virus bagle je crois

Question

Bonjour,
Je crois que j'ai le virus bagle, j'ai suivi les conversations sur ce virus et j'ai télécharger elibagla, à priori il me confirme qu'il y a bagle mais il y a plein de fichier qu'il n'arrive pas à mettre à la poubelle. Du coup après dans les discussions je vois qu'il faut poster le rapport afin qu'on puisse m'aider, est-ce que ça serait possible que quelqu'un m'aide...
Merci,
dry

Utilisateur anonyme · Answer

Salut ! *************** Dèjà on va voir ce qui traine sur ton pc ;) Télécharge HJT ' Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer le fichier ' Hijackthis.exe '(situé dans le dossier dans C:\ ) en 'HJT.exe' <<<<<<<<< Important !!! <<<<<<< Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Hijackthis\HJT.exe -> Ne pas renommer l'icône du raccourci sur le bureau bien entendu ... Clique droit sur l'icône -> '' Executer en tant qu'administrateur '' , et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note ) Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm A+

Lyonnais92 · Answer

Bonjour,

pour anticiper la demande de cyrildu17,

ajoute le rapport d'elibagla au rapport d'Hijackthis

dry · Answer

Bonjour, alors en fait depuis j'ai tenté 2, 3 trucs, j'ai passé elibagla mais j'arrive pas à trouver le rapport.... puis derrière j'ai mis combofix, celui là j'ai le rapport il me dit qu'il a supprimé hldrrr.exe 2 fois c'est le seul truc que je comprends sur ce rapport, ensuite j'ai finalement réussi à mettre avast qui m'a trouvé Win32 beagle-YN et qui l'a supprimé enfin j'ai remis à jour vista avec les cds d'install du coup là je sais pas s'il reste encore des virus ou pas. je mets le rapport de combofix : Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\srosa.sys C:\Windows\system32\drivers\down C:\Windows\system32\drivers\down\34142035.exe C:\Windows\system32\drivers\down\34174624.exe C:\Windows\system32\drivers\down\34178867.exe C:\Windows\system32\drivers\down\34208632.exe C:\Windows\system32\drivers\down\34242266.exe C:\Windows\system32\drivers\down\34243436.exe C:\Windows\system32\drivers\down\34253576.exe C:\Windows\system32\drivers\down\34259036.exe C:\Windows\system32\drivers\down\34264855.exe C:\Windows\system32\drivers\down\34272702.exe C:\Windows\system32\drivers\down\34288926.exe C:\Windows\system32\drivers\down\34295509.exe C:\Windows\system32\drivers\down\34297053.exe C:\Windows\system32\drivers\down\34298317.exe C:\Windows\system32\drivers\down\34300626.exe C:\Windows\system32\drivers\down\34314151.exe C:\Windows\system32\drivers\down\34326647.exe C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\srosa.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa ((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))))))) . 2008-02-19 11:15 . 2008-02-19 11:15 d-------- C:\Windows\LastGood.Tmp 2008-02-19 11:14 . 2008-02-19 11:14 d-------- C:\Users\All Users\Kaspersky Lab 2008-02-19 11:14 . 2008-02-19 11:14 d-------- C:\ProgramData\Kaspersky Lab 2008-02-19 11:14 . 2008-02-19 11:14 d-------- C:\Program Files\Kaspersky Lab 2008-02-19 11:06 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe 2008-02-19 11:06 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx 2008-02-19 11:06 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr 2008-02-19 11:06 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-02-19 11:06 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys 2008-02-19 11:06 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys 2008-02-19 11:03 . 2008-02-19 11:03 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-02-19 11:03 . 2008-02-19 11:03 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-02-19 11:03 . 2008-02-19 11:03 d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-19 09:14 . 2008-02-19 09:14 d-------- C:\Program Files\Alwil Software 2008-02-18 22:19 . 2008-02-18 22:19 d-------- C:\$WINDOWS.~BT 2008-02-18 21:42 . 2008-02-18 22:23 1,905 --a------ C:\Windows\diagwrn.xml 2008-02-18 21:42 . 2008-02-18 22:23 1,905 --a------ C:\Windows\diagerr.xml 2008-02-18 19:52 . 2008-02-18 19:52 d-------- C:\Program Files\Hercules 2008-02-18 19:51 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys 2008-02-18 18:32 . 2008-02-18 22:45 271,572,406 --a------ C:\Windows\MEMORY.DMP 2008-02-18 16:23 . 2007-12-19 12:28 1,232,896 --a------ C:\Windows\SYCIOU.dll 2008-02-18 16:23 . 2007-12-18 10:37 1,028,096 --a------ C:\Windows\SYCGeoU.dll 2008-02-18 16:23 . 2007-11-15 19:21 385,024 --a------ C:\Windows\SYCLicense071115U.dll 2008-02-18 15:53 . 2008-02-18 15:53 d-------- C:\Program Files\Blender Foundation 2008-02-18 14:53 . 2008-02-18 14:53 d-------- C:\Program Files\MakeHuman 0.9.1 RC1 2008-02-17 12:23 . 2008-02-17 12:23 132,469 --a------ C:\Windows\hpwins13.dat 2008-02-17 12:23 . 2007-05-26 06:18 350 --------- C:\Windows\hpwmdl13.dat 2008-02-17 12:22 . 2008-01-10 06:42 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-17 12:20 . 2007-01-31 16:16 118,272 --a------ C:\Windows\System32\hpz3l4v6.dll 2008-02-16 17:55 . 2008-02-16 17:55 d-------- C:\Users\France Designer inox\AppData\Roaming\InstallShield 2008-02-15 11:04 . 2008-02-15 11:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-15 11:04 . 2008-02-15 11:04 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-15 09:41 . 2008-02-15 09:41 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-15 09:41 . 2008-02-15 09:41 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-15 09:38 . 2008-02-15 09:38 3,505,720 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-15 09:38 . 2008-02-15 09:38 3,471,928 --a------ C:\Windows\System32\ntoskrnl.exe 2008-02-15 09:38 . 2008-02-15 09:38 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-02-15 09:38 . 2008-02-15 09:38 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-02-15 09:38 . 2008-02-15 09:38 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-02-15 09:37 . 2008-02-15 09:37 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-02-15 09:37 . 2008-02-15 09:37 217,144 --a------ C:\Windows\System32\drivers\netio.sys 2008-02-15 09:37 . 2008-02-15 09:37 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-02-15 09:37 . 2008-02-15 09:37 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-02-15 09:37 . 2008-02-15 09:37 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-02-14 19:00 . 2008-02-19 09:56 d-------- C:\Users\France Designer inox\AppData\Roaming\HP 2008-02-14 18:59 . 2008-02-14 18:59 d-------- C:\Users\All Users\HPSSUPPLY 2008-02-14 18:59 . 2008-02-14 18:59 d-------- C:\ProgramData\HPSSUPPLY 2008-02-14 18:58 . 2008-02-14 18:58 d-------- C:\Program Files\Hewlett-Packard 2008-02-14 18:58 . 2008-02-14 18:59 d-------- C:\Program Files\Common Files\HP 2008-02-14 18:58 . 2008-02-14 18:58 d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-02-14 18:57 . 2008-02-14 18:57 d-------- C:\Users\All Users\Hewlett-Packard 2008-02-14 18:57 . 2008-02-14 18:57 d-------- C:\ProgramData\Hewlett-Packard 2008-02-14 18:10 . 2007-07-05 03:49 892,928 --a------ C:\Windows\System32\hpwtiop2.dll 2008-02-14 18:10 . 2007-07-05 03:49 675,840 --a------ C:\Windows\System32\hpwwiax2.dll 2008-02-14 18:10 . 2007-07-05 03:48 364,544 --a------ C:\Windows\System32\hppldcoi.dll 2008-02-14 18:10 . 2007-07-05 03:48 309,760 --a------ C:\Windows\System32\difxapi.dll 2008-02-14 18:10 . 2007-07-05 03:49 294,912 --a------ C:\Windows\System32\hpovst11.dll 2008-02-14 18:10 . 2007-07-05 04:42 258,048 --a------ C:\Windows\System32\hpzids01.dll 2008-02-14 18:10 . 2007-08-17 21:29 118,272 --a------ C:\Windows\System32\hpz3l4x6.dll 2008-02-14 18:09 . 2008-02-14 18:09 d-------- C:\Windows\carrier 2008-02-14 18:09 . 2008-02-14 18:59 d-------- C:\Program Files\HP 2008-02-14 18:09 . 2008-02-14 19:09 167,227 --a------ C:\Windows\hpwins05.dat 2008-02-14 18:08 . 2008-02-15 09:33 d-------- C:\Users\All Users\HP 2008-02-14 18:08 . 2008-02-15 09:33 d-------- C:\ProgramData\HP 2008-02-13 19:27 . 2008-02-13 19:27 d-------- C:\Program Files\EPSON 2008-02-13 19:27 . 2006-03-03 02:04 73,216 --a------ C:\Windows\System32\E_FLBBGE.DLL 2008-02-13 19:27 . 2005-04-11 02:01 62,976 --a------ C:\Windows\System32\E_FD4BBGE.DLL 2008-02-13 19:27 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL 2008-02-13 09:43 . 2008-02-13 09:43 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-02-13 09:42 . 2008-02-13 09:42 d-------- C:\Program Files\MSXML 4.0 2008-02-13 09:42 . 2008-02-13 09:42 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-02-13 09:42 . 2008-02-13 09:42 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-02-13 09:42 . 2008-02-13 09:42 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-02-13 09:42 . 2008-02-13 09:42 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-02-13 09:41 . 2008-02-13 09:41 2,048 --a------ C:\Windows\System32\tzres.dll 2008-02-12 19:34 . 2008-02-12 19:34 d-------- C:\Windows\{E6751138-D3DA-4A03-9441-6090094C7D45} 2008-02-12 18:09 . 2008-02-12 18:09 d-------- C:\Windows\System32\Adobe 2008-02-12 18:09 . 2001-11-14 20:19 16,384 --a------ C:\Windows\System32\FileOps.exe 2008-02-12 18:06 . 2008-02-12 18:06 d-------- C:\Windows\Adobe Illustrator CS 2008-02-12 18:02 . 2008-02-12 18:02 d-------- C:\Users\All Users\Macrovision 2008-02-12 18:02 . 2008-02-12 18:02 d-------- C:\ProgramData\Macrovision 2008-02-12 18:02 . 2008-02-12 18:02 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-02-12 17:47 . 2008-02-12 17:47 d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks 2008 2008-02-12 17:45 . 2008-02-13 16:51 d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks 2008-02-12 17:36 . 2008-02-12 17:36 23 --ah----- C:\Windows\yacht.xws 2008-02-12 17:31 . 2008-02-12 17:31 d-------- C:\Users\All Users\SolidWorks 2008-02-12 17:31 . 2008-02-12 17:31 d-------- C:\Solidworks Data 2008-02-12 17:31 . 2008-02-12 17:31 d-------- C:\ProgramData\SolidWorks 2008-02-12 17:31 . 2008-02-12 17:35 d-------- C:\Program Files\SolidWorks 2008-02-12 17:31 . 2008-02-12 17:36 d-------- C:\Program Files\Common Files\SolidWorks Shared 2008-02-12 17:31 . 2008-02-12 17:31 d-------- C:\Program Files\Common Files\eDrawings2008 2008-02-12 17:31 . 2008-02-12 17:31 d-------- C:\Program Files\AGEIA Technologies 2008-02-12 17:27 . 2008-02-12 17:27 d-------- C:\Program Files\MSECache 2008-02-12 17:13 . 2008-02-12 17:13 d-------- C:\Program Files\PowerISO 2008-02-12 17:07 . 2008-02-12 17:07 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-02-12 17:07 . 2008-02-12 17:07 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-02-12 17:07 . 2008-02-12 17:07 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-02-12 17:07 . 2008-02-12 17:07 43,352 --a------ C:\Windows\System32\wups2.dll 2008-02-12 17:05 . 2008-02-12 17:05 549,720 --a------ C:\Windows\System32\wuapi.dll 2008-02-12 17:05 . 2008-02-12 17:05 163,000 --a------ C:\Windows\System32\wuwebv.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 10:49 110,096 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-02-15 10:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-15 10:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-15 10:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-15 10:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-15 08:40 943,800 ----a-w C:\Windows\System32\winload.exe 2008-02-15 08:40 905,400 ----a-w C:\Windows\System32\winresume.exe 2008-02-15 08:40 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-15 08:40 613,888 ----a-w C:\Windows\System32\wpd_ci.dll 2008-02-15 08:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-15 08:40 595,456 ----a-w C:\Windows\System32\schedsvc.dll 2008-02-15 08:40 558,080 ----a-w C:\Windows\System32\oleaut32.dll 2008-02-15 08:40 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-02-15 08:40 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-02-15 08:40 39,424 ----a-w C:\Windows\System32\lodctr.exe 2008-02-15 08:40 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-02-15 08:40 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-02-15 08:40 35,328 ----a-w C:\Windows\System32\dispci.dll 2008-02-15 08:40 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-02-15 08:40 32,256 ----a-w C:\Windows\System32\unlodctr.exe 2008-02-15 08:40 260,096 ----a-w C:\Windows\System32\dpx.dll 2008-02-15 08:40 23,552 ----a-w C:\Windows\System32\nshhttp.dll 2008-02-15 08:40 224,824 ----a-w C:\Windows\System32\clfs.sys 2008-02-15 08:40 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll 2008-02-15 08:40 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-02-15 08:40 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll 2008-02-15 08:40 17,408 ----a-w C:\Windows\System32\prflbmsg.dll 2008-02-15 08:40 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-02-15 08:40 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-02-15 08:40 12,800 ----a-w C:\Windows\System32\batt.dll 2008-02-15 08:40 115,200 ----a-w C:\Windows\System32\loadperf.dll 2008-02-15 08:40 101,888 ----a-w C:\Windows\System32\drvinst.exe 2008-02-15 08:40 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-02-15 08:35 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-15 08:35 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-15 08:35 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-15 08:35 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-13 08:51 --------- d-----w C:\Program Files\Windows Mail 2008-02-13 08:50 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-13 08:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-02-13 08:44 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2008-02-13 08:44 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2008-02-13 08:44 39,936 ----a-w C:\Windows\System32\slcinst.dll 2008-02-13 08:44 351,232 ----a-w C:\Windows\System32\SLUI.exe 2008-02-13 08:44 33,280 ----a-w C:\Windows\System32\slwmi.dll 2008-02-13 08:44 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2008-02-13 08:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-02-13 08:44 223,232 ----a-w C:\Windows\System32\SLC.dll 2008-02-13 08:44 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2008-02-13 08:44 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2008-02-13 08:44 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-02-12 18:34 8,115,712 ----a-w C:\Program Files\EZ Connect N Draft 11n Wireless USB2.0 Adapter.msi 2008-02-12 18:34 6,129 ----a-w C:\Program Files\[u]0/ux0409.ini 2008-02-12 18:34 3,584 ----a-w C:\Program Files\1033.MST 2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Modèles 2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Favoris 2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Documents 2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Bureau 2008-02-11 17:20 --------- d-sh--w C:\ProgramData\Application Data 2008-02-11 17:20 --------- d-sh--w C:\Program Files\Fichiers communs 2008-02-05 20:23 45,240 ------w C:\Windows\system32\drivers\pciidex.sys 2008-02-05 20:23 25,784 ------w C:\Windows\system32\drivers\msahci.sys 2008-02-05 20:23 21,688 ------w C:\Windows\system32\drivers\atapi.sys 2008-02-05 20:23 20,152 ------w C:\Windows\system32\drivers\viaide.sys 2008-02-05 20:23 19,128 ------w C:\Windows\system32\drivers\cmdide.sys 2008-02-05 20:23 18,104 ------w C:\Windows\system32\drivers\amdide.sys 2008-02-05 20:23 17,592 ------w C:\Windows\system32\drivers\intelide.sys 2008-02-05 20:23 17,592 ------w C:\Windows\system32\drivers\aliide.sys 2008-02-05 20:23 16,056 ------w C:\Windows\system32\drivers\pciide.sys 2008-02-05 20:23 110,264 ------w C:\Windows\system32\drivers\ataport.sys 2008-02-05 20:21 88,576 ----a-w C:\Windows\System32\avifil32.dll 2008-02-05 20:21 82,944 ----a-w C:\Windows\System32\mciavi32.dll 2008-02-05 20:21 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2008-02-05 20:21 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr 2008-02-05 20:21 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll 2008-02-05 20:21 7,680 ----a-w C:\Windows\System32\spwmp.dll 2008-02-05 20:21 69,632 ----a-w C:\Windows\System32\sendmail.dll 2008-02-05 20:21 65,024 ----a-w C:\Windows\System32\avicap32.dll 2008-02-05 20:21 61,440 ----a-w C:\Windows\System32\ntprint.exe 2008-02-05 20:21 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2008-02-05 20:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-02-05 20:21 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2008-02-05 20:21 320,000 ----a-w C:\Windows\system32\drivers\csc.sys 2008-02-05 20:21 31,232 ----a-w C:\Windows\System32\msvidc32.dll 2008-02-05 20:21 269,824 ----a-w C:\Windows\System32\schannel.dll 2008-02-05 20:21 220,160 ----a-w C:\Windows\System32\ntprint.dll 2008-02-05 20:21 123,904 ----a-w C:\Windows\System32\msvfw32.dll 2008-02-05 20:21 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll 2008-02-05 20:21 12,800 ----a-w C:\Windows\System32\msrle32.dll 2008-02-05 20:21 105,984 ----a-w C:\Windows\System32\CscMig.dll 2008-02-05 20:21 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll 2008-02-05 20:21 1,984,512 ----a-w C:\Windows\System32\authui.dll 2008-02-05 20:20 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2008-02-05 20:20 8,704 ----a-w C:\Windows\System32\hccoin.dll 2008-02-05 20:20 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2008-02-05 20:20 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys 2008-02-05 20:20 633,856 ----a-w C:\Windows\System32\user32.dll 2008-02-05 20:20 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys 2008-02-05 20:20 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-02-19 11:47 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-05 21:16 1006264] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 00:50 9728 C:\Windows\System32\HCIMNTR.DLL] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 09:40 405504] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-23 09:20 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-23 09:19 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-23 09:20 81920] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-05 13:38 77824] "PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\Windows\System32\ico.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] "NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 11:14 439512] "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 11:18 215256] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-05 14:28 1838592] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-19 11:47 79224] "combofix"="C:\Windows\system32\kmd.exe" [2006-11-02 10:44 320000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "DelayShred"="c:\program files\mcafee\mshr\ShrCL.exe" [2007-01-17 19:02 95784] C:\Users\France Designer inox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 110592] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 12:43:38 715568] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-02-18 19:52:43 102400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL "LoadAppInit_DLLs"=1 (0x1) R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 12:46] R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 11:14] R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 21:34] R2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 11:17] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service [] R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-04-02 05:42] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-02 05:42] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-02 05:42] R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-02-05 13:45] R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 14:41] R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 17:44] S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 11:15] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-08-15 15:49] S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d369a84-d980-11dc-9181-00197ee6cd35}] \shell\AutoRun\command - Iexplores.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-19 10:49:02 C:\Windows\Tasks\At1.job" - C:\Windows\system32\kmd.exe "2008-02-05 12:49:09 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-02-05 12:49:09 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-19 11:52:02 Windows 6.0.6000 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\system32\WUDFHost.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\STacSV.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\Pmxmiced.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\vssvc.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\Windows\system32\MsiExec.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-19 11:54:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-19 10:54:14 merci beaucoup dry

Lyonnais92 · Answer

Re,

le rapport d'elibagla c'est :

c:\infosat.txt

Utilisateur anonyme · Answer

Re , 
Tu aurais pu demander avant de passer Combofix , son utilisation est risquée ...

Poste un rapport Hijackthis et celui d'Elibagla stp
A+

dry · Answer

re,
oui j'ai eu peur... je m'attendais pas à ce que ca me coupe tout comme ça....

alors je trouve pas le infosat.txt sousC
du coup je relance elibagla 
et hijackthis. ca ca va rien me faire de grave ??

Utilisateur anonyme · Answer

Re , non non 
Mais bon sa sert à rien de refaire Elibagla puisque que Combofix à quasiment tout supprimé ...

Normalement tu dois avoir le fichier ' infosat '  (.txt étant 'extension) dans le disque dur C:\   ... non ?

Reposte un rapport Hijackthis.
A+

dry · Answer

ok mais hijackthis je l'ai jamais fait, je le télécharge et je te poste le rapport...
j'ai aucun rapport infosat sous c

Utilisateur anonyme · Answer

... Bon pas grave ( un peu quand même ... )

A+

dry · Answer

voilà le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:40, on 19/02/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32undll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
pjpi160.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{90A1C1E5-7E55-4551-965D-C91869F634B3}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing)
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re , j'analyse tout ça et je revient 
A+

Utilisateur anonyme · Answer

Re ,
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note ) 

File::  
C:\Windows\System32\aswBoot.exe 


Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

***************************

Tu as un service de Kaspersky qui tourne encore :
 Service: Kaspersky Internet Security 7.0  


Démarrer > executer (ou la touche  Windows+R ) > ' services.msc ' , 

- Clic droit sur le service cité - Kaspersky Internet Security 7.0  ( ou ressemblant )
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

******************
Poste le rapport Combofix stp.
a+

dry · Answer

Bonjour,
ça veut dire que j'ai encore des virus ça ?
dry

Utilisateur anonyme · Answer

Oui , suis la procédure stp.

A+

dry · Answer

coucou,
ok, j'ai coupé comme tu m'as dit kaspersky par contre j'ai essayé de le désinstaller mais j'y arrive pas.
Je lancerai combofix à ma pause déjeuner et je te poste le rapport.
merci,
dry

Utilisateur anonyme · Answer

Re , ok 
Petite question , Kaspersky c'était une version d'essais ?   
a+

dry · Answer

je sais pas c une version gratuite mais ct au debut du virus du coup pendant l'installation ça a bloqué et depuis j'arrive pas à l'enlever, ni spybot aussi....

Utilisateur anonyme · Answer

Re , 
Ok spybot tu laisses par contre ( utile ), on s'occupera de Kaspersky plus tard ;)
a+

dry · Answer

voilà le rapport combofix : * Création d'un nouveau point de restauration FILE C:\Windows\System32\aswBoot.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\aswBoot.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))))))) . 2008-02-20 08:48 . 2008-02-20 08:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-02-20 08:48 . 2008-02-20 08:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-02-20 08:48 . 2008-02-20 08:48 549,720 --a------ C:\Windows\System32\wuapi.dll 2008-02-20 08:48 . 2008-02-20 08:48 80,896 --a------ C:\Windows\System32\wudriver.dll 2008-02-20 08:48 . 2008-02-20 08:48 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-02-20 08:48 . 2008-02-20 08:48 43,352 --a------ C:\Windows\System32\wups2.dll 2008-02-20 08:48 . 2008-02-20 08:48 33,624 --a------ C:\Windows\System32\wups.dll 2008-02-20 08:47 . 2008-02-20 08:47 163,000 --a------ C:\Windows\System32\wuwebv.dll 2008-02-20 08:47 . 2008-02-20 08:47 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-02-19 18:44 . 2008-02-19 18:44 d-------- C:\Program Files\Trend Micro 2008-02-19 18:31 . 2008-02-19 18:31 d-------- C:\Program Files\Hewlett-Packard 2008-02-19 18:25 . 2008-02-19 18:34 167,227 --a------ C:\Windows\hpwins05.dat 2008-02-19 17:06 . 2007-07-05 04:42 258,048 --a------ C:\Windows\System32\hpzids01.dll 2008-02-19 15:54 . 2008-02-19 15:54 d-------- C:\Program Files\Hercules 2008-02-19 15:52 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys 2008-02-19 15:34 . 2008-02-19 15:34 21,668 --a------ C:\Windows\System32\emptyregdb.dat 2008-02-19 15:29 . 2008-02-19 15:29 d-------- C:\Users\Default\video 2008-02-19 15:05 . 2006-11-02 11:23 dr------- C:\Users\IUSR_NMPR\Videos 2008-02-19 15:05 . 2006-11-02 11:23 d-------- C:\Users\IUSR_NMPR\Saved Games 2008-02-19 15:05 . 2006-11-02 11:23 dr------- C:\Users\IUSR_NMPR\Pictures 2008-02-19 15:05 . 2006-11-02 11:23 dr------- C:\Users\IUSR_NMPR\Music 2008-02-19 15:05 . 2006-11-02 11:23 dr------- C:\Users\IUSR_NMPR\Links 2008-02-19 15:05 . 2006-11-02 11:23 dr------- C:\Users\IUSR_NMPR\Downloads 2008-02-19 15:05 . 2008-02-19 15:05 dr------- C:\Users\IUSR_NMPR\Documents 2008-02-19 15:05 . 2006-11-02 12:18 d--h----- C:\Users\IUSR_NMPR\AppData 2008-02-19 15:05 . 2008-02-19 15:28 dr------- C:\Users\France Designer inox\Videos 2008-02-19 15:05 . 2008-02-19 15:28 dr------- C:\Users\France Designer inox\Saved Games 2008-02-19 15:05 . 2008-02-19 15:49 dr------- C:\Users\France Designer inox\Pictures 2008-02-19 15:05 . 2008-02-19 15:49 dr------- C:\Users\France Designer inox\Music 2008-02-19 15:05 . 2008-02-19 15:49 dr------- C:\Users\France Designer inox\Links 2008-02-19 15:05 . 2008-02-19 15:28 dr------- C:\Users\France Designer inox\Downloads 2008-02-19 15:05 . 2008-02-20 12:00 dr------- C:\Users\France Designer inox\Documents 2008-02-19 15:05 . 2006-11-02 13:35 d-------- C:\Users\France Designer inox\AppData\Roaming\Media Center Programs 2008-02-19 15:05 . 2008-02-19 15:28 d--h----- C:\Users\France Designer inox\AppData 2008-02-19 14:58 . 2008-02-20 09:13 12 --a------ C:\Windows\bthservsdp.dat 2008-02-19 14:57 . 2008-02-19 14:57 d-------- C:\Program Files\Sigmatel 2008-02-19 14:57 . 2007-09-12 09:40 1,601,536 --a------ C:\Windows\System32\stlang.dll 2008-02-19 14:57 . 2007-09-12 09:40 94,208 --------- C:\Windows\System32\stacsv.exe 2008-02-19 14:56 . 2008-02-20 09:04 d-------- C:\Windows\System32\catroot2 2008-02-19 14:50 . 2008-02-19 14:50 d-------- C:\Windows\System32\OEM 2008-02-19 14:50 . 2008-02-19 15:34 d-------- C:\Windows\Debug 2008-02-19 14:50 . 2007-02-24 05:43 32 -rah----- C:\Windows\DELL_VERSION 2008-02-19 14:43 . 2008-02-19 14:43 d--h----- C:\$WINDOWS.~Q 2008-02-19 14:36 . 2008-02-19 14:51 8,192 -ra-s---- C:\BOOTSECT.BAK 2008-02-19 12:05 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx 2008-02-19 12:05 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr 2008-02-19 12:05 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-02-19 12:05 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys 2008-02-19 12:05 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys 2008-02-19 11:14 . 2008-02-19 15:16 d-------- C:\Users\All Users\Kaspersky Lab 2008-02-19 11:14 . 2008-02-19 15:16 d-------- C:\ProgramData\Kaspersky Lab 2008-02-19 11:14 . 2008-02-19 15:14 d-------- C:\Program Files\Kaspersky Lab 2008-02-19 09:14 . 2008-02-19 15:10 d-------- C:\Program Files\Alwil Software 2008-02-18 21:42 . 2008-02-19 14:08 1,887 --a------ C:\Windows\diagwrn.xml 2008-02-18 21:42 . 2008-02-19 14:08 1,887 --a------ C:\Windows\diagerr.xml 2008-02-18 18:32 . 2008-02-18 22:45 271,572,406 --a------ C:\Windows\MEMORY.DMP 2008-02-18 16:23 . 2007-12-19 12:28 1,232,896 --a------ C:\Windows\SYCIOU.dll 2008-02-18 16:23 . 2007-12-18 10:37 1,028,096 --a------ C:\Windows\SYCGeoU.dll 2008-02-18 16:23 . 2007-11-15 19:21 385,024 --a------ C:\Windows\SYCLicense071115U.dll 2008-02-18 15:53 . 2008-02-19 15:10 d-------- C:\Program Files\Blender Foundation 2008-02-18 14:53 . 2008-02-19 15:14 d-------- C:\Program Files\MakeHuman 0.9.1 RC1 2008-02-17 12:23 . 2008-02-17 12:23 132,469 --a------ C:\Windows\hpwins13.dat 2008-02-17 12:23 . 2007-05-26 06:18 350 --a------ C:\Windows\hpwmdl13.dat 2008-02-16 17:55 . 2008-02-19 15:28 d-------- C:\Users\France Designer inox\AppData\Roaming\InstallShield 2008-02-14 19:00 . 2008-02-19 15:28 d-------- C:\Users\France Designer inox\AppData\Roaming\HP 2008-02-14 18:59 . 2008-02-14 18:59 d-------- C:\Users\All Users\HPSSUPPLY 2008-02-14 18:59 . 2008-02-14 18:59 d-------- C:\ProgramData\HPSSUPPLY 2008-02-14 18:58 . 2008-02-19 15:12 d-------- C:\Program Files\Common Files\HP 2008-02-14 18:58 . 2008-02-19 15:12 d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-02-14 18:57 . 2008-02-19 15:16 d-------- C:\Users\All Users\Hewlett-Packard 2008-02-14 18:57 . 2008-02-19 15:16 d-------- C:\ProgramData\Hewlett-Packard 2008-02-14 18:10 . 2007-08-17 21:29 118,272 --a------ C:\Windows\System32\hpz3l4x6.dll 2008-02-14 18:09 . 2008-02-19 15:17 d-------- C:\Windows\carrier 2008-02-14 18:09 . 2008-02-19 15:13 d-------- C:\Program Files\HP 2008-02-14 18:08 . 2008-02-19 18:33 d-------- C:\Users\All Users\HP 2008-02-14 18:08 . 2008-02-19 18:33 d-------- C:\ProgramData\HP 2008-02-13 19:27 . 2008-02-19 15:13 d-------- C:\Program Files\EPSON 2008-02-13 19:27 . 2006-03-03 02:04 73,216 --a------ C:\Windows\System32\E_FLBBGE.DLL 2008-02-13 19:27 . 2005-04-11 02:01 62,976 --a------ C:\Windows\System32\E_FD4BBGE.DLL 2008-02-13 19:27 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL 2008-02-13 09:42 . 2008-02-13 09:42 d-------- C:\Program Files\MSXML 4.0 2008-02-12 19:34 . 2008-02-19 15:19 d-------- C:\Windows\{E6751138-D3DA-4A03-9441-6090094C7D45} 2008-02-12 18:09 . 2008-02-19 15:18 d-------- C:\Windows\System32\Adobe 2008-02-12 18:09 . 2001-11-14 20:19 16,384 --a------ C:\Windows\System32\FileOps.exe 2008-02-12 18:06 . 2008-02-19 15:17 d-------- C:\Windows\Adobe Illustrator CS 2008-02-12 18:02 . 2008-02-19 15:16 d-------- C:\Users\All Users\Macrovision 2008-02-12 18:02 . 2008-02-19 15:16 d-------- C:\ProgramData\Macrovision 2008-02-12 18:02 . 2008-02-19 15:12 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-02-12 17:47 . 2008-02-19 15:28 d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks 2008 2008-02-12 17:45 . 2008-02-19 15:28 d-------- C:\Users\France Designer inox\AppData\Roaming\SolidWorks 2008-02-12 17:36 . 2008-02-12 17:36 23 --ah----- C:\Windows\yacht.xws 2008-02-12 17:31 . 2008-02-19 15:17 d-------- C:\Users\All Users\SolidWorks 2008-02-12 17:31 . 2008-02-12 17:31 d-------- C:\Solidworks Data 2008-02-12 17:31 . 2008-02-19 15:17 d-------- C:\ProgramData\SolidWorks 2008-02-12 17:31 . 2008-02-20 09:19 d-------- C:\Program Files\SolidWorks 2008-02-12 17:31 . 2008-02-19 15:13 d-------- C:\Program Files\Common Files\SolidWorks Shared 2008-02-12 17:31 . 2008-02-19 15:12 d-------- C:\Program Files\Common Files\eDrawings2008 2008-02-12 17:31 . 2008-02-19 15:10 d-------- C:\Program Files\AGEIA Technologies 2008-02-12 17:27 . 2008-02-19 15:14 d-------- C:\Program Files\MSECache 2008-02-12 17:13 . 2008-02-20 09:12 d-------- C:\Program Files\PowerISO . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Modèles 2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Favoris 2008-02-19 14:44 --------- d-sh--w C:\ProgramData\Bureau 2008-02-19 14:44 --------- d-sh--w C:\Program Files\Fichiers communs 2008-02-19 10:49 110,096 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-02-12 18:34 8,115,712 ----a-w C:\Program Files\EZ Connect N Draft 11n Wireless USB2.0 Adapter.msi 2008-02-12 18:34 6,129 ----a-w C:\Program Files\[u]0/ux0409.ini 2008-02-12 18:34 3,584 ----a-w C:\Program Files\1033.MST 2008-02-05 12:55 129,784 ----a-w C:\Windows\System32\pxafs.dll 2008-02-05 12:55 118,520 ----a-w C:\Windows\System32\pxinsi64.exe 2008-02-05 12:55 116,472 ----a-w C:\Windows\System32\pxcpyi64.exe 2006-11-02 12:49 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:32 2159104 C:\Windows\System32\oobefldr.dll] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:32 1004136] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-23 09:20 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-23 09:19 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-23 09:20 81920] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 09:40 405504] "PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\Windows\System32\ico.exe] "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 00:50 9728 C:\Windows\System32\HCIMNTR.DLL] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 11:18 215256] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-05 14:28 1838592] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712] "NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 11:14 439512] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-05 13:38 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] C:\Users\France Designer inox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Moteur du Planificateur de tƒches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 110592] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 12:43:38 715568] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-02-19 15:54:30 102400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 12:46] R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 21:34] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service [] R3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01] R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 14:41] R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 17:44] S2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 11:14] S2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 11:17] S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 11:15] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-19 10:49:02 C:\Windows\Tasks\At1.job" - C:\Windows\system32\kmd.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 13:05:24 Windows 6.0.6000 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-20 13:05:54 ComboFix-quarantined-files.txt 2008-02-20 12:05:52 ComboFix2.txt 2008-02-19 10:54:17 . et hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:12:27, on 20/02/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\ico.exe C:\Windows\System32\Pmxmiced.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Windows\system32\notepad.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{90A1C1E5-7E55-4551-965D-C91869F634B3}: NameServer = 80.10.246.1,80.10.246.132 O17 - HKLM\System\CS1\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132 O17 - HKLM\System\CS2\Services\Tcpip\..\{37BC4591-5DEE-442F-91FA-DE8595B0F001}: NameServer = 80.10.246.1,80.10.246.132 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing) O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re  ,

Tu connais ce programme ?

C:\Program Files\MakeHuman 0.9.1 RC1 

?

**********************

Fixe ces lignes ( coche la case devant les lignes > ' fixchecked ' )

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing) 

****************

Délaisse Avast au profit d'Antivir , contrairement à ce que tout le monde pense , Avast n'est pas aussi bien que l'on pourrais le croire regarde le classement des AV
et constate par toi même  &#8594; Avast vs Antivir

Vire Avast &#8594; Désinstalle Avast  'proprement' ( merci espion3004)

Et télécharge Antivir ( PersonnalEdition Classic) &#8594; ici 

Tuto Installation + configuration Antivir &#8594; https://www.malekal.com/avira-free-security-antivirus-gratuit/

Pour le rendre encore plus discret....


*********

Télécharge ZoneAlarm  Lit bien tout l'article pour éviter les surprises.

Des soucis avec ? 

*****

Voila 
Tiens moi au courant
a+

dry · Answer

Bonjour,
oui je connais makehuman c'est un logiciel dont je me sers.
Sinon j'ai mis antivir, c'est en train de scanner, après je mettrais zone alarm.
Et là tu crois que ça sera bon?
Est ce que tu pourras me dire comment enlever kaspersky et spybot aussi stp?
merci beaucoup,
dry

Utilisateur anonyme · Answer

Re , pourquoi enlever spybot ? 
C'est un bon logiciel qui de plus possede un résident + scan passif ...
Tiens moi au courant
a+

dry · Answer

parce qu'il fonctionne pas et j'arrive ni à l'enlever ni à le faire fonctionner, du coup je voulais l'enlever pour le reinstaller proprement...
antivir m'a trouvé des virus qu'il a supprimé...

Utilisateur anonyme · Answer

Re , tu as le rapport d'antivir stp ? 

******************

A+

dry · Answer

je l'ai trouvé
rapport antivir :

AntiVir PersonalEdition Classic
Report file date: jeudi 21 février 2008 09:24

Scanning for 1118748 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: France Designer inox
Computer name: PC1

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 08:21:06
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 08:21:06
ANTIVIR3.VDF : 7.0.2.170 312832 Bytes 21/02/2008 08:21:06
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 21/02/2008 08:21:06
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 21/02/2008 08:21:06
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: J:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 21 février 2008 09:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'VSSVC.exe' - '0' Module(s) have been scanned
Scan process 'FlashUtil9d.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'CCU_Engine.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'pmxmiced.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'swBOEngine.exe' - '1' Module(s) have been scanned
Scan process 'WiFiLB.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'CCU_TrayIcon.exe' - '1' Module(s) have been scanned
Scan process 'ico.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '0' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'taskeng.exe' - '0' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'stacsv.exe' - '0' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'MDM.EXE' - '0' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '0' Module(s) have been scanned
Scan process 'btwdins.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '0' Module(s) have been scanned
Scan process 'AlertService.exe' - '0' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SLsvc.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
32 processes with 32 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0005
[NOTE] Please restart the search with Administrator rights
Boot sector 'D:\'
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0005
[NOTE] Please restart the search with Administrator rights
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '28' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-02-19_115152.50.zip
[0] Archive type: ZIP
--> srosa.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> hldrrr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.JW
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Windows\System32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Windows\System32\drivers\srosa.sys.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
Begin scan in 'D:\' <RECOVERY>
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: jeudi 21 février 2008 10:02
Used time: 37:23 min

The scan has been done completely.

21237 Scanning directories
340696 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
340692 Files not concerned
1546 Archives were scanned
2 Warnings
0 Notes

merci encore...

Utilisateur anonyme · Answer

Re , ok il a trouvé le bagle qui était dans la quarantaine de Combofix -> Pas de soucis ;)

***************


HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> Enregistre le fichier -> fais-en un copier/coller ici.

A+

dry · Answer

de quoi??? qu'est ce que tu me dis là....

Utilisateur anonyme · Answer

Re , 
Je disais Antivir a trouvé les virus que Combofix avait supprimés ( mis en quarantaines , donc pas de soucis de ce coté la )

Lance HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> Enregistre le fichier -> fais-en un copier/coller ici. 

A+

dry · Answer

voilà :
32 Bit HP CIO Components Installer
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Help Viewer CS3
Adobe Illustrator CS
Adobe InDesign CS
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.0 - Français
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Avira AntiVir PersonalEdition Classic
Blender (remove only)
Browser Address Error Redirector
Dell Support Center
EPSON Printer Software
Google Desktop
Guide de l'utilisateur
Hercules WiFi Station for Livebox
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) PRO Network Connections Drivers
Java(TM) SE Runtime Environment 6
Logiciel Intel® Viiv™
Microsoft Office 2003 Web Components
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mouse Suite for Desktop Computers
MPM
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NVIDIA Drivers
Orange Preload
PowerISO
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
SolidWorks 2008 SP0
Sonic CinePlayer Decoder Pack
WIDCOMM Bluetooth Software 6.0.1.4300

c bon????

Utilisateur anonyme · Answer

Re , 

Pour Spybot , va dans C:\programme\spybot search&destroy  <-- Vire le dossier en MSE

Fait de même pour Kaspersky   qui doit se situer dans   C:\programme\ 

Voila tiens moi au courant des difficultées rencontrées , je part pour l'aprem ;)
A+

dry · Answer

je trouve pas de fichier en MSE, et je trouve meme pas spybot dans programme...
bonne aprem
dry

Utilisateur anonyme · Answer

Re , il n'y sont plus  alors =) 

******************

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

# Double clique sur ToolsCleaner2.exe >
# Clique sur .Recherche
# puis sur Suppression quand la liste est trouvée.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 
# Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
A+

Virus bagle je crois

32 réponses

Votre réponse

Discussions similaires

Newsletters