Yes</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Enable Warnings</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Yes</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Scanned Extensions</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">*;</font></p>
      </td>
      </tr>

      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Exclude Extensions</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2"> </font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Scan Emails</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Yes</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Scan Archives</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Yes</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Scan Packed</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Yes</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Scan Files</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Yes</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Scan Boot</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Yes</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td colspan=2>  
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="252" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Scanned File</b></font></p>
      </td>
      <td width="195" bgcolor="#CCCCCC" align="right">
      <p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infected with: Trojan.Vundo.DVD</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Disinfection failed</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Delete failed</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infected with: Trojan.Vundo.DVO</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Disinfection failed</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Delete failed</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\604.0C71A4C001C85817.history\000001f0.bak</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infected with: Trojan.Vundo.DVD</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\604.0C71A4C001C85817.history\000001f0.bak</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Disinfection failed</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\604.0C71A4C001C85817.history\000001f0.bak</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Delete failed</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\604.0C71A4C001C85817.history\000001f1.bak</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infected with: Trojan.Vundo.DVO</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\604.0C71A4C001C85817.history\000001f1.bak</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Disinfection failed</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\604.0C71A4C001C85817.history\000001f1.bak</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Delete failed</font></p>
      </td>
      </tr>
      </table>
      </td>

      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      </table>
      <p> </p>

      </body>
      </html>
      0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonsoir vince,

    comme tu voie le rapport est illisible, peux tu le reposter stp si tu as moyen...

    @+
    0
    1. vince59400
       
      bonsoir g!rly,

      Je n'ai scanné que la partie où avaient été décelé les virus.

      Voici le rapport

      Scanned File


      Status

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq


      Infected with: Trojan.Vundo.DVD

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq


      Disinfection failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq


      Delete failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq


      Infected with: Trojan.Vundo.DVO

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq


      Disinfection failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq


      Delete failed



      Tous les virus sont dans Kaspersky.

      @+
      Vince
      0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    oui apparament, ce sont les backups, vide la quarantaine...

    mais il serait bien de faire une analyse complete de ton pc avec bitdefender.

    @+
    0
    1. vince59400
       
      Salut G!rly,

      J'ai bien réalisé une analyse complète pour le premier rapport (celui qui était illisible); j'avais remarqué que tous les fichiers infectés étaient localisés au même endroit.
      Mon souci est de pouvoir supprimer la quarantaine, je ne trouve pas l'option dans Kaspersky et la suppression des fichiers en manuel est impossible.

      @+
      Vince
      0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut vince,

    ok pour le scan complet.

    tu n´as pas un onglet quarantaine dans kaspersky ?

    @+
    0
    1. vince59400
       
      C'est bon j'ai trouvé comment supprimer la quarantaine.
      J'ai ensuite relancé un scan Kaspersky qui me retrouve les mêmes fichiers, annonce qu'ils seront supprimés au prochain redémarrage mais ils sont toujours là.

      Je relancerai un scan BD en ligne ce soir.

      Vince
      0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    oui ok, cette fois ci colle le rapport de facon a ce qu´il soit visible ;-)

    @+
    0
    1. vince59400
       
      Salut G!rly,

      Voici le rapport BD en ligne.
      Il s'agit des mêmes fichiers de la quarantaine de kaspersky que j'ai supprimé mais qui reviennent à chaque fois.
      Par contre dans l'onglet "Dossiers de sauvegarde" de Kaspersky, il reste plein de fichiers infectés; C'est gênant?

      Mon PC est toujours très lent (Je sais que c'est pas une bête de course; mais c'est pas comme avant)

      BitDefender Online Scanner

      Scan report generated at: Fri, Jan 18, 2008 - 10:03:02

      Scan path: A:\;C:\;D:\;E:\;F:\;G:\;O:\;


      Statistics

      Time


      10:31:46

      Files


      369806

      Folders


      6335

      Boot Sectors


      5

      Archives


      17603

      Packed Files


      15108







      Results

      Identified Viruses


      2

      Infected Files


      3

      Suspect Files


      0

      Warnings


      0

      Disinfected


      0

      Deleted Files


      0







      Engines Info

      Virus Definitions


      891901

      Engine build


      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Scan plugins


      14

      Archive plugins


      38

      Unpack plugins


      7

      E-mail plugins


      6

      System plugins


      1







      Scan Settings

      First Action


      Disinfect

      Second Action


      Delete

      Heuristics


      Yes

      Enable Warnings


      Yes

      Scanned Extensions


      *;

      Exclude Extensions




      Scan Emails


      Yes

      Scan Archives


      Yes

      Scan Packed


      Yes

      Scan Files


      Yes

      Scan Boot


      Yes








      Scanned File


      Status

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq


      Infected with: Trojan.Vundo.DVD

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq


      Disinfection failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\d5c31f3ec4af6653.klq


      Delete failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq


      Infected with: Trojan.Vundo.DVO

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq


      Disinfection failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Backup\eb67b54af73d6b7d.klq


      Delete failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\d60.2ACBA93001C85958.history\000001e3.bak


      Infected with: Trojan.Vundo.DVO

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\d60.2ACBA93001C85958.history\000001e3.bak


      Disinfection failed

      C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\d60.2ACBA93001C85958.history\000001e3.bak


      Delete failed
      0
  20. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut vince,

    oui je voie ca, il sont dans la quarantaine de kaspersky...

    on est bien d´accord ce sont toujours les memes, tu les supprime et ils reviennent ?

    @+
    0
    1. vince59400
       
      Tout à fait, je les supprime dans l'onglet quarantaine de K et ils reviennent.

      @+
      0
  21. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    c´est a se taper la tete contre les murs...

    essaie comme ceci :

    tu dois pouvoir faire un reglage dans kis, genre premiere action et deuxieme action; toi tu veux comme premiere action "supprimer" et pas quarantaine...
    supprime en suite les fichiers comme tu l´as deja fais et voie ce qui ce passe...

    dis moi

    @+
    0
    1. vince59400
       
      Salut G!rly,

      J'ai relancé les analyses K en ayant modifié les option de traitement, à première vue cela semble fonctionner.
      Une dernière analyse K est en cours pour confirmer les bons résultats et je t'en ferai part

      @+
      Vince
      0
  • 1
  • 2