Pb .dll + virus

Résolu
petitjb Messages postés 34 Statut Membre -  
petitjb Messages postés 34 Statut Membre -
Bonjour,

Je n'arrive plus à défragmenter (reste bloquer à 1% et ce pendant + d'une heure) + Antivir m'alerte souvent (divers trojan)
Y a t il un docteur dans la salle ?? :)

Rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:23, on 05/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\dllcache\wintcps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OFFICEKB] C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-1957994488-1003\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7138 bytes

Merci.. a++
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    analyse ce ficheir sur virus total et dis si infécté: https://www.virustotal.com/gui/

    C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe

    ________________

    colle un rapport avec antivir que tu as

    ______________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport
    0
    1. petitjb Messages postés 34 Statut Membre
       
      Hello Hello

      voici déjà le rapport de virustotal :

      Fichier kbdap32a.exe reçu le 2008.03.05 12:57:12 (CET)Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.3.4.0 2008.03.05 -
      AntiVir 7.6.0.73 2008.03.05 -
      Authentium 4.93.8 2008.03.04 -
      Avast 4.7.1098.0 2008.03.05 -
      AVG 7.5.0.516 2008.03.05 -
      BitDefender 7.2 2008.03.05 -
      CAT-QuickHeal 9.50 2008.03.04 -
      ClamAV 0.92.1 2008.03.05 -
      DrWeb 4.44.0.09170 2008.03.05 -
      eSafe 7.0.15.0 2008.02.28 -
      eTrust-Vet 31.3.5589 2008.03.05 -
      Ewido 4.0 2008.03.04 -
      FileAdvisor 1 2008.03.05 -
      Fortinet 3.14.0.0 2008.03.05 -
      F-Prot 4.4.2.54 2008.03.04 -
      F-Secure 6.70.13260.0 2008.03.05 -
      Ikarus T3.1.1.20 2008.03.05 -
      Kaspersky 7.0.0.125 2008.03.05 -
      McAfee 5244 2008.03.04 -
      Microsoft 1.3301 2008.03.05 -
      NOD32v2 2923 2008.03.05 -
      Norman 5.80.02 2008.03.04 -
      Panda 9.0.0.4 2008.03.04 -
      Prevx1 V2 2008.03.05 -
      Rising 20.34.22.00 2008.03.05 -
      Sophos 4.27.0 2008.03.05 -
      Sunbelt 3.0.930.0 2008.03.05 -
      Symantec 10 2008.03.05 -
      TheHacker 6.2.92.233 2008.03.04 -
      VBA32 3.12.6.2 2008.03.05 -
      VirusBuster 4.3.26:9 2008.03.04 -
      Webwasher-Gateway 6.6.2 2008.03.05 -

      Information additionnelle
      File size: 387584 bytes
      MD5: a2704e47f9ac4cb6469d22a72b477a66
      SHA1: 67260000e145da97b7db373a98f664e5afac3e3c
      PEiD: -

      Je commence combo-fix
      0
      1. petitjb Messages postés 34 Statut Membre > petitjb Messages postés 34 Statut Membre
         
        Et voila Combo-fix

        ComboFix 08-03-04.5 - yp 2008-03-05 13:27:44.1 - NTFSx86

        Endroit: C:\Documents and Settings\yp\Bureau\Combo-Fix.exe

        [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
        .
        /wow section - STAGE 3

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Program Files\Microsoft Security Adviser
        C:\WINDOWS\system32\.exe
        C:\WINDOWS\system32\avp.exe

        .
        ((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
        .

        2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
        2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
        2008-03-04 12:48 . 2008-03-04 12:48 63 --a------ C:\WINDOWS\system32\i
        2008-03-04 10:27 . 2008-03-04 10:27 <REP> d-------- C:\Program Files\Trend Micro
        2008-03-04 09:57 . 2008-03-04 09:57 389,120 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
        2008-03-04 09:07 . 2008-03-04 09:07 <REP> d-------- C:\Program Files\Lavasoft
        2008-03-04 09:07 . 2008-03-04 10:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
        2008-03-04 08:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
        2008-03-04 08:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
        2008-03-04 08:43 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
        2008-03-04 08:43 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
        2008-03-04 08:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
        2008-03-04 08:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
        2008-03-04 08:43 . 2008-03-04 08:43 2,652 --a------ C:\WINDOWS\system32\tmp.reg
        2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
        2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
        2008-03-04 08:39 . 2007-07-31 21:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
        2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
        2008-03-04 08:39 . 2007-07-31 23:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
        2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
        2008-03-04 08:39 . 2008-03-04 19:36 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
        2008-03-04 08:25 . 2008-03-04 08:25 <REP> d-------- C:\_OTMoveIt
        2008-03-03 18:23 . 2008-03-03 18:25 <REP> d-------- C:\Program Files\Tor
        2008-03-03 18:23 . 2008-03-03 18:23 <REP> d-------- C:\Documents and Settings\yp\Application Data\Tor
        2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
        2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
        2008-02-15 10:54 . 2008-02-15 10:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
        2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
        2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
        2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
        2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
        2008-02-10 09:49 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Common Files
        2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
        2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
        2008-02-10 09:49 . 2008-02-10 09:49 2,464 --a------ C:\WINDOWS\$_hpcst$.hpc
        2008-02-10 09:48 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Sony Gps
        2008-02-10 09:47 . 2008-02-10 09:47 <REP> d--hs---- C:\WINDOWS\ftpcache

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-03-05 12:02 --------- d-----w C:\Program Files\FlashGet
        2008-03-04 08:02 --------- d-----w C:\Program Files\Navilog1
        2008-03-04 08:00 --------- d-----w C:\Program Files\Hijackthis Version Française
        2008-03-04 07:47 41,004 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_32_53_small.dmp.zip
        2008-03-04 07:47 40,604 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_26_15_small.dmp.zip
        2008-03-04 07:25 42,713 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_22_41_small.dmp.zip
        2008-03-04 07:22 43,875 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_26_09_small.dmp.zip
        2008-03-04 07:22 14,170,817 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_25_21_full.dmp.zip
        2008-03-04 07:09 40,182 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_04_19_small.dmp.zip
        2008-03-03 17:02 38,573 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_13_49_13_small.dmp.zip
        2008-03-03 12:46 24,426 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_08_15_29_small.dmp.zip
        2008-03-03 07:13 42,665 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_02_17_58_49_small.dmp.zip
        2008-02-26 19:44 --------- d-----w C:\Program Files\mIRC
        2008-02-24 21:47 --------- d-----w C:\Program Files\DivX
        2008-02-24 09:43 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
        2008-02-24 09:43 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
        2008-02-24 09:43 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
        2008-01-21 08:36 --------- d-----w C:\Program Files\PC Connectivity Solution
        2008-01-21 08:36 --------- d-----w C:\Program Files\Nokia
        2008-01-19 12:00 --------- d-----w C:\Documents and Settings\yp\Application Data\PC Suite
        2008-01-18 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-01-18 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
        2008-01-17 08:06 9,733,451 ----a-w C:\Documents and Settings\yp\vlc-0.8.6d-win32.exe
        2008-01-07 16:36 --------- d-----w C:\Program Files\Google
        2007-08-01 07:58 41,653,912 ----a-w C:\Documents and Settings\yp\zlsSetup_70_337_000_fr.exe
        .

        ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ccleaner"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" [2007-05-10 12:01 598920]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
        "H/PC Connection Agent"="C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18 405583]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 17:44 249896]
        "OFFICEKB"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe" [2007-08-01 09:08 387584]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

        C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-01 08:21:39 598016]
        Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 18:53:38 454656]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
        --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
        --a------ 2002-09-11 11:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
        --a------ 2002-09-11 11:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
        --a------ 2002-09-09 16:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
        --a------ 2001-07-09 10:50 155648 C:\WINDOWS\System32\NeroCheck.exe


        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-05 13:30:27
        Windows 5.1.2600 NTFS

        Balayage processus cachés ...

        ? [52356]
        ? [63976]
        ? [64032]

        Balayage caché autostart entries ...

        Balayage des fichiers cachés ...

        Scan terminé avec succès
        Les fichiers cachés: 0

        **************************************************************************
        .
        Temps d'accomplissement: 2008-03-05 13:30:57
        ComboFix-quarantined-files.txt 2008-03-05 12:30:49
        0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle moi un rapport avec antivir svp
    0
  3. petitjb Messages postés 34 Statut Membre
     
    Et voilà

    AntiVir PersonalEdition Classic
    Report file date: jeudi 6 mars 2008 08:22

    Scanning for 1132684 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: SYSTEM
    Computer name: YP-RCGWX3F5H8V9

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 17:48:53
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 17:48:53
    LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 17:48:54
    LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 17:48:54
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:02:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:14:21
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 08:27:08
    ANTIVIR3.VDF : 7.0.2.231 167424 Bytes 04/03/2008 17:59:15
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 16:59:31
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 17:48:53
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 08:33:23
    AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 17:48:53
    AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 17:48:53
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 17:48:53
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 20/11/2007 16:59:48
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 17:48:44
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 17:48:55

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 6 mars 2008 08:22

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'msimn.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'cmd.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wintcps.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
    Scan process 'RaUI.exe' - '1' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'KBDAP32A.EXE' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    30 processes with 30 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '26' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\coktel\adibou2\APPLI_05\bnjccckj.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48399c0e.qua'!
    C:\coktel\adibou2\APPLI_05\bqwzjjkq.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48469c15.qua'!
    C:\coktel\adibou2\APPLI_05\bsslehhr.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48429c17.qua'!
    C:\coktel\adibou2\APPLI_05\czltebtl.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483b9c1e.qua'!
    C:\coktel\adibou2\APPLI_05\eeltjbtj.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483b9c0a.qua'!
    C:\coktel\adibou2\APPLI_05\eerrnehs.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48419c0a.qua'!
    C:\coktel\adibou2\APPLI_05\ehjklljn.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48399c0d.qua'!
    C:\coktel\adibou2\APPLI_05\eqqbhben.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48409c17.qua'!
    C:\coktel\adibou2\APPLI_05\erhkhbkr.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48379c18.qua'!
    C:\coktel\adibou2\APPLI_05\ewqwhkll.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48409c1d.qua'!
    C:\coktel\adibou2\APPLI_05\jehrqblj.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48379c0c.qua'!
    C:\coktel\adibou2\APPLI_05\jhnjhtcn.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483d9c0f.qua'!
    C:\coktel\adibou2\APPLI_05\kekqexhl.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483a9c0d.qua'!
    C:\coktel\adibou2\APPLI_05\kjnlxjkh.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483d9c12.qua'!
    C:\coktel\adibou2\APPLI_05\kklhlejk.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483b9c13.qua'!
    C:\coktel\adibou2\APPLI_05\kljqvjte.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48399c15.qua'!
    C:\coktel\adibou2\APPLI_05\lensjthb.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483d9c0e.qua'!
    C:\coktel\adibou2\APPLI_05\ljcbbvtv.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48329c13.qua'!
    C:\coktel\adibou2\APPLI_05\lkchjexb.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48329c15.qua'!
    C:\coktel\adibou2\APPLI_05\lwehlsve.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48349c21.qua'!
    C:\coktel\adibou2\APPLI_05\netnkbnj.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48439c0f.qua'!
    C:\coktel\adibou2\APPLI_05\nwxleqhr.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48479c22.qua'!
    C:\coktel\adibou2\APPLI_05\qqsekhlv.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48429c1c.qua'!
    C:\coktel\adibou2\APPLI_05\rbewwkvr.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48349c0d.qua'!
    C:\coktel\adibou2\APPLI_05\rhjehjes.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48399c14.qua'!
    C:\coktel\adibou2\APPLI_05\rqjnetks.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48399c1d.qua'!
    C:\coktel\adibou2\APPLI_05\rvkhenzb.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483a9c22.qua'!
    C:\coktel\adibou2\APPLI_05\scntbjbn.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '495ad040.qua'!
    C:\coktel\adibou2\APPLI_05\snvjwekw.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48459c1b.qua'!
    C:\coktel\adibou2\APPLI_05\tjlsbsxj.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483b9c17.qua'!
    C:\coktel\adibou2\APPLI_05\vswhbwnj.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48469c20.qua'!
    C:\coktel\adibou2\APPLI_05\xrntlljh.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483d9c20.qua'!
    C:\coktel\adibou2\APPLI_05\znkwebqb.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483a9c1c.qua'!
    C:\coktel\adibou2\APPLI_05\ztbqbxer.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '48319c22.qua'!
    C:\Documents and Settings\All Users\Application Data\nbkrjlbx.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '483a9c2a.qua'!
    C:\Documents and Settings\yp\Mes documents\carine\zecol\maternelle\900 Exercices De Maternelle Par Thème Zecol.rar
    [0] Archive type: RAR
    --> Et7KcHW.exe
    [DETECTION] Contains detection pattern of the worm WORM/Drefir.E
    --> X1560NO.exe
    [DETECTION] Contains detection pattern of the worm WORM/Drefir.E
    --> bn6gUo1.exe
    [DETECTION] Contains detection pattern of the worm WORM/Drefir.E
    --> v4T18SJ.exe
    [DETECTION] Contains detection pattern of the worm WORM/Drefir.E
    --> u15Xu88.exe
    [DETECTION] Contains detection pattern of the worm WORM/Drefir.E
    [INFO] The file was moved to '47ffa402.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4847aa29.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP127\A0044576.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.54
    [INFO] The file was moved to '47ffaa8f.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0045614.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47ffaa92.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047616.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa94.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047635.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6c5.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047636.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa95.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047637.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6c6.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047638.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa97.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047639.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6c8.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047640.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa96.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047641.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6c7.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047642.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa98.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047643.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa99.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047644.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6ca.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047645.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa9b.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047646.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6cc.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047647.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6c9.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047648.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa9a.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047649.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6cb.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047650.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa9d.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047651.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6ce.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047652.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa9f.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047653.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6f0.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047654.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa9c.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047655.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6cd.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047656.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa9e.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047657.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaaa1.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047658.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6f2.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047659.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaaa3.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047660.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6f4.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047661.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6cf.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047662.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa80.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047663.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6d1.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047664.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaaa5.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047665.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6f6.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047666.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaaa7.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047667.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6f8.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047668.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '47ffaa82.qua'!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP128\A0047669.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4698e6d3.qua'!
    C:\WINDOWS\system32\urdvxc.exe
    [DETECTION] Contains detection pattern of the worm WORM/Allaple.Gen
    [INFO] The file was moved to '4833abf7.qua'!
    C:\WINDOWS\system32\xmlhlp.VIR
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.kdt
    [INFO] The file was moved to '483babfa.qua'!

    End of the scan: jeudi 6 mars 2008 09:31
    Used time: 1:09:26 min

    The scan has been done completely.

    3123 Scanning directories
    253416 Files were scanned
    81 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    77 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    253335 Files not concerned
    2015 Archives were scanned
    2 Warnings
    1 Notes
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    AVG antispyxare

    https://www.01net.com/telecharger/

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    __________________
    vire le fichier : 900 Exercices De Maternelle Par Thème Zecol.rar

    en allant dans poste de travail puis

    C:\Documents and Settings\yp\Mes documents\carine\zecol\maternelle\900 Exercices De Maternelle Par Thème Zecol.rar

    ___________________

    vire ce qui est dans quarantine en allant dans poste de travail puis c

    C:\QooBox\Quarantine\

    _____________

    vire ce qui est en quarantaine dans antivir

    _______________

    desactive ta restauration systeme, puis redemarre l'ordi puis réactive la

    https://www.informatruc.com

    ______________
    puis refais un scan antivir et colle le rapport et surtout dis tes soucis actuels
    0
    1. petitjb Messages postés 34 Statut Membre
       
      Hello

      Déolé pour le délai mais les scan sont assez long :

      Voici déjà AVG

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 19:42:04 07/03/2008

      + Résultat de l'analyse:



      [1056] C:\WINDOWS\System32\dllcache\wintcps.exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\yp\Cookies\yp@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.


      Fin du rapport


      Concernant le fichier 900 Exercices De Maternelle Par Thème Zecol.rar .... je ne le trouve pas?? même en recherche.... bizarre non ?

      Je m'occupe du reboot en virant la restauration et post le scan d'antivir ... doncdans +/- 2 h :/
      a+tard Merci

      Petitjb
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Concernant le fichier 900 Exercices De Maternelle Par Thème Zecol.rar

    il a du etre viré! par l'antivirus
    0
  7. petitjb Messages postés 34 Statut Membre
     
    voila le scan d'Antivir

    AntiVir PersonalEdition Classic
    Report file date: vendredi 7 mars 2008 20:01

    Scanning for 1136109 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: SYSTEM
    Computer name: YP-RCGWX3F5H8V9

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 17:48:53
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 17:48:53
    LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 17:48:54
    LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 17:48:54
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:02:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:14:21
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 08:27:08
    ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 18:56:45
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 16:59:31
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 17:48:53
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 08:33:23
    AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 17:48:53
    AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 17:48:53
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 17:48:53
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 20/11/2007 16:59:48
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 17:48:44
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 17:48:55

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 7 mars 2008 20:01

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'update.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wintcps.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'System' - '1' Module(s) have been scanned
    Scan process 'System' - '1' Module(s) have been scanned
    Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
    Scan process 'RaUI.exe' - '1' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'Tilesoft.com' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\System32\Tilesoft.com'
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'KBDAP32A.EXE' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'Tilesoft.com' has been terminated
    C:\WINDOWS\System32\Tilesoft.com
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.205824.1
    [INFO] The file was deleted!

    30 processes with 29 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.

    The registry was scanned ( '25' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{B7FCD522-49A7-4B64-9688-79FF066BDE85}\RP2\A0000004.com
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.205824.1
    [INFO] The file was deleted!

    End of the scan: vendredi 7 mars 2008 21:08
    Used time: 1:07:28 min

    The scan has been done completely.

    3068 Scanning directories
    247254 Files were scanned
    3 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    2 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    247251 Files not concerned
    2022 Archives were scanned
    2 Warnings
    1 Notes

    Concernant les messages suspects :
    1/ "Message deFROM à TO le 06/03/2008 21:54
    STOP ! WINDOWS REQUIRES IMMEDIATE ATTENTION
    Windows has found 55 critical System Errors
    To fix errors please do the following
    etc....."

    et Antivir :
    C\windows@system32\tilsoft.com
    Contains detection pattern of the worm WORM\Tbot.205824.1

    Voilà :)

    petitjb
    0
  8. petitjb Messages postés 34 Statut Membre
     
    Bonjour

    Petite nouveauté : toute les 2 minutes j'ai un message d'erreur :
    "explorer .exe a rencontré un pb et doit fermer. Nous vous prions de nous excuser etc.... Envoyer rapport/ne pas envoyer" voire même toutes les minutes....

    ARGH.... dois-je déposer mon UC sur le trottoir ? ;)
    0
  9. petitjb Messages postés 34 Statut Membre
     
    Nouveau message d'antivir :
    C;\Windows\System32\biteav.exe is the Trojan horse TR/Crypt.XPACK.Gen

    .. bref ca continue....
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C\windows@system32\tilsoft.com
    C\Windows\System32\biteav.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________

    -----------------
    Fais un clic droit sur ce lien : (IL-MAFIOSO)
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    __________________

    recolle un rapport combofix et un nouveau rapport hijakchits
    0
    1. petitjb Messages postés 34 Statut Membre
       
      Hello JLPJLP
      Voici le rapport OtMoveit

      File/Folder C\windows\system32\tilsoft.com not found.
      File/Folder C\Windows\System32\biteav.exe not found.

      OTMoveIt2 v1.0.20 log created on 03082008_110119


      ************************************************
      Et voila Navilog

      Search Navipromo version 3.5.0 commencé le 08/03/2008 à 11:04:12,12

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 6.0.2600.0000
      Système de fichiers : NTFS

      Executé en mode normal

      *** Recherche Programmes installés ***




      *** Recherche dossiers dans C:\WINDOWS ***



      *** Recherche dossiers dans C:\Program Files ***



      *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




      *** Recherche dossiers dans "C:\Documents and Settings\yp\applic~1" ***



      *** Recherche dossiers dans "C:\Documents and Settings\yp\locals~1\applic~1" ***



      *** Recherche dossiers dans "C:\Documents and Settings\yp\menudm~1\progra~1" ***


      *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun Fichier trouvé



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans C:\WINDOWS\system32 *

      * Recherche dans "C:\Documents and Settings\yp\locals~1\applic~1" *



      *** Recherche fichiers ***




      *** Recherche clés spécifiques dans le Registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans C:\WINDOWS\system32 :


      * Dans "C:\Documents and Settings\yp\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat OOO-Favorit absent !

      4)Recherche fichiers connus :



      *** Analyse terminée le 08/03/2008 à 11:06:46,91 ***

      *************************

      Je lance combofix et hijakthis
      0
  11. petitjb Messages postés 34 Statut Membre
     
    ComboFix 08-03-07.4 - yp 2008-03-08 11:10:20.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.523 [GMT 1:00]
    Endroit: C:\Downloads\Combo-Fix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\.exe
    C:\WINDOWS\system32\system\

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-08 09:07 . 2008-03-08 09:07 4 --a------ C:\WINDOWS\system32\remove.x
    2008-03-08 09:00 . 2008-03-08 09:00 <REP> d-------- C:\Program Files\WebAnim Gif
    2008-03-08 09:00 . 2008-03-08 09:00 17 ---hs---- C:\WINDOWS\system32\Watrix20.xxxx
    2008-03-08 08:53 . 1994-08-22 22:36 25,808 --a------ C:\WINDOWS\ctl3dv2.dll
    2008-03-08 08:53 . 2008-03-08 08:53 16 --a------ C:\WINDOWS\aninst00.whe
    2008-03-07 21:43 . 2008-03-07 21:43 13,824 --a------ C:\WINDOWS\system32\medrci.exe
    2008-03-06 21:53 . 2008-03-06 21:53 <REP> d-------- C:\Documents and Settings\yp\Application Data\Grisoft
    2008-03-06 21:53 . 2008-03-06 21:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-06 21:53 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-03-06 20:37 . 2008-03-06 20:37 <REP> d-------- C:\WINDOWS\system32\java
    2008-03-06 20:36 . 2008-03-06 20:37 861,036 --a------ C:\taz.exe
    2008-03-06 20:33 . 2008-03-08 10:59 11,955 --a------ C:\WINDOWS\system32\ODCB.INI
    2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-04 12:50 . 2008-03-04 12:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-04 12:48 . 2008-03-04 12:48 63 --a------ C:\WINDOWS\system32\i
    2008-03-04 10:27 . 2008-03-04 10:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-04 09:57 . 2008-03-04 09:57 389,120 -----c--- C:\WINDOWS\system32\dllcache\wintcps.exe
    2008-03-04 09:07 . 2008-03-04 09:07 <REP> d-------- C:\Program Files\Lavasoft
    2008-03-04 09:07 . 2008-03-04 10:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-04 08:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-04 08:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-04 08:43 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-04 08:43 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-04 08:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-04 08:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-04 08:43 . 2008-03-04 08:43 2,652 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-03-04 08:39 . 2007-07-31 23:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-03-04 08:39 . 2007-07-31 21:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-03-04 08:39 . 2007-07-31 23:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-03-04 08:39 . 2007-07-31 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-03-04 08:39 . 2008-03-04 19:36 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-03-04 08:25 . 2008-03-04 08:25 <REP> d-------- C:\_OTMoveIt
    2008-03-03 18:23 . 2008-03-03 18:25 <REP> d-------- C:\Program Files\Tor
    2008-03-03 18:23 . 2008-03-03 18:23 <REP> d-------- C:\Documents and Settings\yp\Application Data\Tor
    2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-02-15 10:54 . 2008-02-15 10:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-02-10 09:52 . 2001-08-23 16:58 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-02-10 09:52 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-02-10 09:49 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Common Files
    2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
    2008-02-10 09:49 . 2004-12-06 14:07 104,064 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
    2008-02-10 09:49 . 2008-02-10 09:49 2,464 --a------ C:\WINDOWS\$_hpcst$.hpc
    2008-02-10 09:48 . 2008-02-10 09:49 <REP> d-------- C:\Program Files\Sony Gps
    2008-02-10 09:47 . 2008-02-10 09:47 <REP> d--hs---- C:\WINDOWS\ftpcache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-08 10:10 --------- d-----w C:\Program Files\FlashGet
    2008-03-08 10:07 --------- d-----w C:\Program Files\Navilog1
    2008-03-04 08:00 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-03-04 07:47 41,004 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_32_53_small.dmp.zip
    2008-03-04 07:47 40,604 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_26_15_small.dmp.zip
    2008-03-04 07:25 42,713 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_04_08_22_41_small.dmp.zip
    2008-03-04 07:22 43,875 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_26_09_small.dmp.zip
    2008-03-04 07:22 14,170,817 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_25_21_full.dmp.zip
    2008-03-04 07:09 40,182 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_18_04_19_small.dmp.zip
    2008-03-03 17:02 38,573 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_13_49_13_small.dmp.zip
    2008-03-03 12:46 24,426 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_03_08_15_29_small.dmp.zip
    2008-03-03 07:13 42,665 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_03_02_17_58_49_small.dmp.zip
    2008-02-26 19:44 --------- d-----w C:\Program Files\mIRC
    2008-02-24 21:47 --------- d-----w C:\Program Files\DivX
    2008-02-24 09:43 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-02-24 09:43 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-02-24 09:43 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-02-02 02:32 234,271 ----a-w C:\WINDOWS\system32\BlueSoleiI.exe
    2008-01-21 08:36 --------- d-----w C:\Program Files\PC Connectivity Solution
    2008-01-21 08:36 --------- d-----w C:\Program Files\Nokia
    2008-01-19 12:00 --------- d-----w C:\Documents and Settings\yp\Application Data\PC Suite
    2008-01-18 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-18 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-01-17 08:06 9,733,451 ----a-w C:\Documents and Settings\yp\vlc-0.8.6d-win32.exe
    2007-08-01 07:58 41,653,912 ----a-w C:\Documents and Settings\yp\zlsSetup_70_337_000_fr.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-05_13.30.37,52 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-04 18:27:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-03-06 18:57:51 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-03-04 18:27:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-03-06 18:57:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-03-04 18:27:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-06 18:57:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-10-28 14:17:04 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-06 20:50:48 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-10-28 14:17:04 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-03-06 20:50:48 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-10-28 14:17:04 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-06 20:50:48 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-10-28 14:17:04 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-03-06 20:50:48 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccleaner"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" [2007-05-10 12:01 598920]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "H/PC Connection Agent"="C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18 405583]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 17:44 249896]
    "OFFICEKB"="C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe" [2007-08-01 09:08 387584]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Topic Soft"="Tilesoft.com" []
    "FixBluetooth"="C:\WINDOWS\system32\BlueSoleiI.exe" [2008-02-02 03:32 234271]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Topic Soft"="Tilesoft.com" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BlueSoleiI.lnk - C:\WINDOWS\system32\BlueSoleiI.exe [2008-02-02 03:32:14 234271]
    Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-01 08:21:39 598016]
    Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 18:53:38 454656]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    --a------ 2002-09-11 11:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
    --a------ 2002-09-11 11:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
    --a------ 2002-09-09 16:16 90112 C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\System32\NeroCheck.exe

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-09-06 18:48]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-09-06 18:48]
    R2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;"C:\WINDOWS\System32\dllcache\wintcps.exe" [2008-03-04 09:57]
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\System32\DRIVERS\CamDrL21.sys [2002-06-10 13:16]
    S2 Microsoft XP TCP Ack Timing;Microsoft XP TCP Ack Timing;"C:\WINDOWS\System32\dllcache\winxptcp.exe" []
    S2 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" /service []

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-08 11:11:42
    Windows 5.1.2600 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-08 11:12:27
    ComboFix-quarantined-files.txt 2008-03-08 10:12:18
    ComboFix2.txt 2008-03-05 12:30:58
    0
  12. petitjb Messages postés 34 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:16:34, on 08/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\dwwin.exe
    C:\WINDOWS\System32\dllcache\wintcps.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [OFFICEKB] C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Topic Soft] Tilesoft.com
    O4 - HKLM\..\Run: [FixBluetooth] C:\WINDOWS\system32\BlueSoleiI.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [Topic Soft] Tilesoft.com
    O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BlueSoleiI.lnk = C:\WINDOWS\system32\BlueSoleiI.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe
    O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe (file missing)
    O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    je viens de me rendre compte que ton windows n'est pas a jour du tout!!! c'est pour cela que les infections reviennent, il
    pourquoi????

    _____________

    si tu n'as pas de parefeu mets en un de suite! ce qui permettra d'eviter que tu te reinfecte!

    KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.commentcamarche.net/telecharger/ 157 zonealarm

    _____________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
    _____________________

    ______________

    ensuite recolle un rapport antivir
    0
    1. petitjb Messages postés 34 Statut Membre
       
      coucou

      J'ai installé Sunbelt ex-kerio car Zonealarm refuse dedémarrer (je l'aivais déjà installé avant que mes ennuis commence et je pense qu'un virus me l'a bloqué!)

      Voici l'analyse de Sdfix:

      [b]SDFix: Version 1.154 [/b]

      Run by Administrateur on 09/03/2008 at 09:44

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\DOCUME~1\ADMINI~1\Bureau\SDFix

      [b]Checking Services [/b]:

      Name:
      MSWindows

      Path:
      "C:\WINDOWS\System32\urdvxc.exe" /service

      MSWindows - Deleted



      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      Trojan Files Found:

      C:\WINDOWS\system32\dllcache\wintcps.exe - Deleted
      C:\WINDOWS\system32\i - Deleted





      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-09 09:49:55
      Windows 5.1.2600 NTFS

      scanning hidden processes ...

      IPC error: 2 Le fichier spécifié est introuvable.
      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...


      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 668


      [b]Remaining Services [/b]:



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

      [b]Remaining Files [/b]:


      File Backups: - C:\DOCUME~1\ADMINI~1\Bureau\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes [/b]:

      Tue 3 Aug 2004 25,088 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0003.tmp"
      Mon 2 Aug 2004 43,008 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0354.tmp"
      Tue 3 Aug 2004 56,832 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0356.tmp"
      Tue 3 Aug 2004 26,624 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0397.tmp"
      Tue 3 Aug 2004 127,488 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0450.tmp"
      Mon 2 Aug 2004 20,992 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0663.tmp"
      Mon 2 Aug 2004 77,312 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL0944.tmp"
      Tue 3 Aug 2004 90,624 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL1876.tmp"
      Tue 3 Aug 2004 164,352 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL2053.tmp"
      Mon 2 Aug 2004 25,088 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL2667.tmp"
      Mon 2 Aug 2004 190,464 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\940 Fiches A Imprimer De Jeux Pour Enfants - Maternelle Gs Cp Ce1 - Freeland - Zecol\graphisme\mathematiques\~WRL3345.tmp"
      Tue 19 Oct 2004 102,400 A.SH. --- "C:\Documents and Settings\yp\Mes documents\carine\zecol\thŠme NOEL zecol\CD DE NOEL\Histoires\~WRL0001.tmp"

      [b]Finished![/b]



      Je lance Antivir.. RV dans qq heures :/ Merci pour ton soutien !

      Ah oui... quand je télécharge des trucs via Falshget, à chaque fin de téléchargement AVIRA Antivir Netw. m'affiche le message suivant : "INVALID PARAMETER. The application will be closed."
      Et avant d'utiliser SDfix, j'avais eu plusieurs fois le message "Message de FROM à TO , STOP ! Windows requires immediate attentionetc etc...."

      à + tard
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ah oui... quand je télécharge des trucs via Falshget, à chaque fin de téléchargement AVIRA Antivir Netw. m'affiche le message suivant : "INVALID PARAMETER. The application will be closed."

    essaye de reinstaller FLASHGET
    pour voir

    j'attends le rapport antivir et un rapport hijakchits
    0
  15. petitjb Messages postés 34 Statut Membre
     
    Re

    AntiVir PersonalEdition Classic
    Report file date: dimanche 9 mars 2008 10:03

    Scanning for 1136109 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: SYSTEM
    Computer name: YP-RCGWX3F5H8V9

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 17:48:53
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 17:48:53
    LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 17:48:54
    LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 17:48:54
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:02:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:14:21
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 08:27:08
    ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 18:56:45
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 16:59:31
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 17:48:53
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 08:33:23
    AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 17:48:53
    AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 17:48:53
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 17:48:53
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 20/11/2007 16:59:48
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 17:48:44
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 17:48:55

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 9 mars 2008 10:03

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
    Scan process 'RaUI.exe' - '1' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'KBDAP32A.EXE' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    27 processes with 27 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '25' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!

    End of the scan: dimanche 9 mars 2008 11:11
    Used time: 1:08:39 min

    The scan has been done completely.

    3114 Scanning directories
    248450 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    248450 Files not concerned
    2030 Archives were scanned
    2 Warnings
    1 Notes
    0
  16. petitjb Messages postés 34 Statut Membre
     
    et voilà Hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:06:30, on 09/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [OFFICEKB] C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\kbdap32a.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [FixBluetooth] C:\WINDOWS\system32\BlueSoleiI.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\yp\Menu Démarrer\Programmes\Accessoires\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Sony Gps\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BlueSoleiI.lnk = C:\WINDOWS\system32\BlueSoleiI.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Sony Gps\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)
    O23 - Service: Microsoft XP TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\winxptcp.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok le rapport est bon encore des soucis???

    si ton windows est légal mets a jour windows!

    DEMARREr puis tous les programmes puis WINDOWS UPDATE
    0
  18. petitjb Messages postés 34 Statut Membre
     
    Ok.. a priori ca roule.. je n'ai plus de messages intempestifs ... suis en train de recharger flashget...et ensuite je reboot. Je verrais .. je te tiens au jus...

    a+ tard...
    0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    0
    1. petitjb Messages postés 34 Statut Membre
       
      OKOK.. vali valo.. j'ai eu un peu de mal à télécharger falshget... mais c'est bon.. tout roule !Merci beaucoup pour ton aide !

      Bonne soirée

      Petitjb
      0