lsass.exe detecté comme un trojan!!!! Résolu/Fermé

Question

Bonjour,
    

mon bitdefenter total security a detecté les fichier suivants "lsass.exe,lsas.exe" comme des trojans le premier est installé dans ce repertoire "c:\windows\inf\" et le deuxieme dans le rep "c:\windows\system32" donc j'arrive pas a eteindre at allumé mon ordinateur normalement avec certaine message d'erreurs .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:01, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\inf\Lsass.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\inf\Lsass.exe
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com127.0.0.1 update.bitdefender.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SystemFile] C:\WINDOWS\system32\Lsas.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

g!rly · Answer

salut

a l´aide de hijack this coche et fix les lignes suivantes :

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\inf\Lsass.exe
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com127.0.0.1 update.bitdefender.com

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

puis fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

ps : quitte ton navigateur et tes application et arrete bitdefender le temps du scan et ne touche a rien meme pas la sourie, apres le scan redemarre bit defender et reconnecte toi pour m´envoyer le rapport de combofix

@+

sat4all · Answer

merci de votre aide mon ami et voila le rapport du combofix scan: ComboFix 08-02.05.3 - ABDESSAMAD 2008-02-07 11:44:37.1 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1256.212.1036.18.803 [GMT 0:00] Endroit: C:\Documents and Settings\ABDESSAMAD\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\ABDESSAMAD\Application Data\inst.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))))))) . 2008-02-06 22:26 . 2008-02-06 22:26 d-------- C:\Program Files\Trend Micro 2008-02-06 18:53 . 2008-02-06 19:29 d-------- C:\Dreambox 2008-02-06 11:00 . 2008-02-02 03:11 204,960 --a------ C:\WINDOWS\system32\Lsas.exe 2008-02-05 16:12 . 2008-02-02 03:11 204,960 --a------ C:\WINDOWS\system32\Lsast.exe 2008-02-05 00:02 . 2008-02-05 00:02 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-04 14:29 . 2008-02-04 14:49 d-------- C:\dvbdream 2008-02-03 21:23 . 2008-02-03 21:23 d-------- C:\Program Files\Windows Defender 2008-02-03 09:54 . 2008-02-03 09:54 d-------- C:\Program Files\MegauploadToolbar 2008-02-03 09:54 . 2008-02-03 09:56 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\MegauploadToolbar 2008-02-02 20:28 . 2008-02-02 20:44 d-------- C:\ProgDVB 2008-02-02 20:20 . 2008-02-02 03:11 204,960 --a------ C:\WINDOWS\system32\svshoct.exe 2008-02-02 19:26 . 2008-02-02 19:26 d-------- C:\Program Files\Fichiers communs\Elecard 2008-02-02 19:26 . 2008-02-02 19:26 d-------- C:\Program Files\Elecard 2008-01-31 12:27 . 2008-01-31 12:27 d-------- C:\Program Files\Complete File Renamer 2.0 2008-01-30 23:03 . 2008-01-30 23:04 d-------- C:\Program Files\FastStone Photo Resizer 2008-01-30 19:10 . 2002-07-03 11:44 53,248 --a------ C:\WINDOWS\amcap.exe 2008-01-29 21:43 . 2008-01-29 21:43 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-01-24 14:52 . 2008-01-24 14:52 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\vlc 2008-01-24 14:51 . 2008-01-24 14:51 d-------- C:\Program Files\VideoLAN 2008-01-24 14:48 . 2008-02-03 09:31 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\OfficeUpdate12 2008-01-24 14:25 . 2008-01-24 14:25 d-------- C:\Program Files\Common Files 2008-01-24 14:22 . 2008-01-24 14:22 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-01-23 21:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-01-23 13:06 . 2008-01-08 12:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll 2008-01-23 09:46 . 2008-01-23 09:46 d-------- C:\Program Files\KONAMI 2008-01-21 20:50 . 2008-01-21 20:50 d-------- C:\Program Files\Apple Software Update 2008-01-21 20:50 . 2008-01-21 20:50 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-01-21 18:05 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe 2008-01-19 00:26 . 2008-01-19 00:31 d-------- C: mp 2008-01-18 14:49 . 2008-01-18 14:49 d-------- C:\Documents and Settings\LocalService\Menu Démarrer 2008-01-17 14:35 . 2008-01-17 14:35 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-01-17 14:35 . 2008-01-18 17:10 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\Azureus 2008-01-16 22:10 . 2008-01-16 22:11 d-------- C:\Program Files\Gbox Share Control 2008-01-16 22:10 . 1998-04-26 23:00 570,128 --a------ C:\WINDOWS\system32\dao350.dll 2008-01-16 22:10 . 2006-12-26 14:09 536,576 --a------ C:\WINDOWS\system32\msado15.dll 2008-01-16 22:10 . 2000-05-22 16:58 244,416 --a------ C:\WINDOWS\system32\msflxgrd.ocx 2008-01-16 22:10 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx 2008-01-16 22:10 . 1998-06-24 00:00 140,096 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-01-16 22:10 . 2007-10-13 03:10 137,728 --a------ C:\WINDOWS\system32 mchart.dll 2008-01-16 22:10 . 1998-06-24 00:00 118,064 --a------ C:\WINDOWS\system32\MSADODC.OCX 2008-01-16 22:10 . 1998-06-17 23:00 77,824 --a------ C:\WINDOWS\system32\MSBIND.DLL 2008-01-16 22:10 . 2002-03-15 14:25 53,248 --a------ C:\WINDOWS\system32\AnimatedGif.ocx 2008-01-16 14:05 . 2008-01-16 14:05 d-------- C:\WINDOWS\NgrabLite 2008-01-16 14:05 . 2008-01-16 14:05 d-------- C:\Program Files\NgrabLite 2008-01-16 12:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-16 12:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-16 11:31 . 2008-01-16 11:31 d-------- C:\WINDOWS\Sun 2008-01-15 22:38 . 2008-01-15 22:41 d-------- C:\Program Files\xampplite 2008-01-15 22:05 . 2008-02-03 23:05 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\FileZilla 2008-01-15 22:03 . 2008-01-15 22:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-15 22:03 . 2008-01-15 22:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 21:58 . 2008-02-07 00:32 9,535 --a------ C:\WINDOWS\system32\DigListA.lst 2008-01-15 21:40 . 2008-01-15 21:40 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\Leadertech 2008-01-15 21:35 . 2008-02-07 11:39 121 --a------ C:\WINDOWS\bdagent.INI 2008-01-15 21:11 . 2008-01-15 21:11 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\BitDefender 2008-01-15 21:10 . 2008-01-15 21:11 d-------- C:\Program Files\BitDefender 2008-01-15 21:10 . 2008-01-15 21:47 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-01-15 21:09 . 2008-01-15 21:10 d-------- C:\Program Files\Fichiers communs\BitDefender 2008-01-15 21:07 . 2008-01-30 09:55 d-------- C:\Program Files\Internet Download Manager 2008-01-15 21:07 . 2008-01-30 00:54 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\IDM 2008-01-15 21:07 . 2008-02-07 11:00 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\DMCache 2008-01-15 20:54 . 2008-01-15 21:03 d-------- C:\Program Files\Fichiers communs\Adobe 2008-01-15 20:52 . 2008-01-30 20:52 d-------- C:\WINDOWS\Downloaded Installations 2008-01-15 20:46 . 2008-01-15 20:46 0 --a------ C:\WINDOWS sreg.dat 2008-01-15 20:16 . 2008-01-15 20:16 d-------- C:\Program Files\MSXML 4.0 2008-01-15 20:10 . 2006-03-21 03:23 23,040 --------- C:\WINDOWS\kb913800.exe 2008-01-15 20:02 . 2008-01-15 20:02 d-------- C:\Program Files\Google 2008-01-15 19:44 . 2008-01-15 19:45 d-------- C:\WINDOWS\system32\fr-fr 2008-01-15 19:40 . 2007-10-10 23:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-01-15 19:40 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-01-15 19:40 . 2007-07-01 03:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-15 19:40 . 2007-10-10 23:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-01-15 19:40 . 2007-10-10 23:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-01-15 19:40 . 2007-10-10 23:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-01-15 19:40 . 2007-10-10 23:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-01-15 19:40 . 2007-10-10 23:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-01-15 19:40 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-01-15 19:28 . 2008-01-15 19:28 d-------- C:\Program Files\Windows Media Connect 2 2008-01-15 19:27 . 2008-01-15 19:27 d-------- C:\WINDOWS\system32\LogFiles 2008-01-15 19:27 . 2008-01-15 19:27 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-15 19:12 . 2005-06-28 23:43 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys 2008-01-15 19:12 . 2005-06-28 23:43 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2008-01-15 19:05 . 2008-01-15 19:05 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-01-15 19:04 . 2008-01-15 19:04 d-------- C:\Program Files\CyberLink 2008-01-15 19:04 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2008-01-15 19:03 . 2008-01-15 19:03 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\InterVideo 2008-01-15 19:01 . 2008-01-15 19:01 d-------- C:\Program Files\InterVideo Information Service 2008-01-15 19:01 . 2008-01-15 19:01 d-------- C:\Program Files\Fichiers communs\Ulead 2008-01-15 19:01 . 2008-01-15 19:01 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-01-15 19:01 . 2006-05-11 18:41 654 --------- C:\WINDOWS emove.iss 2008-01-15 19:00 . 2008-01-15 19:00 d-------- C:\Program Files\InterVideo 2008-01-15 19:00 . 2008-01-15 19:00 d-------- C:\Program Files\Fichiers communs\InterVideo 2008-01-15 18:56 . 2008-02-03 23:52 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-15 18:53 . 2008-01-15 18:58 d-------- C:\Documents and Settings\ABDESSAMAD\Contacts 2008-01-15 18:46 . 2008-01-15 18:46 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-15 18:40 . 2008-01-15 18:40 268 --ah----- C:\sqmdata03.sqm 2008-01-15 18:40 . 2008-01-15 18:40 244 --ah----- C:\sqmnoopt03.sqm 2008-01-15 18:39 . 2008-01-15 18:39 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\Ahead 2008-01-15 18:37 . 2008-01-15 18:37 d-------- C:\Program Files\Nero 2008-01-15 18:37 . 2008-01-15 18:37 d-------- C:\Program Files\Fichiers communs\Ahead . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-04 09:48 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-02-02 03:11 204,960 ----a-w C:\WINDOWS\inf\Lsass.exe 2008-01-30 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-23 09:44 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-01-15 16:18 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-01-15 15:49 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-15 15:38 --------- d-----w C:\Program Files\Analog Devices 2008-01-15 15:35 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe 2008-01-15 15:35 --------- d-----w C:\Program Files\Intel 2008-01-15 15:27 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-15 15:24 --------- d-----w C:\Program Files\Services en ligne 2008-01-15 15:23 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2008-01-15 15:20 --------- d-----w C:\Program Files\Windows Plus 2008-01-15 15:10 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2008-01-15 15:10 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-12-24 13:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-05 02:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-05 01:41 81,920 ----a-w C:\WINDOWS\system32 vwddi.dll 2007-12-05 01:41 81,920 ----a-w C:\WINDOWS\system32 vmctray.dll 2007-12-05 01:41 8,523,776 ----a-w C:\WINDOWS\system32 vcpl.dll 2007-12-05 01:41 753,664 ----a-w C:\WINDOWS\system32 vcplui.exe 2007-12-05 01:41 6,901,760 ----a-w C:\WINDOWS\system32 voglnt.dll 2007-12-05 01:41 6,549,504 ----a-w C:\WINDOWS\system32 vdisps.dll 2007-12-05 01:41 5,773,568 ----a-w C:\WINDOWS\system32 v4_disp.dll 2007-12-05 01:41 5,611,520 ----a-w C:\WINDOWS\system32 vdispsr.dll 2007-12-05 01:41 466,944 ----a-w C:\WINDOWS\system32 vshell.dll 2007-12-05 01:41 458,752 ----a-w C:\WINDOWS\system32 vmccssr.dll 2007-12-05 01:41 45,056 ----a-w C:\WINDOWS\system32 vmccsrs.dll 2007-12-05 01:41 442,368 ----a-w C:\WINDOWS\system32 vappbar.exe 2007-12-05 01:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 01:41 385,024 ----a-w C:\WINDOWS\system32 vapi.dll 2007-12-05 01:41 356,352 ----a-w C:\WINDOWS\system32 vudisp.exe 2007-12-05 01:41 35,328 ----a-w C:\WINDOWS\system32 vcodins.dll 2007-12-05 01:41 35,328 ----a-w C:\WINDOWS\system32 vcod.dll 2007-12-05 01:41 335,872 ----a-w C:\WINDOWS\system32 vwrses.dll 2007-12-05 01:41 335,872 ----a-w C:\WINDOWS\system32 vwrsel.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vwrsfr.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vwrsesm.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vrshe.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vrsar.dll 2007-12-05 01:41 323,584 ----a-w C:\WINDOWS\system32 vwrspt.dll 2007-12-05 01:41 323,584 ----a-w C:\WINDOWS\system32 vwrsit.dll 2007-12-05 01:41 319,488 ----a-w C:\WINDOWS\system32 vwrsptb.dll 2007-12-05 01:41 319,488 ----a-w C:\WINDOWS\system32 vwrsnl.dll 2007-12-05 01:41 315,392 ----a-w C:\WINDOWS\system32 vwrsru.dll 2007-12-05 01:41 315,392 ----a-w C:\WINDOWS\system32 vwrshu.dll 2007-12-05 01:41 311,296 ----a-w C:\WINDOWS\system32 vwrsde.dll 2007-12-05 01:41 307,200 ----a-w C:\WINDOWS\system32 vexpbar.dll 2007-12-05 01:41 303,104 ----a-w C:\WINDOWS\system32 vwrstr.dll 2007-12-05 01:41 303,104 ----a-w C:\WINDOWS\system32 vwrssl.dll 2007-12-05 01:41 303,104 ----a-w C:\WINDOWS\system32 vwrsfi.dll 2007-12-05 01:41 3,715,072 ----a-w C:\WINDOWS\system32 vvitvsr.dll 2007-12-05 01:41 3,710,976 ----a-w C:\WINDOWS\system32 vvitvs.dll 2007-12-05 01:41 3,420,160 ----a-w C:\WINDOWS\system32 vgames.dll 2007-12-05 01:41 3,334,144 ----a-w C:\WINDOWS\system32 vgamesr.dll 2007-12-05 01:41 299,008 ----a-w C:\WINDOWS\system32 vwrssk.dll 2007-12-05 01:41 299,008 ----a-w C:\WINDOWS\system32 vwrsno.dll 2007-12-05 01:41 294,912 ----a-w C:\WINDOWS\system32 vwrssv.dll 2007-12-05 01:41 294,912 ----a-w C:\WINDOWS\system32 vwrspl.dll 2007-12-05 01:41 294,912 ----a-w C:\WINDOWS\system32 vwrsda.dll 2007-12-05 01:41 290,816 ----a-w C:\WINDOWS\system32 vwrsth.dll 2007-12-05 01:41 286,720 ----a-w C:\WINDOWS\system32 vwrseng.dll 2007-12-05 01:41 286,720 ----a-w C:\WINDOWS\system32 vwrscs.dll 2007-12-05 01:41 286,720 ----a-w C:\WINDOWS\system32 vnt4cpl.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vwrsar.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vrsfr.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vrses.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vrsel.dll 2007-12-05 01:41 278,528 ----a-w C:\WINDOWS\system32 vwrshe.dll 2007-12-05 01:41 278,528 ----a-w C:\WINDOWS\system32 vrsit.dll 2007-12-05 01:41 278,528 ----a-w C:\WINDOWS\system32 vrsde.dll 2007-12-05 01:41 274,432 ----a-w C:\WINDOWS\system32 vrspt.dll 2007-12-05 01:41 274,432 ----a-w C:\WINDOWS\system32 vrsnl.dll 2007-12-05 01:41 274,432 ----a-w C:\WINDOWS\system32 vrsesm.dll 2007-12-05 01:41 270,336 ----a-w C:\WINDOWS\system32 vrsru.dll 2007-12-05 01:41 266,240 ----a-w C:\WINDOWS\system32 vrsptb.dll 2007-12-05 01:41 266,240 ----a-w C:\WINDOWS\system32 vrsja.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrstr.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrssl.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrssk.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrsko.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrshu.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrsth.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrssv.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrspl.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrsno.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrsda.dll 2007-12-05 01:41 249,856 ----a-w C:\WINDOWS\system32 vrsfi.dll 2007-12-05 01:41 249,856 ----a-w C:\WINDOWS\system32 vrscs.dll 2007-12-05 01:41 245,760 ----a-w C:\WINDOWS\system32 vrseng.dll 2007-12-05 01:41 229,376 ----a-w C:\WINDOWS\system32 vmccs.dll 2007-12-05 01:41 225,280 ----a-w C:\WINDOWS\system32 vrszhc.dll 2007-12-05 01:41 212,992 ----a-w C:\WINDOWS\system32 vwrsja.dll 2007-12-05 01:41 2,854,912 ----a-w C:\WINDOWS\system32 vmoblsr.dll 2007-12-05 01:41 2,519,040 ----a-w C:\WINDOWS\system32 vwssr.dll 2007-12-05 01:41 2,498,560 ----a-w C:\WINDOWS\system32 vwss.dll 2007-12-05 01:41 196,608 ----a-w C:\WINDOWS\system32 vwrsko.dll 2007-12-05 01:41 188,416 ----a-w C:\WINDOWS\system32 vmccss.dll 2007-12-05 01:41 167,936 ----a-w C:\WINDOWS\system32 vwrszht.dll 2007-12-05 01:41 163,840 ----a-w C:\WINDOWS\system32 vwrszhc.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {381FFDE8-2394-4F90-B10D-FC6124A40F8C} {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [HKEY_CLASSES_ROOT\BitDefender Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-15 16:18 20480] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 07:23 221568] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 18:55 68856] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-10 22:05 932784] "SystemFile"="C:\WINDOWS\system32\Lsas.exe" [2008-02-02 03:11 204960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 12:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-01-15 17:44 185896] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 21:58 49152] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37 319488] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-15 16:18:35 450560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme S1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-05 16:07] S2 DIG_TS;Pinnacle PCTV 400i TS;C:\WINDOWS\system32\DRIVERS\dig_ts.sys [2003-02-04 18:22] S2 DIG_V;Pinnacle PCTV 400i Analog;C:\WINDOWS\system32\drivers\dig_v.sys [2003-05-13 15:37] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27] S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03] S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-21 17:15] S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-10 12:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{z6B2445-1963-9142-A0DB-DBDB9E15FB9z}] Lsas.exe AutoRun . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-01 23:34:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-07 11:45:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 11:50:07 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Temps d'accomplissement: 2008-02-07 11:51:15 ComboFix-quarantined-files.txt 2008-02-07 11:50:37 . 2008-02-06 11:24:14 --- E O F ---

g!rly · Answer

re,

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\Lsas.exe
C:\WINDOWS\inf\Lsass.exe
C:\WINDOWS\system32\Lsast.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemFile"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Ps:tu fais comme tout a l´heure tu te deconnect, arretes tes pplications et arrete aussi bitdefender le temps de laisser travailler combofix.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt2 accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

sat4all · Answer

re, merci encore vraiment votre aide est apprécié le combofix.txt2: ComboFix 08-02.05.3 - ABDESSAMAD 2008-02-07 12:22:28.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1256.212.1036.18.607 [GMT 0:00] Endroit: C:\Documents and Settings\ABDESSAMAD\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ABDESSAMAD\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !![/b][/color] FILE C:\WINDOWS\inf\Lsass.exe C:\WINDOWS\system32\Lsas.exe C:\WINDOWS\system32\Lsast.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\inf\Lsass.exe C:\WINDOWS\system32\Lsas.exe C:\WINDOWS\system32\Lsast.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))))))) . 2008-02-06 22:26 . 2008-02-06 22:26 d-------- C:\Program Files\Trend Micro 2008-02-06 18:53 . 2008-02-06 19:29 d-------- C:\Dreambox 2008-02-05 00:02 . 2008-02-05 00:02 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-04 14:29 . 2008-02-04 14:49 d-------- C:\dvbdream 2008-02-03 21:23 . 2008-02-03 21:23 d-------- C:\Program Files\Windows Defender 2008-02-03 09:54 . 2008-02-03 09:54 d-------- C:\Program Files\MegauploadToolbar 2008-02-03 09:54 . 2008-02-03 09:56 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\MegauploadToolbar 2008-02-02 20:28 . 2008-02-02 20:44 d-------- C:\ProgDVB 2008-02-02 20:20 . 2008-02-02 03:11 204,960 --a------ C:\WINDOWS\system32\svshoct.exe 2008-02-02 19:26 . 2008-02-02 19:26 d-------- C:\Program Files\Fichiers communs\Elecard 2008-02-02 19:26 . 2008-02-02 19:26 d-------- C:\Program Files\Elecard 2008-01-31 12:27 . 2008-01-31 12:27 d-------- C:\Program Files\Complete File Renamer 2.0 2008-01-30 23:03 . 2008-01-30 23:04 d-------- C:\Program Files\FastStone Photo Resizer 2008-01-30 19:10 . 2002-07-03 11:44 53,248 --a------ C:\WINDOWS\amcap.exe 2008-01-29 21:43 . 2008-01-29 21:43 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-01-24 14:52 . 2008-01-24 14:52 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\vlc 2008-01-24 14:51 . 2008-01-24 14:51 d-------- C:\Program Files\VideoLAN 2008-01-24 14:48 . 2008-02-03 09:31 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\OfficeUpdate12 2008-01-24 14:25 . 2008-01-24 14:25 d-------- C:\Program Files\Common Files 2008-01-24 14:22 . 2008-01-24 14:22 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-01-23 21:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-01-23 13:06 . 2008-01-08 12:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll 2008-01-23 09:46 . 2008-01-23 09:46 d-------- C:\Program Files\KONAMI 2008-01-21 20:50 . 2008-01-21 20:50 d-------- C:\Program Files\Apple Software Update 2008-01-21 20:50 . 2008-01-21 20:50 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-01-21 18:05 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe 2008-01-19 00:26 . 2008-02-07 12:01 d-------- C: mp 2008-01-18 14:49 . 2008-01-18 14:49 d-------- C:\Documents and Settings\LocalService\Menu Démarrer 2008-01-17 14:35 . 2008-01-17 14:35 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-01-17 14:35 . 2008-01-18 17:10 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\Azureus 2008-01-16 22:10 . 2008-01-16 22:11 d-------- C:\Program Files\Gbox Share Control 2008-01-16 22:10 . 1998-04-26 23:00 570,128 --a------ C:\WINDOWS\system32\dao350.dll 2008-01-16 22:10 . 2006-12-26 14:09 536,576 --a------ C:\WINDOWS\system32\msado15.dll 2008-01-16 22:10 . 2000-05-22 16:58 244,416 --a------ C:\WINDOWS\system32\msflxgrd.ocx 2008-01-16 22:10 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx 2008-01-16 22:10 . 1998-06-24 00:00 140,096 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-01-16 22:10 . 2007-10-13 03:10 137,728 --a------ C:\WINDOWS\system32 mchart.dll 2008-01-16 22:10 . 1998-06-24 00:00 118,064 --a------ C:\WINDOWS\system32\MSADODC.OCX 2008-01-16 22:10 . 1998-06-17 23:00 77,824 --a------ C:\WINDOWS\system32\MSBIND.DLL 2008-01-16 22:10 . 2002-03-15 14:25 53,248 --a------ C:\WINDOWS\system32\AnimatedGif.ocx 2008-01-16 14:05 . 2008-01-16 14:05 d-------- C:\WINDOWS\NgrabLite 2008-01-16 14:05 . 2008-01-16 14:05 d-------- C:\Program Files\NgrabLite 2008-01-16 12:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-16 12:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-16 11:31 . 2008-01-16 11:31 d-------- C:\WINDOWS\Sun 2008-01-15 22:38 . 2008-01-15 22:41 d-------- C:\Program Files\xampplite 2008-01-15 22:05 . 2008-02-03 23:05 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\FileZilla 2008-01-15 22:03 . 2008-01-15 22:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-15 22:03 . 2008-01-15 22:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 21:58 . 2008-02-07 00:32 9,535 --a------ C:\WINDOWS\system32\DigListA.lst 2008-01-15 21:40 . 2008-01-15 21:40 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\Leadertech 2008-01-15 21:35 . 2008-02-07 12:26 121 --a------ C:\WINDOWS\bdagent.INI 2008-01-15 21:11 . 2008-01-15 21:11 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\BitDefender 2008-01-15 21:10 . 2008-01-15 21:11 d-------- C:\Program Files\BitDefender 2008-01-15 21:10 . 2008-01-15 21:47 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-01-15 21:09 . 2008-01-15 21:10 d-------- C:\Program Files\Fichiers communs\BitDefender 2008-01-15 21:07 . 2008-01-30 09:55 d-------- C:\Program Files\Internet Download Manager 2008-01-15 21:07 . 2008-01-30 00:54 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\IDM 2008-01-15 21:07 . 2008-02-07 12:19 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\DMCache 2008-01-15 20:54 . 2008-01-15 21:03 d-------- C:\Program Files\Fichiers communs\Adobe 2008-01-15 20:52 . 2008-01-30 20:52 d-------- C:\WINDOWS\Downloaded Installations 2008-01-15 20:46 . 2008-01-15 20:46 0 --a------ C:\WINDOWS sreg.dat 2008-01-15 20:16 . 2008-01-15 20:16 d-------- C:\Program Files\MSXML 4.0 2008-01-15 20:10 . 2006-03-21 03:23 23,040 --------- C:\WINDOWS\kb913800.exe 2008-01-15 20:02 . 2008-01-15 20:02 d-------- C:\Program Files\Google 2008-01-15 19:44 . 2008-01-15 19:45 d-------- C:\WINDOWS\system32\fr-fr 2008-01-15 19:40 . 2007-10-10 23:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-01-15 19:40 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-01-15 19:40 . 2007-07-01 03:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-15 19:40 . 2007-10-10 23:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-01-15 19:40 . 2007-10-10 23:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-01-15 19:40 . 2007-10-10 23:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-01-15 19:40 . 2007-10-10 23:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-01-15 19:40 . 2007-10-10 23:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-01-15 19:40 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-01-15 19:28 . 2008-01-15 19:28 d-------- C:\Program Files\Windows Media Connect 2 2008-01-15 19:27 . 2008-01-15 19:27 d-------- C:\WINDOWS\system32\LogFiles 2008-01-15 19:27 . 2008-01-15 19:27 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-15 19:12 . 2005-06-28 23:43 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys 2008-01-15 19:12 . 2005-06-28 23:43 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2008-01-15 19:05 . 2008-01-15 19:05 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-01-15 19:04 . 2008-01-15 19:04 d-------- C:\Program Files\CyberLink 2008-01-15 19:04 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2008-01-15 19:03 . 2008-01-15 19:03 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\InterVideo 2008-01-15 19:01 . 2008-01-15 19:01 d-------- C:\Program Files\InterVideo Information Service 2008-01-15 19:01 . 2008-01-15 19:01 d-------- C:\Program Files\Fichiers communs\Ulead 2008-01-15 19:01 . 2008-01-15 19:01 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-01-15 19:01 . 2006-05-11 18:41 654 --------- C:\WINDOWS emove.iss 2008-01-15 19:00 . 2008-01-15 19:00 d-------- C:\Program Files\InterVideo 2008-01-15 19:00 . 2008-01-15 19:00 d-------- C:\Program Files\Fichiers communs\InterVideo 2008-01-15 18:56 . 2008-02-03 23:52 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-15 18:53 . 2008-01-15 18:58 d-------- C:\Documents and Settings\ABDESSAMAD\Contacts 2008-01-15 18:46 . 2008-01-15 18:46 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-15 18:40 . 2008-01-15 18:40 268 --ah----- C:\sqmdata03.sqm 2008-01-15 18:40 . 2008-01-15 18:40 244 --ah----- C:\sqmnoopt03.sqm 2008-01-15 18:39 . 2008-01-15 18:39 d-------- C:\Documents and Settings\ABDESSAMAD\Application Data\Ahead 2008-01-15 18:37 . 2008-01-15 18:37 d-------- C:\Program Files\Nero 2008-01-15 18:37 . 2008-01-15 18:37 d-------- C:\Program Files\Fichiers communs\Ahead 2008-01-15 18:29 . 2008-01-15 18:29 268 --ah----- C:\sqmdata02.sqm 2008-01-15 18:29 . 2008-01-15 18:29 244 --ah----- C:\sqmnoopt02.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-04 09:48 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-01-30 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-23 09:44 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-01-15 16:18 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-01-15 15:49 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-15 15:38 --------- d-----w C:\Program Files\Analog Devices 2008-01-15 15:35 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe 2008-01-15 15:35 --------- d-----w C:\Program Files\Intel 2008-01-15 15:27 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-15 15:24 --------- d-----w C:\Program Files\Services en ligne 2008-01-15 15:23 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2008-01-15 15:20 --------- d-----w C:\Program Files\Windows Plus 2008-01-15 15:10 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2008-01-15 15:10 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-12-24 13:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-05 02:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-05 01:41 81,920 ----a-w C:\WINDOWS\system32 vwddi.dll 2007-12-05 01:41 81,920 ----a-w C:\WINDOWS\system32 vmctray.dll 2007-12-05 01:41 8,523,776 ----a-w C:\WINDOWS\system32 vcpl.dll 2007-12-05 01:41 753,664 ----a-w C:\WINDOWS\system32 vcplui.exe 2007-12-05 01:41 6,901,760 ----a-w C:\WINDOWS\system32 voglnt.dll 2007-12-05 01:41 6,549,504 ----a-w C:\WINDOWS\system32 vdisps.dll 2007-12-05 01:41 5,773,568 ----a-w C:\WINDOWS\system32 v4_disp.dll 2007-12-05 01:41 5,611,520 ----a-w C:\WINDOWS\system32 vdispsr.dll 2007-12-05 01:41 466,944 ----a-w C:\WINDOWS\system32 vshell.dll 2007-12-05 01:41 458,752 ----a-w C:\WINDOWS\system32 vmccssr.dll 2007-12-05 01:41 45,056 ----a-w C:\WINDOWS\system32 vmccsrs.dll 2007-12-05 01:41 442,368 ----a-w C:\WINDOWS\system32 vappbar.exe 2007-12-05 01:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 01:41 385,024 ----a-w C:\WINDOWS\system32 vapi.dll 2007-12-05 01:41 356,352 ----a-w C:\WINDOWS\system32 vudisp.exe 2007-12-05 01:41 35,328 ----a-w C:\WINDOWS\system32 vcodins.dll 2007-12-05 01:41 35,328 ----a-w C:\WINDOWS\system32 vcod.dll 2007-12-05 01:41 335,872 ----a-w C:\WINDOWS\system32 vwrses.dll 2007-12-05 01:41 335,872 ----a-w C:\WINDOWS\system32 vwrsel.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vwrsfr.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vwrsesm.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vrshe.dll 2007-12-05 01:41 327,680 ----a-w C:\WINDOWS\system32 vrsar.dll 2007-12-05 01:41 323,584 ----a-w C:\WINDOWS\system32 vwrspt.dll 2007-12-05 01:41 323,584 ----a-w C:\WINDOWS\system32 vwrsit.dll 2007-12-05 01:41 319,488 ----a-w C:\WINDOWS\system32 vwrsptb.dll 2007-12-05 01:41 319,488 ----a-w C:\WINDOWS\system32 vwrsnl.dll 2007-12-05 01:41 315,392 ----a-w C:\WINDOWS\system32 vwrsru.dll 2007-12-05 01:41 315,392 ----a-w C:\WINDOWS\system32 vwrshu.dll 2007-12-05 01:41 311,296 ----a-w C:\WINDOWS\system32 vwrsde.dll 2007-12-05 01:41 307,200 ----a-w C:\WINDOWS\system32 vexpbar.dll 2007-12-05 01:41 303,104 ----a-w C:\WINDOWS\system32 vwrstr.dll 2007-12-05 01:41 303,104 ----a-w C:\WINDOWS\system32 vwrssl.dll 2007-12-05 01:41 303,104 ----a-w C:\WINDOWS\system32 vwrsfi.dll 2007-12-05 01:41 3,715,072 ----a-w C:\WINDOWS\system32 vvitvsr.dll 2007-12-05 01:41 3,710,976 ----a-w C:\WINDOWS\system32 vvitvs.dll 2007-12-05 01:41 3,420,160 ----a-w C:\WINDOWS\system32 vgames.dll 2007-12-05 01:41 3,334,144 ----a-w C:\WINDOWS\system32 vgamesr.dll 2007-12-05 01:41 299,008 ----a-w C:\WINDOWS\system32 vwrssk.dll 2007-12-05 01:41 299,008 ----a-w C:\WINDOWS\system32 vwrsno.dll 2007-12-05 01:41 294,912 ----a-w C:\WINDOWS\system32 vwrssv.dll 2007-12-05 01:41 294,912 ----a-w C:\WINDOWS\system32 vwrspl.dll 2007-12-05 01:41 294,912 ----a-w C:\WINDOWS\system32 vwrsda.dll 2007-12-05 01:41 290,816 ----a-w C:\WINDOWS\system32 vwrsth.dll 2007-12-05 01:41 286,720 ----a-w C:\WINDOWS\system32 vwrseng.dll 2007-12-05 01:41 286,720 ----a-w C:\WINDOWS\system32 vwrscs.dll 2007-12-05 01:41 286,720 ----a-w C:\WINDOWS\system32 vnt4cpl.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vwrsar.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vrsfr.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vrses.dll 2007-12-05 01:41 282,624 ----a-w C:\WINDOWS\system32 vrsel.dll 2007-12-05 01:41 278,528 ----a-w C:\WINDOWS\system32 vwrshe.dll 2007-12-05 01:41 278,528 ----a-w C:\WINDOWS\system32 vrsit.dll 2007-12-05 01:41 278,528 ----a-w C:\WINDOWS\system32 vrsde.dll 2007-12-05 01:41 274,432 ----a-w C:\WINDOWS\system32 vrspt.dll 2007-12-05 01:41 274,432 ----a-w C:\WINDOWS\system32 vrsnl.dll 2007-12-05 01:41 274,432 ----a-w C:\WINDOWS\system32 vrsesm.dll 2007-12-05 01:41 270,336 ----a-w C:\WINDOWS\system32 vrsru.dll 2007-12-05 01:41 266,240 ----a-w C:\WINDOWS\system32 vrsptb.dll 2007-12-05 01:41 266,240 ----a-w C:\WINDOWS\system32 vrsja.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrstr.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrssl.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrssk.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrsko.dll 2007-12-05 01:41 258,048 ----a-w C:\WINDOWS\system32 vrshu.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrsth.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrssv.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrspl.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrsno.dll 2007-12-05 01:41 253,952 ----a-w C:\WINDOWS\system32 vrsda.dll 2007-12-05 01:41 249,856 ----a-w C:\WINDOWS\system32 vrsfi.dll 2007-12-05 01:41 249,856 ----a-w C:\WINDOWS\system32 vrscs.dll 2007-12-05 01:41 245,760 ----a-w C:\WINDOWS\system32 vrseng.dll 2007-12-05 01:41 229,376 ----a-w C:\WINDOWS\system32 vmccs.dll 2007-12-05 01:41 225,280 ----a-w C:\WINDOWS\system32 vrszhc.dll 2007-12-05 01:41 212,992 ----a-w C:\WINDOWS\system32 vwrsja.dll 2007-12-05 01:41 2,854,912 ----a-w C:\WINDOWS\system32 vmoblsr.dll 2007-12-05 01:41 2,519,040 ----a-w C:\WINDOWS\system32 vwssr.dll 2007-12-05 01:41 2,498,560 ----a-w C:\WINDOWS\system32 vwss.dll 2007-12-05 01:41 196,608 ----a-w C:\WINDOWS\system32 vwrsko.dll 2007-12-05 01:41 188,416 ----a-w C:\WINDOWS\system32 vmccss.dll 2007-12-05 01:41 167,936 ----a-w C:\WINDOWS\system32 vwrszht.dll 2007-12-05 01:41 163,840 ----a-w C:\WINDOWS\system32 vwrszhc.dll 2007-12-05 01:41 155,716 ----a-w C:\WINDOWS\system32 vsvc32.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {381FFDE8-2394-4F90-B10D-FC6124A40F8C} {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [HKEY_CLASSES_ROOT\BitDefender Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-15 16:18 20480] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 07:23 221568] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 18:55 68856] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-10 22:05 932784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 12:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-01-15 17:44 185896] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 21:58 49152] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37 319488] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-15 16:18:35 450560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-05 16:07] R2 DIG_TS;Pinnacle PCTV 400i TS;C:\WINDOWS\system32\DRIVERS\dig_ts.sys [2003-02-04 18:22] R2 DIG_V;Pinnacle PCTV 400i Analog;C:\WINDOWS\system32\drivers\dig_v.sys [2003-05-13 15:37] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27] R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03] R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-21 17:15] R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-10 12:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{z6B2445-1963-9142-A0DB-DBDB9E15FB9z}] Lsas.exe AutoRun . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-01 23:34:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-07 11:55:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 12:26:32 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Temps d'accomplissement: 2008-02-07 12:27:32 ComboFix-quarantined-files.txt 2008-02-07 12:27:02 ComboFix2.txt 2008-02-07 11:51:15 . 2008-02-06 11:24:14 --- E O F --- ------------------------------------------------------------------------------------------------------------------------ le rapport du deuxieme analyse avec hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:29:57, on 07/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer pbrowserrecordplugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

g!rly · Answer

re,

c´est cool ;-)

que dis bitdefender maintenant?

peux tu faire ce scan et poster le rapport ici stp

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html 

Note : supprime tout ce qu´il a trouvé a la fin du scan et post le rapport ici stp

@+

sat4all · Answer

le bitdefender  est trés calme maintenet lol merci encore ....l'analyse est en cours...@+

g!rly · Answer

ok ;-)

@+

sat4all · Answer

la voila le rapport du scan


    http://img168.imageshack.us/img168/1459/sanstitretn0.gif


merci enfinement

g!rly · Answer

ok

fais ceci  seulement si bitdefender n´as pas reussie a supprimer le fichier.

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\svshoct.exe

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt3

S'il n'y a pas de rédémarrage, poste quand même le  rapport.

et puis passe le scan avec avg comme indiqué au post 5 et post son rapport egalement

@+

sat4all · Answer

merci mon, ami ca marche le bitdefende a supprimé les fichiers.




regards.

g!rly · Answer

ok

vu que tu ne veux pas faire le scan avec avg je ne peux que te demander, comment va ton pc?

@+

sat4all · Answer

bon soir,

ba oui, vous avez raison l'analyse avec le bitdefender sa suffit pas donc j'ai fait l'analyse avec l' avg anti-spy et voila le compte rendu de l'analyse:

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:10:03 07/02/2008

 + Résultat de l'analyse:	



C:\Documents and Settings\ABDESSAMAD\Local Settings\Temporary Internet Files\Content.IE5\KWVJ4C95\click[1].htm -> Hijacker.Agent.ai : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@4.adbrite[2].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@adbrite[1].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@adrenaline[1].txt -> TrackingCookie.Adrenaline : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@questionmarket[2].txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@trafic[1].txt -> TrackingCookie.Trafic : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@valueclick[1].txt -> TrackingCookie.Valueclick : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@m.webtrends[1].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Documents and Settings\ABDESSAMAD\Cookies\abdessamad@zedo[1].txt -> TrackingCookie.Zedo : Aucune action entreprise.


Fin du rapport

merci encore.

g!rly · Answer

re,

tu as bien supprimer tout ce qui a été trouvé? car la ca affiche "aucune action entreprise"

il n´y a que des tracking cookie ( pas tres grave ) mais au debut il y a C:\Documents and Settings\ABDESSAMAD\Local Settings\Temporary Internet Files\Content.IE5\KWVJ4C95\click[1].htm -> Hijacker.Agent.ai : Aucune action entreprise.

fais ceci :

Vide tes fichiers temporaires avec ceci:

->Clean Up 40:

http://pageperso.aol.fr/balltrap34/CleanUp40.exe

->aide en image:(merci a Balltrap34)

http://pageperso.aol.fr/balltrap34/democleanup.htm

click sur option et décoche la case devant : delete prefect files

vide le manuellement :

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !

puis fais ceci :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.
   
   Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

   http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

@+

sat4all · Answer

c'est fait mon chére ami!  l'avg a supprimer tous les malware.


merci.

g!rly · Answer

re,

tu as passé clean up ?

peux tu poster le rapport de clean option 1 stp

bonne soirée

@´+

sat4all · Answer

j'ai fait le clean up mais le clean opt 1 ca marche pas chez moi il demande du temps pour le scan mais aprés des seconds la fenetre sa ferme automatiquement et rien aprés.

g!rly · Answer

bon...

supprime le alors...

supprime aussi combofix ainsi que son back up et hijack this, tu peux garder clean up et avg si tu veux.

On va dire que c´est ok, qu´est ce que t´en pensse ?

@+

sat4all · Answer

oui vraiment tous ca marche parfait, juste j'ai une question est ce que je dois garder le avg anti-spyware en excution avec le bitdefender total security.


merci d'avance!

g!rly · Answer

re,

je pensse que tu peux, si tu remarque un conflit enleve la protection residente d´avg

@+

sat4all · Answer

un grand merci a votre aide apprecié.


bonne nuit et a la prochaine.

Lsass.exe detecté comme un trojan!!!!

21 réponses

Discussions similaires

Newsletters