Chevaux de Troies & Virus

moncey -  
moncey Messages postés 25 Statut Membre -
Bonjour,

Mon PC est infecté par plusieurs chevaux de troie qu'Avast nomme :
Win32:Small-JMK
Win32-Agent-NJB
Win32:Agent-MEB

Il infecte les fichiers placés sous :
C:\WINDOWS\System32\ftpdll.dll
C:\Documents and Settings\Local Service\ftpdll.dll
C:\WINDOWS\System32\Drivers\ip6fw.sys
C:\WINDOWS\System3\drivers\runtime.sys

Dès qu'Avast repère ces fichiers, ils sont immédiatement supprimés.
Mais à chaque scan, ils réapparaissent.

Il y a également un virus qu'Avast nomme "Win32:Agent-NGJ"

Comment faire pour s'en débarrasser définitivement ?

D'avance merci !
Configuration: Windows XP SP2
Internet Explorer 6.0

19 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _____________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    _____________________
    0
  2. moncey
     
    jlpjlp,

    Tout d'abord, merci de m'avoir répondu.
    Voici le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:56:56, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\spools.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\spools.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    E:\hijackthis\eden.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Module - {221BBF54-3327-4548-9006-84385B1A5840} - ssymman.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\NetTransport 2\NTIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [EPSON Product Rappel concernant l'enregistrement] C:\WINDOWS\Temp\RegModule.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = E:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddList.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB51C8BA-3ED8-43F5-8056-E6472502D077}: NameServer = 81.253.149.1 80.10.246.3
    O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
    0
  3. moncey
     
    jlpjlp,

    Tout d'abord, merci de m'avoir répondu.
    Voici le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:56:56, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\spools.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\spools.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    E:\hijackthis\eden.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Module - {221BBF54-3327-4548-9006-84385B1A5840} - ssymman.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\NetTransport 2\NTIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [EPSON Product Rappel concernant l'enregistrement] C:\WINDOWS\Temp\RegModule.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = E:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddList.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB51C8BA-3ED8-43F5-8056-E6472502D077}: NameServer = 81.253.149.1 80.10.246.3
    O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
    0
  4. moncey Messages postés 25 Statut Membre 1
     
    jlpjlp,

    Prends en compte les rapports ci-dessous, j'ai eu droit à plusieurs messages de Spybot Search & Destroy.
    Voici donc le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:29:29, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    E:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    E:\hijackthis\eden.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Module - {221BBF54-3327-4548-9006-84385B1A5840} - ssymman.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\NetTransport 2\NTIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = E:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddList.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB51C8BA-3ED8-43F5-8056-E6472502D077}: NameServer = 81.253.149.1 80.10.246.3
    O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: Google Module - {221BBF54-3327-4548-9006-84385B1A5840} - ssymman.dll (file missing)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll

    ________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.
    _______________

    pour fusionner: avec combofix: regarde ici:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\sysfldr.dll

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ____________________

    remplace avast par antivir et colle un rapport: et dis tes soucis actuels

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    0
  7. moncey Messages postés 25 Statut Membre 1
     
    Voici le rapport Combofix :

    ComboFix 08-02-20.2 - Famille Moncey 2008-02-20 23:29:56.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.609 [GMT 1:00]
    Endroit: C:\Documents and Settings\Famille Moncey\Bureau\combofix.exe
    Command switches used :: C:\Documents and Settings\Famille Moncey\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\sysfldr.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\sysfldr.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-20 23:06 . 2008-02-20 23:06 <REP> d-------- C:\VundoFix Backups
    2008-02-20 22:52 . 2008-02-20 23:02 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-02-20 21:12 . 2008-02-20 21:12 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\Grisoft
    2008-02-20 21:12 . 2008-02-20 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-20 21:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-20 11:25 . 2008-02-20 11:25 21,632 --a------ C:\WINDOWS\system32\drivers\Yyg66.sys
    2008-02-20 11:25 . 2008-02-20 11:25 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
    2008-02-19 18:15 . 2008-02-19 18:15 <REP> d-------- C:\WINDOWS\Sun
    2008-02-19 18:11 . 2008-02-20 20:53 5,120 --a------ C:\WINDOWS\system32\ftpdll.dll
    2008-02-18 21:18 . 2008-02-20 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-18 21:14 . 2008-02-18 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-18 21:13 . 2008-02-18 21:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-17 19:02 . 2008-02-17 19:02 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\vlc
    2008-02-17 18:55 . 2003-08-29 00:55 423,424 --a------ C:\WINDOWS\system32\WMAVDS32.ax
    2008-02-17 18:55 . 2001-03-26 03:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
    2008-02-17 17:45 . 2008-02-17 17:46 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
    2008-02-17 17:32 . 2008-02-17 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
    2008-02-17 17:28 . 2004-11-25 06:07 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL
    2008-02-17 17:28 . 2003-05-21 03:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL
    2008-02-17 17:28 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-02-17 17:28 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL
    2008-02-17 17:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-02-17 17:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-02-17 17:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-02-17 17:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-02-17 17:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-17 17:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-17 17:26 . 2008-02-17 17:33 <REP> d-------- C:\Program Files\epson
    2008-02-17 17:26 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
    2008-02-17 17:26 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
    2008-02-17 17:26 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
    2008-02-17 17:26 . 2008-02-17 17:26 25 --a------ C:\WINDOWS\CDE DX3800EFGIPSD.ini
    2008-02-17 17:24 . 2002-01-23 18:10 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-02-17 17:23 . 2008-02-17 17:24 <REP> d-------- C:\Program Files\QuickTime
    2008-02-17 17:23 . 2008-02-17 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-02-17 17:22 . 2008-02-17 17:22 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
    2008-02-17 17:21 . 2008-02-17 17:21 <REP> d-------- C:\WINDOWS\system32\color
    2008-02-17 17:21 . 2008-02-17 17:21 <REP> d-------- C:\KPCMS
    2008-02-17 17:18 . 2008-02-17 17:23 <REP> d-------- C:\Program Files\Kodak
    2008-02-17 17:18 . 2008-02-17 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2008-02-17 16:36 . 2008-02-17 20:44 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-02-17 14:25 . 2008-02-20 18:22 200 --a------ C:\Documents and Settings\Famille Moncey\Application Data\wklnhst.dat
    2008-02-17 09:02 . 2008-02-17 09:02 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\GigaTribe
    2008-02-16 23:03 . 2008-02-16 23:03 268 --ah----- C:\sqmdata01.sqm
    2008-02-16 23:03 . 2008-02-16 23:03 244 --ah----- C:\sqmnoopt01.sqm
    2008-02-16 22:51 . 2008-02-17 13:47 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\LimeWire
    2008-02-16 22:41 . 2008-02-16 22:41 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\AdobeUM
    2008-02-16 22:34 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-16 22:29 . 2008-02-16 22:29 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-02-16 22:10 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-02-16 21:51 . 2008-02-16 21:51 43,150 ---hs---- C:\WINDOWS\system32\drivers\spools.exe
    2008-02-16 21:42 . 2008-02-17 09:02 <REP> d-------- C:\Documents and Settings\Famille Moncey\Contacts
    2008-02-16 21:41 . 2008-02-16 21:41 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-02-16 21:41 . 2008-02-16 22:58 <REP> d-------- C:\Program Files\MSN Messenger
    2008-02-16 21:41 . 2008-02-16 21:41 268 --ah----- C:\sqmdata00.sqm
    2008-02-16 21:41 . 2008-02-16 21:41 244 --ah----- C:\sqmnoopt00.sqm
    2008-02-16 21:36 . 2008-02-16 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-02-16 21:36 . 2008-02-16 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-02-16 21:33 . 2008-02-16 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-16 21:21 . 2008-02-16 21:22 <REP> d-------- C:\Program Files\Microsoft AutoRoute
    2008-02-16 21:20 . 2008-02-16 21:20 <REP> d-------- C:\Program Files\Encarta
    2008-02-16 21:18 . 2008-02-16 21:20 <REP> d-------- C:\Program Files\Picture It! Premium 10
    2008-02-16 21:17 . 2008-02-16 21:18 <REP> d-------- C:\Program Files\microsoft money 2005
    2008-02-16 21:16 . 2008-02-16 21:17 <REP> d-------- C:\Program Files\Microsoft Works
    2008-02-16 21:15 . 2008-02-16 21:15 <REP> d-------- C:\Program Files\Microsoft Works Suite 2005
    2008-02-16 21:13 . 2008-02-17 16:37 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\Ahead
    2008-02-16 21:12 . 2008-02-16 21:12 <REP> d-------- C:\Program Files\Realtek AC97
    2008-02-16 21:10 . 2008-02-16 21:10 <REP> d-------- C:\Program Files\Nero
    2008-02-16 21:10 . 2008-02-16 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-02-16 21:08 . 2008-02-16 21:08 <REP> d-------- C:\Program Files\Windows Live
    2008-02-16 21:08 . 2008-02-16 21:18 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-16 21:08 . 2008-02-16 21:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-16 21:07 . 2008-02-16 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-02-16 21:03 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2008-02-16 21:03 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-02-16 21:03 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-02-16 21:03 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-02-16 21:03 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-02-16 20:59 . 2008-02-16 20:59 <REP> d---s---- C:\Documents and Settings\Famille Moncey\UserData
    2008-02-16 20:40 . 2008-02-16 20:40 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
    2008-02-16 19:35 . 2004-08-19 16:09 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
    2008-02-16 19:34 . 2008-02-16 19:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-02-16 19:32 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-02-16 19:32 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02211_.tmp
    2008-02-16 19:31 . 2008-02-16 19:35 <REP> d-------- C:\WINDOWS\EHome

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 22:32 --------- d-----w C:\Program Files\Wanadoo
    2008-02-17 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-17 16:38 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-02-16 21:34 --------- d-----w C:\Program Files\Java
    2008-02-16 17:32 --------- d-----w C:\Program Files\DVD Shrink
    2008-02-16 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-02-16 17:31 --------- d-----w C:\Program Files\VideoLAN
    2008-02-16 17:19 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-16 16:38 --------- d-----w C:\Program Files\Wanadoo Messager
    2008-02-16 16:26 --------- d-----w C:\Program Files\microsoft frontpage
    2008-02-16 16:23 --------- d-----w C:\Program Files\Services en ligne
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NWEReboot"="" []
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]
    "!AVG Anti-Spyware"="E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-17 17:24 77824]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]
    sysfldr.dll

    S3 Yyg66;Yyg66;C:\WINDOWS\System32\drivers\Yyg66.sys [2008-02-20 11:25]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 23:32:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-20 23:34:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-20 22:34:32
    ComboFix2.txt 2008-02-20 20:33:40
    .
    2008-02-16 22:12:14 --- E O F ---

    et le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:35:35, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    E:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\explorer.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\imapi.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Outlook Express\msimn.exe
    E:\hijackthis\eden.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\NetTransport 2\NTIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = E:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddList.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O20 - Winlogon Notify: sysfldr - sysfldr.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    0
  8. moncey Messages postés 25 Statut Membre 1
     
    Bonjour,

    Voici le rapport de Antivir (tu remarqueras qur j'ai stoppé le scan car il étati en train de vérifier les fichiers qui était sur mon disque E (données perso).

    AntiVir PersonalEdition Classic
    Report file date: jeudi 21 février 2008 06:36

    Scanning for 1118450 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Famille Moncey
    Computer name: MONCEY

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:52:26
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 22:52:26
    ANTIVIR3.VDF : 7.0.2.169 308736 Bytes 20/02/2008 22:52:26
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 20/02/2008 22:52:26
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 20/02/2008 22:52:26
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 21 février 2008 06:36

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '35' files ).

    Starting the file scan:

    Begin scan in 'C:\' <Disque Système>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\Documents and Settings\Famille Moncey\~tmp1174.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '482a17c4.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\Famille Moncey\Local Settings\Application Data\cftmon.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '483117b9.qua'!
    C:\QooBox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '483117bd.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\conf.dat.vir
    [DETECTION] Is the Trojan horse TR/Spy.Finanz.J.4
    [INFO] The file was moved to '482b17c9.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\sysfldr.dll.vir
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [INFO] The file was moved to '483017d5.qua'!
    C:\WINDOWS\system32\ftpdll.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '482d1b21.qua'!
    C:\WINDOWS\system32\drivers\spools.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '482c1cea.qua'!
    Begin scan in 'E:\' <Disque Données Personnelles>

    End of the scan: jeudi 21 février 2008 07:51
    Used time: 1:14:16 min

    The scan has been canceled!

    3570 Scanning directories
    282456 Files were scanned
    7 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    7 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    282449 Files not concerned
    1312 Archives were scanned
    1 Warnings
    0 Notes

    Merci !
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fusionner: avec combofix: regarde ici:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver::
    Yyg66

    File::
    C:\WINDOWS\system32\ftpdll.dll
    C:\WINDOWS\system32\drivers\spools.exe
    C:\WINDOWS\system32\sysfldr.dll
    C:\WINDOWS\System32\drivers\Yyg66.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    merci a g!rly!

    _________________

    vire ce qui est dans le dossier quarantine en allant dans poste de travail puis

    C:\QooBox\Quarantine

    ___________________
    vire ce qui est en quarantaine dans antivir

    et recolle un rapport antivir

    et dis tes soucis
    0
  10. moncey Messages postés 25 Statut Membre 1
     
    Bonsoir,

    Où sont les fichiers mis en quarantaine par Combofix ? Je ne les trouve pas.

    Voici le rapport de ComboFix :

    ComboFix 08-02-20.2 - Famille Moncey 2008-02-22 19:09:40.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.619 [GMT 1:00]
    Endroit: C:\Documents and Settings\Famille Moncey\Bureau\combofix.exe
    Command switches used :: C:\Documents and Settings\Famille Moncey\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\drivers\spools.exe
    C:\WINDOWS\System32\drivers\Yyg66.sys
    C:\WINDOWS\system32\ftpdll.dll
    C:\WINDOWS\system32\sysfldr.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\System32\drivers\Yyg66.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\Yyg66

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-21 20:12 . 2008-02-21 20:12 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-02-21 08:12 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2008-02-21 08:12 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
    2008-02-21 08:12 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
    2008-02-21 08:12 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
    2008-02-21 08:12 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2008-02-21 08:12 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2008-02-21 07:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-02-21 07:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-02-21 07:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-02-20 23:47 . 2008-02-20 23:47 <REP> d-------- C:\Program Files\Avira
    2008-02-20 23:47 . 2008-02-20 23:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-20 23:06 . 2008-02-20 23:06 <REP> d-------- C:\VundoFix Backups
    2008-02-20 22:52 . 2008-02-20 23:02 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-02-20 21:12 . 2008-02-20 21:12 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\Grisoft
    2008-02-20 21:12 . 2008-02-20 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-20 21:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-20 11:25 . 2008-02-20 11:25 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
    2008-02-19 18:15 . 2008-02-19 18:15 <REP> d-------- C:\WINDOWS\Sun
    2008-02-18 21:18 . 2008-02-20 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-18 21:14 . 2008-02-18 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-18 21:13 . 2008-02-18 21:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-17 19:02 . 2008-02-17 19:02 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\vlc
    2008-02-17 18:55 . 2003-08-29 00:55 423,424 --a------ C:\WINDOWS\system32\WMAVDS32.ax
    2008-02-17 18:55 . 2001-03-26 03:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
    2008-02-17 17:45 . 2008-02-17 17:46 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
    2008-02-17 17:32 . 2008-02-17 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
    2008-02-17 17:28 . 2004-11-25 06:07 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL
    2008-02-17 17:28 . 2003-05-21 03:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL
    2008-02-17 17:28 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-02-17 17:28 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL
    2008-02-17 17:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-02-17 17:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-02-17 17:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-02-17 17:27 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-02-17 17:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-17 17:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-17 17:26 . 2008-02-17 17:33 <REP> d-------- C:\Program Files\epson
    2008-02-17 17:26 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
    2008-02-17 17:26 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
    2008-02-17 17:26 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
    2008-02-17 17:26 . 2008-02-17 17:26 25 --a------ C:\WINDOWS\CDE DX3800EFGIPSD.ini
    2008-02-17 17:24 . 2002-01-23 18:10 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-02-17 17:23 . 2008-02-17 17:24 <REP> d-------- C:\Program Files\QuickTime
    2008-02-17 17:23 . 2008-02-17 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-02-17 17:22 . 2008-02-17 17:22 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
    2008-02-17 17:21 . 2008-02-17 17:21 <REP> d-------- C:\WINDOWS\system32\color
    2008-02-17 17:21 . 2008-02-17 17:21 <REP> d-------- C:\KPCMS
    2008-02-17 17:18 . 2008-02-17 17:23 <REP> d-------- C:\Program Files\Kodak
    2008-02-17 17:18 . 2008-02-17 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2008-02-17 16:36 . 2008-02-17 20:44 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-02-17 14:25 . 2008-02-20 18:22 200 --a------ C:\Documents and Settings\Famille Moncey\Application Data\wklnhst.dat
    2008-02-17 09:02 . 2008-02-17 09:02 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\GigaTribe
    2008-02-16 23:03 . 2008-02-16 23:03 268 --ah----- C:\sqmdata01.sqm
    2008-02-16 23:03 . 2008-02-16 23:03 244 --ah----- C:\sqmnoopt01.sqm
    2008-02-16 22:51 . 2008-02-17 13:47 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\LimeWire
    2008-02-16 22:41 . 2008-02-16 22:41 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\AdobeUM
    2008-02-16 22:34 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-16 22:29 . 2008-02-16 22:29 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-02-16 22:10 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-02-16 21:42 . 2008-02-17 09:02 <REP> d-------- C:\Documents and Settings\Famille Moncey\Contacts
    2008-02-16 21:41 . 2008-02-16 21:41 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-02-16 21:41 . 2008-02-16 22:58 <REP> d-------- C:\Program Files\MSN Messenger
    2008-02-16 21:41 . 2008-02-16 21:41 268 --ah----- C:\sqmdata00.sqm
    2008-02-16 21:41 . 2008-02-16 21:41 244 --ah----- C:\sqmnoopt00.sqm
    2008-02-16 21:36 . 2008-02-16 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-02-16 21:36 . 2008-02-16 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-02-16 21:33 . 2008-02-16 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-16 21:21 . 2008-02-16 21:22 <REP> d-------- C:\Program Files\Microsoft AutoRoute
    2008-02-16 21:20 . 2008-02-16 21:20 <REP> d-------- C:\Program Files\Encarta
    2008-02-16 21:18 . 2008-02-16 21:20 <REP> d-------- C:\Program Files\Picture It! Premium 10
    2008-02-16 21:17 . 2008-02-16 21:18 <REP> d-------- C:\Program Files\microsoft money 2005
    2008-02-16 21:16 . 2008-02-16 21:17 <REP> d-------- C:\Program Files\Microsoft Works
    2008-02-16 21:15 . 2008-02-16 21:15 <REP> d-------- C:\Program Files\Microsoft Works Suite 2005
    2008-02-16 21:13 . 2008-02-17 16:37 <REP> d-------- C:\Documents and Settings\Famille Moncey\Application Data\Ahead
    2008-02-16 21:12 . 2008-02-16 21:12 <REP> d-------- C:\Program Files\Realtek AC97
    2008-02-16 21:10 . 2008-02-16 21:10 <REP> d-------- C:\Program Files\Nero
    2008-02-16 21:10 . 2008-02-16 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-02-16 21:08 . 2008-02-16 21:08 <REP> d-------- C:\Program Files\Windows Live
    2008-02-16 21:08 . 2008-02-16 21:18 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-16 21:08 . 2008-02-16 21:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-16 21:07 . 2008-02-16 23:11 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-02-16 21:03 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2008-02-16 21:03 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-02-16 21:03 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-02-16 21:03 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-02-16 21:03 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-02-16 20:59 . 2008-02-16 20:59 <REP> d---s---- C:\Documents and Settings\Famille Moncey\UserData
    2008-02-16 20:40 . 2008-02-16 20:40 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
    2008-02-16 19:44 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-02-16 19:44 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-02-16 19:44 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2008-02-16 19:34 . 2008-02-16 19:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-02-16 19:32 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-02-16 19:32 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02211_.tmp
    2008-02-16 19:31 . 2008-02-16 19:35 <REP> d-------- C:\WINDOWS\EHome

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-22 18:12 --------- d-----w C:\Program Files\Wanadoo
    2008-02-17 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-17 16:38 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-02-16 21:34 --------- d-----w C:\Program Files\Java
    2008-02-16 17:32 --------- d-----w C:\Program Files\DVD Shrink
    2008-02-16 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-02-16 17:31 --------- d-----w C:\Program Files\VideoLAN
    2008-02-16 17:19 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-16 16:38 --------- d-----w C:\Program Files\Wanadoo Messager
    2008-02-16 16:26 --------- d-----w C:\Program Files\microsoft frontpage
    2008-02-16 16:25 558,142 ----a-w C:\WINDOWS\java\Packages\HZ5F7HFB.ZIP
    2008-02-16 16:25 155,995 ----a-w C:\WINDOWS\java\Packages\A0WK5VJ5.ZIP
    2008-02-16 16:23 --------- d-----w C:\Program Files\Services en ligne
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NWEReboot"="" []
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]
    "!AVG Anti-Spyware"="E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-17 17:24 77824]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-20 23:52 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-22 19:12:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-22 19:14:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-22 18:14:28
    ComboFix2.txt 2008-02-20 22:34:36
    ComboFix3.txt 2008-02-20 20:33:40
    .
    2008-02-21 19:12:39 --- E O F ---

    Voici le rapport HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:15:18, on 22/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    E:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\hijackthis\eden.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\NetTransport 2\NTIEHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = E:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - E:\Program Files\NetTransport 2\NTAddList.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    les fichiers virés par combofix sont la:
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\System32\drivers\Yyg66.sys

    ____________________________

    mets a jour interent explorer ici

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ____________________________

    si pas de problemes c'est bon!

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0
  12. moncey Messages postés 25 Statut Membre 1
     
    Salut,

    Est-ce que les fichiers virés par Combofix sont là :
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers

    Car je ne trouve rien sous le chemin que tu m'as indiqué.

    Quel est ton avis sur la pare feu Windows ?

    Encore merci pour ta précieuse aide....tu m'as sorti d'un sacré pétrain !

    Moncey
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui

    vire ce qui est dans le dossier quarantine

    C:\QooBox\Quarantine

    ____________

    le parfeu windows est moyen car ne controle que ce qui veut rentrer dans ton ordi et ne controle pas ce qui sort de ton ordi, donc si un espion est dedans il fait ce qu'il veut!

    _____________

    encore des soucis?
    0
  14. moncey Messages postés 25 Statut Membre 1
     
    Bonsoir,

    J'ai viré les fichiers qui étaient en quarantaine sous Qoobox.
    Par contre, Antiv répère à chaque boot du PC un cheval de troie qui se nomme TR/Dldr.Small.hwc.
    Je le met à chaque fois en Quarantaine.

    Sais-tu comment s'en débarraser définitivement ?

    Merci !

    Moncey
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle moi un rapport antivir svp pour voir les fichiers inféctés
    0
  16. moncey Messages postés 25 Statut Membre 1
     
    Et voilà le rapport antivir :

    AntiVir PersonalEdition Classic
    Report file date: dimanche 24 février 2008 20:11

    Scanning for 1120425 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MONCEY

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:52:26
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 22:52:26
    ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 18:17:18
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 20/02/2008 22:52:26
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 20/02/2008 22:52:26
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 24 février 2008 20:11

    Starting search for hidden objects.
    '42668' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'WOOBrowser.exe' - '1' Module(s) have been scanned
    Scan process 'gigatribe.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
    Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
    Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    40 processes with 40 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '28' files ).

    Starting the file scan:

    Begin scan in 'C:\' <Disque Système>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005681.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c61b.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005682.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c61d.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005727.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c61f.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005728.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c621.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005739.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c624.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005740.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c625.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005741.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c627.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005930.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c711.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP32\A0006037.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [INFO] The file was moved to '47f1c7d0.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP33\A0006230.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c7d4.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP33\A0006231.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c7d5.qua'!
    Begin scan in 'E:\' <Disque Donnée
    0
  17. moncey Messages postés 25 Statut Membre 1
     
    Et voilà le rapport antivir :

    AntiVir PersonalEdition Classic
    Report file date: dimanche 24 février 2008 20:11

    Scanning for 1120425 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MONCEY

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:52:26
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 22:52:26
    ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 18:17:18
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 20/02/2008 22:52:26
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 20/02/2008 22:52:26
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 24 février 2008 20:11

    Starting search for hidden objects.
    '42668' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'WOOBrowser.exe' - '1' Module(s) have been scanned
    Scan process 'gigatribe.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
    Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
    Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    40 processes with 40 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '28' files ).

    Starting the file scan:

    Begin scan in 'C:\' <Disque Système>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005681.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c61b.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005682.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c61d.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005727.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c61f.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP30\A0005728.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c621.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005739.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c624.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005740.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c625.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005741.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c627.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP31\A0005930.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c711.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP32\A0006037.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Backdoor.Gen Backdoor server programs
    [INFO] The file was moved to '47f1c7d0.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP33\A0006230.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Small.hwc
    [INFO] The file was moved to '47f1c7d4.qua'!
    C:\System Volume Information\_restore{5D1499FE-D85B-4CA9-90E6-EC0E313884DF}\RP33\A0006231.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47f1c7d5.qua'!
    Begin scan in 'E:\' <Disque Données Personnelles>

    End of the scan: dimanche 24 février 2008 20:49
    Used time: 38:19 min

    The scan has been canceled!

    3911 Scanning directories
    295754 Files were scanned
    11 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    11 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    295743 Files not concerned
    1335 Archives were scanned
    1 Warnings
    0 Notes
    42668 Objects were scanned with rootkit scan
    0 Hidden objects were found

    Merci !
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok cela va aller vite c'est ta restauration qui est inféctée:

    désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là
    (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    _______________

    ensuite vire ce qui est en quarantaine dans antivir et recolle un rapport antivir et dis tes soucis
    0
    1. moncey Messages postés 25 Statut Membre 1
       
      Bonsoir jlpjlp,

      Comment fait-on pour désactiver la restauration système ?

      Merci et à tout de suite...

      Moncey
      0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour desactiver tu vas:

    dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis tu clique sur le lien en bleu dans le texte a gauche: paramètre)
    0
  20. moncey Messages postés 25 Statut Membre 1
     
    Bonsoir,

    Voici le rapport antivir :

    AntiVir PersonalEdition Classic
    Report file date: mardi 26 février 2008 19:56

    Scanning for 1120425 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Famille Moncey
    Computer name: MONCEY

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:52:26
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 22:52:26
    ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 18:17:18
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 20/02/2008 22:52:26
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 20/02/2008 22:52:26
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 26 février 2008 19:56

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '39' files ).

    Starting the file scan:

    Begin scan in 'C:\' <Disque Système>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'E:\' <Disque Données Personnelles>

    End of the scan: mardi 26 février 2008 20:49
    Used time: 53:15 min

    The scan has been canceled!

    3744 Scanning directories
    289792 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    289792 Files not concerned
    1327 Archives were scanned
    1 Warnings
    0 Notes

    Je pense que c'est OK maintenant.
    Qu'en penses-tu ?

    Moncey
    0