virus bagle je crois

Question

Bonjour,
Je crois que j'ai le virus bagle, j'ai suivi les conversations sur ce virus et j'ai télécharger elibagla, à priori il me confirme qu'il y a bagle mais il y a plein de fichier qu'il n'arrive pas à mettre à la poubelle. Du coup après dans les discussions je vois qu'il faut poster le rapport afin qu'on puisse m'aider, est-ce que ça serait possible que quelqu'un m'aide...
Merci,
dry

Utilisateur anonyme · Answer

Salut !

***************

Dèjà on va voir ce qui traine sur ton pc ;)

Télécharge HJT

'
Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer le fichier ' Hijackthis.exe '(situé dans le dossier dans C:\ ) en 'HJT.exe' <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Hijackthis\HJT.exe

-> Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...

Clique droit sur l'icône -> '' Executer en tant qu'administrateur '' , et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm

A+

Lyonnais92 · Answer

Bonjour,

pour anticiper la demande de cyrildu17,

ajoute le rapport d'elibagla au rapport d'Hijackthis

dry · Answer

Bonjour,
alors en fait depuis j'ai tenté 2, 3 trucs, j'ai passé elibagla mais j'arrive pas à trouver le rapport....
puis derrière j'ai mis combofix, celui là j'ai le rapport il me dit qu'il a supprimé hldrrr.exe 2 fois c'est le seul truc que je comprends sur ce rapport,
ensuite j'ai finalement réussi à mettre avast qui m'a trouvé Win32 beagle-YN et qui l'a supprimé
enfin j'ai remis à jour vista avec les cds d'install
du coup là je sais pas s'il reste encore des virus ou pas.
je mets le rapport de combofix :
Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\drivers\down
C:\Windows\system32\drivers\down\34142035.exe
C:\Windows\system32\drivers\down\34174624.exe
C:\Windows\system32\drivers\down\34178867.exe
C:\Windows\system32\drivers\down\34208632.exe
C:\Windows\system32\drivers\down\34242266.exe
C:\Windows\system32\drivers\down\34243436.exe
C:\Windows\system32\drivers\down\34253576.exe
C:\Windows\system32\drivers\down\34259036.exe
C:\Windows\system32\drivers\down\34264855.exe
C:\Windows\system32\drivers\down\34272702.exe
C:\Windows\system32\drivers\down\34288926.exe
C:\Windows\system32\drivers\down\34295509.exe
C:\Windows\system32\drivers\down\34297053.exe
C:\Windows\system32\drivers\down\34298317.exe
C:\Windows\system32\drivers\down\34300626.exe
C:\Windows\system32\drivers\down\34314151.exe
C:\Windows\system32\drivers\down\34326647.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\srosa.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa

((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
.

2008-02-19 11:15 . 2008-02-19 11:15 <REP> d-------- C:\Windows\LastGood.Tmp
2008-02-19 11:14 . 2008-02-19 11:14 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-02-19 11:14 . 2008-02-19 11:14 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-02-19 11:14 . 2008-02-19 11:14 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-02-19 11:06 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-19 11:06 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-19 11:06 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-19 11:06 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-19 11:06 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-19 11:06 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-19 11:03 . 2008-02-19 11:03 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-19 11:03 . 2008-02-19 11:03 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-19 11:03 . 2008-02-19 11:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-19 09:14 . 2008-02-19 09:14 <REP> d-------- C:\Program Files\Alwil Software
2008-02-18 22:19 . 2008-02-18 22:19 <REP> d-------- C:\$WINDOWS.~BT
2008-02-18 21:42 . 2008-02-18 22:23 1,905 --a------ C:\Windows\diagwrn.xml
2008-02-18 21:42 . 2008-02-18 22:23 1,905 --a------ C:\Windows\diagerr.xml
2008-02-18 19:52 . 2008-02-18 19:52 <REP> d-------- C:\Program Files\Hercules
2008-02-18 19:51 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys
2008-02-18 18:32 . 2008-02-18 22:45 271,572,406 --a------ C:\Windows\MEMORY.DMP
2008-02-18 16:23 . 2007-12-19 12:28 1,232,896 --a------ C:\Windows\SYCIOU.dll
2008-02-18 16:23 . 2007-12-18 10:37 1,028,096 --a------ C:\Windows\SYCGeoU.dll
2008-02-18 16:23 . 2007-11-15 19:21 385,024 --a------ C:\Windows\SYCLicense071115U.dll
2008-02-18 15:53 . 2008-02-18 15:53 <REP> d-------- C:\Program Files\Blender Foundation
2008-02-18 14:53 . 2008-02-18 14:53 <REP> d-------- C:\Program Files\MakeHuman 0.9.1 RC1
2008-02-17 12:23 . 2008-02-17 12:23 132,469 --a------ C:\Windows\hpwins13.dat
2008-02-17 12:23 . 2007-05-26 06:18 350 --------- C:\Windows\hpwmdl13.dat
2008-02-17 12:22 . 2008-01-10 06:42 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-17 12:20 . 2007-01-31 16:16 118,272 --a------ C:\Windows\System32\hpz3l4v6.dll
2008-02-16 17:55 . 2008-02-16 17:55 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\InstallShield
2008-02-15 11:04 . 2008-02-15 11:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 11:04 . 2008-02-15 11:04 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-15 09:41 . 2008-02-15 09:41 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-15 09:41 . 2008-02-15 09:41 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-15 09:38 . 2008-02-15 09:38 3,505,720 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-15 09:38 . 2008-02-15 09:38 3,471,928 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-15 09:38 . 2008-02-15 09:38 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-02-15 09:38 . 2008-02-15 09:38 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-02-15 09:38 . 2008-02-15 09:38 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-15 09:37 . 2008-02-15 09:37 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-15 09:37 . 2008-02-15 09:37 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-15 09:37 . 2008-02-15 09:37 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-15 09:37 . 2008-02-15 09:37 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-15 09:37 . 2008-02-15 09:37 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 19:00 . 2008-02-19 09:56 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\HP
2008-02-14 18:59 . 2008-02-14 18:59 <REP> d-------- C:\Users\All Users\HPSSUPPLY
2008-02-14 18:59 . 2008-02-14 18:59 <REP> d-------- C:\ProgramData\HPSSUPPLY
2008-02-14 18:58 . 2008-02-14 18:58 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-02-14 18:58 . 2008-02-14 18:59 <REP> d-------- C:\Program Files\Common Files\HP
2008-02-14 18:58 . 2008-02-14 18:58 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-14 18:57 . 2008-02-14 18:57 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-02-14 18:57 . 2008-02-14 18:57 <REP> d-------- C:\ProgramData\Hewlett-Packard
2008-02-14 18:10 . 2007-07-05 03:49 892,928 --a------ C:\Windows\System32\hpwtiop2.dll
2008-02-14 18:10 . 2007-07-05 03:49 675,840 --a------ C:\Windows\System32\hpwwiax2.dll
2008-02-14 18:10 . 2007-07-05 03:48 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-02-14 18:10 . 2007-07-05 03:48 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-02-14 18:10 . 2007-07-05 03:49 294,912 --a------ C:\Windows\System32\hpovst11.dll
2008-02-14 18:10 . 2007-07-05 04:42 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-02-14 18:10 . 2007-08-17 21:29 118,272 --a------ C:\Windows\System32\hpz3l4x6.dll
2008-02-14 18:09 . 2008-02-14 18:09 <REP> d-------- C:\Windows\carrier
2008-02-14 18:09 . 2008-02-14 18:59 <REP> d-------- C:\Program Files\HP
2008-02-14 18:09 . 2008-02-14 19:09 167,227 --a------ C:\Windows\hpwins05.dat
2008-02-14 18:08 . 2008-02-15 09:33 <REP> d-------- C:\Users\All Users\HP
2008-02-14 18:08 . 2008-02-15 09:33 <REP> d-------- C:\ProgramData\HP
2008-02-13 19:27 . 2008-02-13 19:27 <REP> d-------- C:\Program Files\EPSON
2008-02-13 19:27 . 2006-03-03 02:04 73,216 --a------ C:\Windows\System32\E_FLBBGE.DLL
2008-02-13 19:27 . 2005-04-11 02:01 62,976 --a------ C:\Windows\System32\E_FD4BBGE.DLL
2008-02-13 19:27 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-13 09:43 . 2008-02-13 09:43 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-13 09:42 . 2008-02-13 09:42 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-13 09:42 . 2008-02-13 09:42 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-13 09:42 . 2008-02-13 09:42 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-13 09:42 . 2008-02-13 09:42 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-13 09:42 . 2008-02-13 09:42 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-13 09:41 . 2008-02-13 09:41 2,048 --a------ C:\Windows\System32\tzres.dll
2008-02-12 19:34 . 2008-02-12 19:34 <REP> d-------- C:\Windows\{E6751138-D3DA-4A03-9441-6090094C7D45}
2008-02-12 18:09 . 2008-02-12 18:09 <REP> d-------- C:\Windows\System32\Adobe
2008-02-12 18:09 . 2001-11-14 20:19 16,384 --a------ C:\Windows\System32\FileOps.exe
2008-02-12 18:06 . 2008-02-12 18:06 <REP> d-------- C:\Windows\Adobe Illustrator CS
2008-02-12 18:02 . 2008-02-12 18:02 <REP> d-------- C:\Users\All Users\Macrovision
2008-02-12 18:02 . 2008-02-12 18:02 <REP> d-------- C:\ProgramData\Macrovision
2008-02-12 18:02 . 2008-02-12 18:02 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-12 17:47 . 2008-02-12 17:47 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks 2008
2008-02-12 17:45 . 2008-02-13 16:51 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks
2008-02-12 17:36 . 2008-02-12 17:36 23 --ah----- C:\Windows\yacht.xws
2008-02-12 17:31 . 2008-02-12 17:31 <REP> d-------- C:\Users\All Users\SolidWorks
2008-02-12 17:31 . 2008-02-12 17:31 <REP> d-------- C:\Solidworks Data
2008-02-12 17:31 . 2008-02-12 17:31 <REP> d-------- C:\ProgramData\SolidWorks
2008-02-12 17:31 . 2008-02-12 17:35 <REP> d-------- C:\Program Files\SolidWorks
2008-02-12 17:31 . 2008-02-12 17:36 <REP> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-02-12 17:31 . 2008-02-12 17:31 <REP> d-------- C:\Program Files\Common Files\eDrawings2008
2008-02-12 17:31 . 2008-02-12 17:31 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-02-12 17:27 . 2008-02-12 17:27 <REP> d-------- C:\Program Files\MSECache
2008-02-12 17:13 . 2008-02-12 17:13 <REP> d-------- C:\Program Files\PowerISO
2008-02-12 17:07 . 2008-02-12 17:07 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-12 17:07 . 2008-02-12 17:07 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-12 17:07 . 2008-02-12 17:07 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-02-12 17:07 . 2008-02-12 17:07 43,352 --a------ C:\Windows\System32\wups2.dll
2008-02-12 17:05 . 2008-02-12 17:05 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-12 17:05 . 2008-02-12 17:05 163,000 --a------ C:\Windows\System32\wuwebv.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 10:49 110,096 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-02-15 10:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 10:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 10:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 10:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 08:40 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-15 08:40 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-15 08:40 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-15 08:40 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-15 08:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-15 08:40 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-15 08:40 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-15 08:40 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-15 08:40 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-15 08:40 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-15 08:40 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-15 08:40 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-15 08:40 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-15 08:40 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-15 08:40 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-15 08:40 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-15 08:40 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-15 08:40 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-15 08:40 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-15 08:40 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-15 08:40 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-15 08:40 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-15 08:40 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-15 08:40 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-15 08:40 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-15 08:40 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-15 08:40 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-15 08:40 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-15 08:35 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 08:35 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 08:35 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 08:35 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 08:51 --------- d-----w C:\Program Files\Windows Mail
2008-02-13 08:50 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-13 08:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-13 08:44 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-02-13 08:44 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-02-13 08:44 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-02-13 08:44 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-02-13 08:44 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-02-13 08:44 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-02-13 08:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-13 08:44 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-02-13 08:44 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-02-13 08:44 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-02-13 08:44 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-12 18:34 8,115,712 ----a-w C:\Program Files\EZ Connect N Draft 11n Wireless USB2.0 Adapter.msi
2008-02-12 18:34 6,129 ----a-w C:\Program Files\[u]0/ux0409.ini
2008-02-12 18:34 3,584 ----a-w C:\Program Files\1033.MST
2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Modèles
2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Favoris
2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Documents
2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Bureau
2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Application Data
2008-02-11 17:20 --------- d-sh--w C:\Program Files\Fichiers communs
2008-02-05 20:23 45,240 ------w C:\Windows\system32\drivers\pciidex.sys
2008-02-05 20:23 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-02-05 20:23 21,688 ------w C:\Windows\system32\drivers\atapi.sys
2008-02-05 20:23 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-02-05 20:23 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-02-05 20:23 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-02-05 20:23 17,592 ------w C:\Windows\system32\drivers\intelide.sys
2008-02-05 20:23 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-02-05 20:23 16,056 ------w C:\Windows\system32\drivers\pciide.sys
2008-02-05 20:23 110,264 ------w C:\Windows\system32\drivers\ataport.sys
2008-02-05 20:21 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-02-05 20:21 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-02-05 20:21 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-05 20:21 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-02-05 20:21 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-02-05 20:21 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-05 20:21 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-02-05 20:21 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-02-05 20:21 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-02-05 20:21 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-05 20:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-02-05 20:21 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-05 20:21 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2008-02-05 20:21 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-02-05 20:21 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-02-05 20:21 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-02-05 20:21 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-02-05 20:21 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-02-05 20:21 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-02-05 20:21 105,984 ----a-w C:\Windows\System32\CscMig.dll
2008-02-05 20:21 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-02-05 20:21 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-02-05 20:20 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-02-05 20:20 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-02-05 20:20 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-05 20:20 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-02-05 20:20 633,856 ----a-w C:\Windows\System32\user32.dll
2008-02-05 20:20 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-02-05 20:20 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-02-19 11:47 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-05 21:16 1006264]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 00:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 09:40 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-23 09:20 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-23 09:19 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-23 09:20 81920]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-05 13:38 77824]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\Windows\System32\ico.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 11:14 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 11:18 215256]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-05 14:28 1838592]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-19 11:47 79224]
"combofix"="C:\Windows\system32\kmd.exe" [2006-11-02 10:44 320000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.exe" [2007-01-17 19:02 95784]

C:\Users\France Designer inox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 110592]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 12:43:38 715568]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-02-18 19:52:43 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 12:46]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 11:14]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 21:34]
R2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 11:17]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-04-02 05:42]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-02 05:42]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-02 05:42]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-02-05 13:45]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 14:41]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 17:44]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 11:15]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-08-15 15:49]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d369a84-d980-11dc-9181-00197ee6cd35}]
\shell\AutoRun\command - Iexplores.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-19 10:49:02 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\kmd.exe
"2008-02-05 12:49:09 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-05 12:49:09 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 11:52:02
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Windows\system32\MsiExec.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-19 11:54:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 10:54:14

merci beaucoup
dry

Lyonnais92 · Answer

Re,

le rapport d'elibagla c'est :

c:\infosat.txt

Utilisateur anonyme · Answer

Re , 
Tu aurais pu demander avant de passer Combofix , son utilisation est risquée ...

Poste un rapport Hijackthis et celui d'Elibagla stp
A+

dry · Answer

re,
oui j'ai eu peur... je m'attendais pas à ce que ca me coupe tout comme ça....

alors je trouve pas le infosat.txt sousC
du coup je relance elibagla 
et hijackthis. ca ca va rien me faire de grave ??

Utilisateur anonyme · Answer

Re , non non 
Mais bon sa sert à rien de refaire Elibagla puisque que Combofix à quasiment tout supprimé ...

Normalement tu dois avoir le fichier ' infosat '  (.txt étant 'extension) dans le disque dur C:\   ... non ?

Reposte un rapport Hijackthis.
A+

dry · Answer

ok mais hijackthis je l'ai jamais fait, je le télécharge et je te poste le rapport...
j'ai aucun rapport infosat sous c

Utilisateur anonyme · Answer

... Bon pas grave ( un peu quand même ... )

A+

dry · Answer

voilà le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:40, on 19/02/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32undll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{90A1C1E5-7E55-4551-965D-C91869F634B3}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing)
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re , j'analyse tout ça et je revient 
A+

Utilisateur anonyme · Answer

Re ,
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note ) 

File::  
C:\Windows\System32\aswBoot.exe 


Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

***************************

Tu as un service de Kaspersky qui tourne encore :
 Service: Kaspersky Internet Security 7.0  


Démarrer > executer (ou la touche  Windows+R ) > ' services.msc ' , 

- Clic droit sur le service cité - Kaspersky Internet Security 7.0  ( ou ressemblant )
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

******************
Poste le rapport Combofix stp.
a+

dry · Answer

Bonjour,
ça veut dire que j'ai encore des virus ça ?
dry

Utilisateur anonyme · Answer

Oui , suis la procédure stp.

A+

dry · Answer

coucou,
ok, j'ai coupé comme tu m'as dit kaspersky par contre j'ai essayé de le désinstaller mais j'y arrive pas.
Je lancerai combofix à ma pause déjeuner et je te poste le rapport.
merci,
dry

Utilisateur anonyme · Answer

Re , ok 
Petite question , Kaspersky c'était une version d'essais ?   
a+

dry · Answer

je sais pas c une version gratuite mais ct au debut du virus du coup pendant l'installation ça a bloqué et depuis j'arrive pas à l'enlever, ni spybot aussi....

Utilisateur anonyme · Answer

Re , 
Ok spybot tu laisses par contre ( utile ), on s'occupera de Kaspersky plus tard ;)
a+

dry · Answer

voilà le rapport combofix :
* Création d'un nouveau point de restauration

FILE
C:\Windows\System32\aswBoot.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\aswBoot.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

2008-02-20 08:48 . 2008-02-20 08:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-20 08:48 . 2008-02-20 08:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-20 08:48 . 2008-02-20 08:48 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-20 08:48 . 2008-02-20 08:48 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-02-20 08:48 . 2008-02-20 08:48 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-02-20 08:48 . 2008-02-20 08:48 43,352 --a------ C:\Windows\System32\wups2.dll
2008-02-20 08:48 . 2008-02-20 08:48 33,624 --a------ C:\Windows\System32\wups.dll
2008-02-20 08:47 . 2008-02-20 08:47 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-02-20 08:47 . 2008-02-20 08:47 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-02-19 18:44 . 2008-02-19 18:44 <REP> d-------- C:\Program Files\Trend Micro
2008-02-19 18:31 . 2008-02-19 18:31 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-02-19 18:25 . 2008-02-19 18:34 167,227 --a------ C:\Windows\hpwins05.dat
2008-02-19 17:06 . 2007-07-05 04:42 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-02-19 15:54 . 2008-02-19 15:54 <REP> d-------- C:\Program Files\Hercules
2008-02-19 15:52 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys
2008-02-19 15:34 . 2008-02-19 15:34 21,668 --a------ C:\Windows\System32\emptyregdb.dat
2008-02-19 15:29 . 2008-02-19 15:29 <REP> d-------- C:\Users\Default\video
2008-02-19 15:05 . 2006-11-02 11:23 <REP> dr------- C:\Users\IUSR_NMPR\Videos
2008-02-19 15:05 . 2006-11-02 11:23 <REP> d-------- C:\Users\IUSR_NMPR\Saved Games
2008-02-19 15:05 . 2006-11-02 11:23 <REP> dr------- C:\Users\IUSR_NMPR\Pictures
2008-02-19 15:05 . 2006-11-02 11:23 <REP> dr------- C:\Users\IUSR_NMPR\Music
2008-02-19 15:05 . 2006-11-02 11:23 <REP> dr------- C:\Users\IUSR_NMPR\Links
2008-02-19 15:05 . 2006-11-02 11:23 <REP> dr------- C:\Users\IUSR_NMPR\Downloads
2008-02-19 15:05 . 2008-02-19 15:05 <REP> dr------- C:\Users\IUSR_NMPR\Documents
2008-02-19 15:05 . 2006-11-02 12:18 <REP> d--h----- C:\Users\IUSR_NMPR\AppData
2008-02-19 15:05 . 2008-02-19 15:28 <REP> dr------- C:\Users\France Designer inox\Videos
2008-02-19 15:05 . 2008-02-19 15:28 <REP> dr------- C:\Users\France Designer inox\Saved Games
2008-02-19 15:05 . 2008-02-19 15:49 <REP> dr------- C:\Users\France Designer inox\Pictures
2008-02-19 15:05 . 2008-02-19 15:49 <REP> dr------- C:\Users\France Designer inox\Music
2008-02-19 15:05 . 2008-02-19 15:49 <REP> dr------- C:\Users\France Designer inox\Links
2008-02-19 15:05 . 2008-02-19 15:28 <REP> dr------- C:\Users\France Designer inox\Downloads
2008-02-19 15:05 . 2008-02-20 12:00 <REP> dr------- C:\Users\France Designer inox\Documents
2008-02-19 15:05 . 2006-11-02 13:35 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\Media Center Programs
2008-02-19 15:05 . 2008-02-19 15:28 <REP> d--h----- C:\Users\France Designer inox\AppData
2008-02-19 14:58 . 2008-02-20 09:13 12 --a------ C:\Windows\bthservsdp.dat
2008-02-19 14:57 . 2008-02-19 14:57 <REP> d-------- C:\Program Files\Sigmatel
2008-02-19 14:57 . 2007-09-12 09:40 1,601,536 --a------ C:\Windows\System32\stlang.dll
2008-02-19 14:57 . 2007-09-12 09:40 94,208 --------- C:\Windows\System32\stacsv.exe
2008-02-19 14:56 . 2008-02-20 09:04 <REP> d-------- C:\Windows\System32\catroot2
2008-02-19 14:50 . 2008-02-19 14:50 <REP> d-------- C:\Windows\System32\OEM
2008-02-19 14:50 . 2008-02-19 15:34 <REP> d-------- C:\Windows\Debug
2008-02-19 14:50 . 2007-02-24 05:43 32 -rah----- C:\Windows\DELL_VERSION
2008-02-19 14:43 . 2008-02-19 14:43 <REP> d--h----- C:\$WINDOWS.~Q
2008-02-19 14:36 . 2008-02-19 14:51 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-02-19 12:05 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-19 12:05 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-19 12:05 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-19 12:05 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-19 12:05 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-19 11:14 . 2008-02-19 15:16 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-02-19 11:14 . 2008-02-19 15:16 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-02-19 11:14 . 2008-02-19 15:14 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-02-19 09:14 . 2008-02-19 15:10 <REP> d-------- C:\Program Files\Alwil Software
2008-02-18 21:42 . 2008-02-19 14:08 1,887 --a------ C:\Windows\diagwrn.xml
2008-02-18 21:42 . 2008-02-19 14:08 1,887 --a------ C:\Windows\diagerr.xml
2008-02-18 18:32 . 2008-02-18 22:45 271,572,406 --a------ C:\Windows\MEMORY.DMP
2008-02-18 16:23 . 2007-12-19 12:28 1,232,896 --a------ C:\Windows\SYCIOU.dll
2008-02-18 16:23 . 2007-12-18 10:37 1,028,096 --a------ C:\Windows\SYCGeoU.dll
2008-02-18 16:23 . 2007-11-15 19:21 385,024 --a------ C:\Windows\SYCLicense071115U.dll
2008-02-18 15:53 . 2008-02-19 15:10 <REP> d-------- C:\Program Files\Blender Foundation
2008-02-18 14:53 . 2008-02-19 15:14 <REP> d-------- C:\Program Files\MakeHuman 0.9.1 RC1
2008-02-17 12:23 . 2008-02-17 12:23 132,469 --a------ C:\Windows\hpwins13.dat
2008-02-17 12:23 . 2007-05-26 06:18 350 --a------ C:\Windows\hpwmdl13.dat
2008-02-16 17:55 . 2008-02-19 15:28 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\InstallShield
2008-02-14 19:00 . 2008-02-19 15:28 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\HP
2008-02-14 18:59 . 2008-02-14 18:59 <REP> d-------- C:\Users\All Users\HPSSUPPLY
2008-02-14 18:59 . 2008-02-14 18:59 <REP> d-------- C:\ProgramData\HPSSUPPLY
2008-02-14 18:58 . 2008-02-19 15:12 <REP> d-------- C:\Program Files\Common Files\HP
2008-02-14 18:58 . 2008-02-19 15:12 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-14 18:57 . 2008-02-19 15:16 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-02-14 18:57 . 2008-02-19 15:16 <REP> d-------- C:\ProgramData\Hewlett-Packard
2008-02-14 18:10 . 2007-08-17 21:29 118,272 --a------ C:\Windows\System32\hpz3l4x6.dll
2008-02-14 18:09 . 2008-02-19 15:17 <REP> d-------- C:\Windows\carrier
2008-02-14 18:09 . 2008-02-19 15:13 <REP> d-------- C:\Program Files\HP
2008-02-14 18:08 . 2008-02-19 18:33 <REP> d-------- C:\Users\All Users\HP
2008-02-14 18:08 . 2008-02-19 18:33 <REP> d-------- C:\ProgramData\HP
2008-02-13 19:27 . 2008-02-19 15:13 <REP> d-------- C:\Program Files\EPSON
2008-02-13 19:27 . 2006-03-03 02:04 73,216 --a------ C:\Windows\System32\E_FLBBGE.DLL
2008-02-13 19:27 . 2005-04-11 02:01 62,976 --a------ C:\Windows\System32\E_FD4BBGE.DLL
2008-02-13 19:27 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-13 09:42 . 2008-02-13 09:42 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-12 19:34 . 2008-02-19 15:19 <REP> d-------- C:\Windows\{E6751138-D3DA-4A03-9441-6090094C7D45}
2008-02-12 18:09 . 2008-02-19 15:18 <REP> d-------- C:\Windows\System32\Adobe
2008-02-12 18:09 . 2001-11-14 20:19 16,384 --a------ C:\Windows\System32\FileOps.exe
2008-02-12 18:06 . 2008-02-19 15:17 <REP> d-------- C:\Windows\Adobe Illustrator CS
2008-02-12 18:02 . 2008-02-19 15:16 <REP> d-------- C:\Users\All Users\Macrovision
2008-02-12 18:02 . 2008-02-19 15:16 <REP> d-------- C:\ProgramData\Macrovision
2008-02-12 18:02 . 2008-02-19 15:12 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-12 17:47 . 2008-02-19 15:28 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks 2008
2008-02-12 17:45 . 2008-02-19 15:28 <REP> d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks
2008-02-12 17:36 . 2008-02-12 17:36 23 --ah----- C:\Windows\yacht.xws
2008-02-12 17:31 . 2008-02-19 15:17 <REP> d-------- C:\Users\All Users\SolidWorks
2008-02-12 17:31 . 2008-02-12 17:31 <REP> d-------- C:\Solidworks Data
2008-02-12 17:31 . 2008-02-19 15:17 <REP> d-------- C:\ProgramData\SolidWorks
2008-02-12 17:31 . 2008-02-20 09:19 <REP> d-------- C:\Program Files\SolidWorks
2008-02-12 17:31 . 2008-02-19 15:13 <REP> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-02-12 17:31 . 2008-02-19 15:12 <REP> d-------- C:\Program Files\Common Files\eDrawings2008
2008-02-12 17:31 . 2008-02-19 15:10 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-02-12 17:27 . 2008-02-19 15:14 <REP> d-------- C:\Program Files\MSECache
2008-02-12 17:13 . 2008-02-20 09:12 <REP> d-------- C:\Program Files\PowerISO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Modèles
2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Favoris
2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Bureau
2008-02-19 14:44 --------- d-sh--w C:\Program Files\Fichiers communs
2008-02-19 10:49 110,096 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-02-12 18:34 8,115,712 ----a-w C:\Program Files\EZ Connect N Draft 11n Wireless USB2.0 Adapter.msi
2008-02-12 18:34 6,129 ----a-w C:\Program Files\[u]0/ux0409.ini
2008-02-12 18:34 3,584 ----a-w C:\Program Files\1033.MST
2008-02-05 12:55 129,784 ----a-w C:\Windows\System32\pxafs.dll
2008-02-05 12:55 118,520 ----a-w C:\Windows\System32\pxinsi64.exe
2008-02-05 12:55 116,472 ----a-w C:\Windows\System32\pxcpyi64.exe
2006-11-02 12:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:32 2159104 C:\Windows\System32\oobefldr.dll]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:32 1004136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-23 09:20 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-23 09:19 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-23 09:20 81920]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 09:40 405504]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\Windows\System32\ico.exe]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 00:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 11:18 215256]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-05 14:28 1838592]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 11:14 439512]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-05 13:38 77824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

C:\Users\France Designer inox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 110592]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 12:43:38 715568]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-02-19 15:54:30 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 12:46]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 21:34]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 14:41]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 17:44]
S2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 11:14]
S2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 11:17]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 11:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-19 10:49:02 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\kmd.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 13:05:24
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-20 13:05:54
ComboFix-quarantined-files.txt 2008-02-20 12:05:52
ComboFix2.txt 2008-02-19 10:54:17
.

et hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:27, on 20/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{90A1C1E5-7E55-4551-965D-C91869F634B3}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CS2\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing)
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re  ,

Tu connais ce programme ?

C:\Program Files\MakeHuman 0.9.1 RC1 

?

**********************

Fixe ces lignes ( coche la case devant les lignes > ' fixchecked ' )

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing) 

****************

Délaisse Avast au profit d'Antivir , contrairement à ce que tout le monde pense , Avast n'est pas aussi bien que l'on pourrais le croire regarde le classement des AV
et constate par toi même  &#8594; Avast vs Antivir

Vire Avast &#8594; Désinstalle Avast  'proprement' ( merci espion3004)

Et télécharge Antivir ( PersonnalEdition Classic) &#8594; ici 

Tuto Installation + configuration Antivir &#8594; https://www.malekal.com/avira-free-security-antivirus-gratuit/

Pour le rendre encore plus discret....


*********

Télécharge ZoneAlarm  Lit bien tout l'article pour éviter les surprises.

Des soucis avec ? 

*****

Voila 
Tiens moi au courant
a+

dry · Answer

Bonjour,
oui je connais makehuman c'est un logiciel dont je me sers.
Sinon j'ai mis antivir, c'est en train de scanner, après je mettrais zone alarm.
Et là tu crois que ça sera bon?
Est ce que tu pourras me dire comment enlever kaspersky et spybot aussi stp?
merci beaucoup,
dry

Utilisateur anonyme · Answer

Re , pourquoi enlever spybot ? 
C'est un bon logiciel qui de plus possede un résident + scan passif ...
Tiens moi au courant
a+

dry · Answer

parce qu'il fonctionne pas et j'arrive ni à l'enlever ni à le faire fonctionner, du coup je voulais l'enlever pour le reinstaller proprement...
antivir m'a trouvé des virus qu'il a supprimé...

Utilisateur anonyme · Answer

Re , tu as le rapport d'antivir stp ? 

******************

A+

dry · Answer

je l'ai trouvé rapport antivir : AntiVir PersonalEdition Classic Report file date: jeudi 21 février 2008 09:24 Scanning for 1118748 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Username: France Designer inox Computer name: PC1 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 08:21:06 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 08:21:06 ANTIVIR3.VDF : 7.0.2.170 312832 Bytes 21/02/2008 08:21:06 AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 21/02/2008 08:21:06 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 21/02/2008 08:21:06 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 21 février 2008 09:24 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '0' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'VSSVC.exe' - '0' Module(s) have been scanned Scan process 'FlashUtil9d.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'ieuser.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'CCU_Engine.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '0' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'pmxmiced.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'swBOEngine.exe' - '1' Module(s) have been scanned Scan process 'WiFiLB.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'CCU_TrayIcon.exe' - '1' Module(s) have been scanned Scan process 'ico.exe' - '1' Module(s) have been scanned Scan process 'sttray.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'mscorsvw.exe' - '0' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'taskeng.exe' - '0' Module(s) have been scanned Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'stacsv.exe' - '0' Module(s) have been scanned Scan process 'sprtsvc.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'MDM.EXE' - '0' Module(s) have been scanned Scan process 'IAANTmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'DQLWinService.exe' - '0' Module(s) have been scanned Scan process 'btwdins.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '0' Module(s) have been scanned Scan process 'AlertService.exe' - '0' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'spoolsv.exe' - '0' Module(s) have been scanned Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'SLsvc.exe' - '0' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'lsm.exe' - '0' Module(s) have been scanned Scan process 'lsass.exe' - '0' Module(s) have been scanned Scan process 'services.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'wininit.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'smss.exe' - '0' Module(s) have been scanned 32 processes with 32 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0005 [NOTE] Please restart the search with Administrator rights Boot sector 'D:\' [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0005 [NOTE] Please restart the search with Administrator rights Boot sector 'F:\' [NOTE] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [NOTE] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [NOTE] In the drive 'H:\' no data medium is inserted! Boot sector 'I:\' [NOTE] In the drive 'I:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '28' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\catchme2008-02-19_115152.50.zip [0] Archive type: ZIP --> srosa.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen --> hldrrr.exe [DETECTION] Is the Trojan horse TR/Dldr.Bagle.JW [INFO] The file was deleted! C:\QooBox\Quarantine\C\Windows\System32\drivers\hldrrr.exe.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [INFO] The file was deleted! C:\QooBox\Quarantine\C\Windows\System32\drivers\srosa.sys.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [INFO] The file was deleted! Begin scan in 'D:\' Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: jeudi 21 février 2008 10:02 Used time: 37:23 min The scan has been done completely. 21237 Scanning directories 340696 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 3 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 340692 Files not concerned 1546 Archives were scanned 2 Warnings 0 Notes merci encore...

Utilisateur anonyme · Answer

Re , ok il a trouvé le bagle qui était dans la quarantaine de Combofix -> Pas de soucis ;)

***************


HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> Enregistre le fichier -> fais-en un copier/coller ici.

A+

dry · Answer

de quoi??? qu'est ce que tu me dis là....

Utilisateur anonyme · Answer

Re , 
Je disais Antivir a trouvé les virus que Combofix avait supprimés ( mis en quarantaines , donc pas de soucis de ce coté la )

Lance HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> Enregistre le fichier -> fais-en un copier/coller ici. 

A+

dry · Answer

voilà :
32 Bit HP CIO Components Installer
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Help Viewer CS3
Adobe Illustrator CS
Adobe InDesign CS
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.0 - Français
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Avira AntiVir PersonalEdition Classic
Blender (remove only)
Browser Address Error Redirector
Dell Support Center
EPSON Printer Software
Google Desktop
Guide de l'utilisateur
Hercules WiFi Station for Livebox
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) PRO Network Connections Drivers
Java(TM) SE Runtime Environment 6
Logiciel Intel® Viiv™
Microsoft Office 2003 Web Components
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mouse Suite for Desktop Computers
MPM
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NVIDIA Drivers
Orange Preload
PowerISO
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
SolidWorks 2008 SP0
Sonic CinePlayer Decoder Pack
WIDCOMM Bluetooth Software 6.0.1.4300

c bon????

Utilisateur anonyme · Answer

Re , 

Pour Spybot , va dans C:\programme\spybot search&destroy  <-- Vire le dossier en MSE

Fait de même pour Kaspersky   qui doit se situer dans   C:\programme\ 

Voila tiens moi au courant des difficultées rencontrées , je part pour l'aprem ;)
A+

dry · Answer

je trouve pas de fichier en MSE, et je trouve meme pas spybot dans programme...
bonne aprem
dry

Utilisateur anonyme · Answer

Re , il n'y sont plus  alors =) 

******************

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

# Double clique sur ToolsCleaner2.exe >
# Clique sur .Recherche
# puis sur Suppression quand la liste est trouvée.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 
# Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
A+

Virus bagle je crois

32 réponses

Votre réponse

Discussions similaires

Newsletters