Virus bagle avast n'est pas une application..

RoBiN31 -  
 afideg -
bonjour tout le monde jaimerais qu'on m'aide : jai effectué un tutorial tout frais en utilisant combo fix, eliglaba et f-secure!!! cela ma permit d'accelerer internet mais jai toujours des problemes : je ne peux lancer aucun anti virus dont avast car il me dit que ce n'ezst pas une application win32 valide...jai effectué un raapport hijackthis et jaimerais si vous avez une solution a m'offrir...

RAPPORT HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:41, on 2008-04-08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Robin\Bureau\mdelk.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\HomeCinema\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Way poll] "C:\ProgramData\MAILCAKECAKE.pzqs3hp"
O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Play Online Coal.lktuqu"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Way poll] "C:\ProgramData\MAILCAKECAKE.mjqav"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Robin\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12983 bytes
Configuration: Windows Vista
Internet Explorer 7.0

39 réponses

  • 1
  • 2
Résumé de la discussion

Un utilisateur signale une infection après avoir suivi un tutoriel impliquant ComboFix et F-Secure, avec des symptômes comme l'impossibilité de lancer Avast et des lenteurs Internet. La meilleure réponse suggère d'exécuter l'analyse ANTIVIR en mode sans échec, et d'adapter la procédure à Vista (F5 plutôt que F8) pour accéder au mode sans échec. Elle propose également de désinstaller Windows Defender et d'analyser les éléments au démarrage, afin d'éliminer les faux positifs et les programmes potentiellement indésirables. En parallèle, le rapport HijackThis révèle une liste étendue de processus et modules potentiellement suspects, dont des éléments liés à des outils publicitaires, des extensions et des services matériels.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    tu as du telecharger un crack alors supprime le, puis

    recommence eliblaga en mode sans echec et post le rapport ici stp

    Télécharge ELIBAGLA en bas de cette page
    http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.

    Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
    Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
    Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.

    ***Ne pas rebooter en passant par msconfig.

    redemarrage mode sans echec sans passer par msconfig :

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    @+
    0
  2. RoBiN31
     
    je finis le scan et je te renvoie ça tout de suite
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok
    0
  4. RoBiN31
     
    par contre je sais pas si c normal mais pendant le scan en mode sans echec je n'ai pas de fichiers infectés mais en mode normal j'ai 80 fichiers infectés qu'il narrive pas a supprimer alors qu'il me dit qu'il en a supprimer 80...et aussi pendant le scan jai toujours des messages d'erreur genre " accese denegado a la carpeta: C:\windows\registration\CRMLog (16) "
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. RoBiN31
     
    voici le post :

    Tue Apr 08 09:25:33 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Tue Apr 08 09:25:35 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
    C:\QooBox\Quarantine\C\Windows\System32\MDELK.EXE.VIR --> Eliminado Bagle
    C:\Windows\System32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
    C:\Windows\System32\drivers\downld\26972042.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27025550.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27066516.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27109572.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27353230.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27435786.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27478250.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27521368.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27564518.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27605406.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27649570.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27691051.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27734965.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27777584.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27819517.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27863400.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27945161.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\27986594.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28045703.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28088635.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28169974.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28213046.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28255821.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28379280.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28570740.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28612923.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28655854.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28699223.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28742638.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28784961.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28828251.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28871573.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28914161.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28956047.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\28998433.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29081191.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29123857.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29166227.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29252792.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29332306.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29374473.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29416312.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29462426.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\29598194.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30180093.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30347716.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30434359.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30520425.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30605196.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30687221.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30773818.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\30839588.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\31154710.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\31238841.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\31345842.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\31408383.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\31516117.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\31608563.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\31693709.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32051840.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32137656.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32220462.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32262504.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32303797.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32388163.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32430611.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32472122.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32514196.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32555474.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32596783.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32639262.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32681320.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32763220.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32807181.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32848397.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32889331.EXE --> Eliminado Bagle
    C:\Windows\System32\drivers\downld\32931530.EXE --> Eliminado Bagle

    Nº Total de Directorios: 17957
    Nº Total de Ficheros: 137452
    Nº de Ficheros Analizados: 15248
    Nº de Ficheros Infectados: 80
    Nº de Ficheros Limpiados: 80

    Tue Apr 08 09:50:16 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Tue Apr 08 09:50:17 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 576
    Nº Total de Ficheros: 4220
    Nº de Ficheros Analizados: 140
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0
    Exploración Detenida por el Usuario.

    Tue Apr 08 09:50:50 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Tue Apr 08 09:50:51 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Tue Apr 08 09:56:56 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Tue Apr 08 09:56:58 2008
    EliBagle v11.22 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 17926
    Nº Total de Ficheros: 137476
    Nº de Ficheros Analizados: 15047
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    POST MODE SANS ECHEC
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    essaie d´ainstaller ca maintenant, oublie avast < desinstale le et

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    puis post un nouveau rapport hijack this stp

    dis moi quoi

    @+
    0
  8. RoBiN31
     
    bon je dois aller en cours je finirais ça ce soir et merci beaucoup de ton aide!!!!!
    a+
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    etteind le pc alors

    @+
    0
  10. RoBiN31
     
    coucou je suis revenu!!!
    bon e suis en tran de fare le scan antivir mais jaurai besoin d'un peu plus de temps car je fais deux scan : un en mode sans echec et un autre en mode normal...je te posterai le rapport après...
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    lus

    ca sert a rien d´en faire deux, fais juste celui en mode sans echec ;-)

    @+
    0
  12. RoBiN31
     
    okayy je te repons quand c'est fini : c'est à 33% pour le moment
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok
    @+
    0
  14. RoBiN31
     
    juste une question : je selectionne quoi quand avira trouve un virus?????
    0
  15. RoBiN31
     
    le virus vient de C:\Program Files\Navilog\reboot.exe
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    tu selectionne supprimer
    oui navilog est vu comme un virus...
    0
  17. RoBiN31
     
    juste un probleme : avira a supprimé le programme hijackthis...comment faire???
    0
  18. RoBiN31
     
    c bon jai un rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:14, on 2008-04-08
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
    C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Users\Robin\Bureau\Bagle\mdelk.exe (3).exe
    C:\Windows\system32\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\HomeCinema\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Way poll] "C:\ProgramData\MAILCAKECAKE.pzqs3hp"
    O4 - HKLM\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Play Online Coal.lktuqu"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Way poll] "C:\ProgramData\MAILCAKECAKE.mjqav"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-18\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Robin\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
    O13 - Gopher Prefix:
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
    O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
    O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    0
  19. RoBiN31
     
    MERCI TOUT LE MONDE JAI REUSSI A LERADIQUER!!!!!!!! MERCI POUR VOS CONSEIL MAIS JE SUIS ALLER UN PEU FOUINER SUR LES AUTRES FORUMS ET JAI DECOUVERT QUNE SEULE MANIP SUFFIT : IL SUFFIT DE TELECHARGER AVIRA ANTIVIR PERSONALEDITION CLASSIC c tout il effectue un scan et eradique tout tout tout tout les virus dont bagle!!!!!!! enfin pour le moment!!!! seul point faible : le scan dure environ 1h!!!! enfin pour mon pc!!!! et il faut etre present pendant tout ce temps pour valider la suppression des virus !!!!!! (ATTENTION : FAIRE LE SCAN EN MODE SANS ECHEC !!!!!!!!! ) et puis c fini!!!!!
    0
  20. g!rly Messages postés 18462 Statut Contributeur 407
     
    robin31,

    il reste des bouts de bagle et puis tu as d´autre infections...

    passe combofix :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    +

    post un nouveau rapport hijack this stp

    @+
    0
  21. RoBiN31
     
    bon voila le rapport combofix mais juste une question : au demarrage de combofix il ne me demande pas dappuyer sur 1!!!!! il se lance tout seul!!!
    le rapport :

    ComboFix 08-04-09.9 - Robin 2008-04-10 18:35:56.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1210 [GMT 2:00]
    Endroit: C:\Users\Robin\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 10:22 --------- d-----w C:\PROGRA~2\Google Updater
    2008-04-10 07:56 --------- d-----w C:\PROGRA~2\NVIDIA
    2008-04-09 21:31 --------- d-----w C:\Program Files\Windows Mail
    2008-04-09 18:31 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-04-09 16:52 --------- d-----w C:\Program Files\Microsoft Picture It! 9
    2008-04-08 16:43 --------- d-----w C:\PROGRA~2\gram 16
    2008-04-08 16:41 --------- d-----w C:\Program Files\Navilog1
    2008-04-08 15:48 --------- d-----w C:\Program Files\Avira
    2008-04-08 15:48 --------- d-----w C:\PROGRA~2\Avira
    2008-04-08 15:45 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
    2008-04-08 07:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-07 16:09 --------- d---a-w C:\PROGRA~2\TEMP
    2008-04-07 14:32 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-04-05 07:35 --------- d-----w C:\Program Files\Sophos
    2008-04-04 20:16 26,056 ----a-w C:\Windows\system32\drivers\hamachi.sys
    2008-04-04 15:35 --------- d-----w C:\Program Files\Microsoft Digital Image 10
    2008-04-03 20:08 --------- d-----w C:\Program Files\Hamachi
    2008-04-03 18:53 --------- d-----w C:\Program Files\Dictionnaire
    2008-04-02 12:12 --------- d-----w C:\Program Files\PhotoFiltre
    2008-04-02 12:07 --------- d-----w C:\Program Files\Electronic Arts
    2008-04-01 18:33 37,888 ----a-w C:\Windows\System32\rar.exe
    2008-03-31 19:20 --------- d-----w C:\Program Files\BitDownload
    2008-03-31 16:59 --------- d-----w C:\Program Files\7-Zip
    2008-03-31 15:46 --------- d-----w C:\PROGRA~2\Okay meta anti lite
    2008-03-31 15:45 --------- d-----w C:\Program Files\gram 16
    2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
    2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
    2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
    2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
    2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
    2008-03-28 21:08 --------- d-----w C:\Program Files\AVIConverter
    2008-03-28 18:53 --------- d-----w C:\Program Files\eRightSoft
    2008-03-28 18:53 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-03-28 16:23 --------- d-----w C:\Program Files\AskTBar
    2008-03-27 15:51 --------- d-----w C:\Program Files\Yahoo!
    2008-03-23 09:31 --------- d-----w C:\Program Files\EKAf Incorporated
    2008-03-23 00:10 --------- d-----w C:\Program Files\Pcsx2_0.9.4
    2008-03-23 00:08 --------- d-----w C:\Program Files\bleem
    2008-03-22 23:49 --------- d-----w C:\Program Files\Pcsx2
    2008-03-19 15:46 --------- d-----w C:\Program Files\TripleTriadOnline
    2008-03-18 17:30 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-03-18 17:30 --------- d-----w C:\Program Files\DAEMON Tools
    2008-03-16 19:28 --------- d-----w C:\Program Files\Ratajik Software
    2008-03-16 09:43 --------- d-----w C:\Program Files\Common Files\Nero
    2008-03-16 09:40 --------- d-----w C:\Program Files\Nero
    2008-03-16 09:40 --------- d-----w C:\PROGRA~2\Nero
    2008-03-16 00:14 --------- d-----w C:\Program Files\Search Settings
    2008-03-16 00:14 --------- d-----w C:\Program Files\Dealio
    2008-03-16 00:13 --------- d-----w C:\Program Files\Free Audio Pack
    2008-03-16 00:10 --------- d-----w C:\Program Files\Free Easy Burner
    2008-03-16 00:04 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
    2008-03-16 00:03 --------- d-----w C:\Program Files\Ahead
    2008-03-15 19:58 --------- d-----w C:\Program Files\PPLive
    2008-03-15 19:58 --------- d-----w C:\Program Files\Common Files\Synacast
    2008-03-15 12:08 --------- d-----w C:\Program Files\Winamp
    2008-03-15 10:18 --------- d-----w C:\PROGRA~2\Simple Star Shared
    2008-03-15 00:13 --------- d-----w C:\Program Files\VideoLAN
    2008-03-14 23:58 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-03-14 23:58 --------- d-----w C:\Program Files\DivX
    2008-03-14 21:04 --------- d-----w C:\Program Files\BrowsingSoftware
    2008-03-11 19:09 --------- d-----w C:\Program Files\TVAnts
    2008-03-10 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-07 22:12 --------- d-----w C:\Program Files\free-downloads.net
    2008-03-07 21:08 --------- d-----w C:\Program Files\Act-3D
    2008-03-05 17:15 --------- d-----w C:\Program Files\KONAMI
    2008-03-04 21:39 --------- d-----w C:\PROGRA~2\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-28 08:47 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 20:36 --------- d-----w C:\Program Files\Custom Property Propa-Gator
    2008-02-27 20:21 --------- d-----w C:\Program Files\Capturino 1.4
    2008-02-27 12:11 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-27 12:11 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-25 18:10 --------- d-----w C:\Program Files\Skyline
    2008-02-25 18:10 --------- d-----w C:\PROGRA~2\Skyline
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
    2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
    2008-02-14 17:17 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-02-14 16:44 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 16:44 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 16:39 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 16:39 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 16:39 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 16:39 28,216 ----a-w C:\Windows\system32\drivers\msahci.sys
    2008-02-14 16:39 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 16:39 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 16:39 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
    2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    2008-02-06 18:47 1160544 --a------ C:\Program Files\Search Settings\kb126\SearchSettings.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 15:52 202024]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
    "Way poll"="C:\ProgramData\MAILCAKECAKE.mjqav" [2008-04-07 21:27 311312]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "eMuleAutoStart"="C:\eMule\emule.exe" [2007-05-13 16:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-01 04:05 1006264]
    "fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 12:12 243240]
    "NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 11:14 439512]
    "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 11:18 215256]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 14:27 4702208 C:\Windows\RtHDVCpl.exe]
    "LanguageShortcut"="C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [2007-02-07 17:21 54832]
    "PlayMovie"="C:\Program Files\HomeCinema\PlayMovie\PMVService.exe" [2007-09-07 02:26 172032]
    "UpdatePPShortCut"="C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2007-09-13 17:32 222504]
    "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2008-04-07 18:09 90112]
    "TVEService"="C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-15 22:57 155648]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 17:02 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 17:06 2027792]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-09 13:58 1836544]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-13 03:49 974898]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
    "au"="C:\Program Files\Dealio\DealioAU.exe" [2008-02-08 14:11 546144]
    "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "Way poll"="C:\ProgramData\MAILCAKECAKE.pzqs3hp" [2008-04-07 17:54 258064]
    "ANTI LITE TITLE DEBUG"="C:\ProgramData\Play Online Coal.lktuqu" [2008-03-31 17:46 110608]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 17:50 249896]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 21:00 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 21:00 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 21:00 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-09 13:44:28 125624]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2228780556-1547823411-927857100-1002]
    "EnableNotificationsRef"=dword:00000004

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{A32FF2E6-C137-444D-AA3F-FCF366422C7D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9F63B329-1C68-4C02-879F-98C2117CEF5B}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{BE1AADD2-98C5-4DC6-998D-7685090AEDCB}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{75D62DD9-A206-4A2C-81EA-5C7BB12A5A85}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{F751349B-C5E1-4646-BDAF-7AF42149DD13}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{94272C3F-8883-44A1-A0D5-AAF2193C7F7A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{3A7A1025-C9EF-4CA7-AE08-293A55156D21}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{1BE231AA-5540-47AA-8C8C-22ADDE46B773}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{89E91E66-1A54-4168-A6D3-240D7CBBFC0A}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{3400574F-B75E-4702-A627-A48A74A4A136}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
    "{05F1BC8D-C131-4116-9F42-E36CA68C4591}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{4F7A512C-185A-4397-A8DC-97239AF6E77A}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{AD524515-EBA8-426B-8430-C21CF3BFFBBD}"= C:\Program Files\HomeCinema\PlayMovie\PlayMovie.exe:CyberLink PlayMovie
    "{0C724D12-5C88-4995-BCC6-7AE718C5242C}"= C:\Program Files\HomeCinema\PlayMovie\PMVService.exe:CyberLink PlayMovie Resident Program
    "{70616088-921F-41F8-A892-9578FF669C07}"= C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
    "{02CCDEEB-2708-413A-BA8F-778B7BDFDC03}"= C:\Program Files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
    "TCP Query User{8349C37C-D8D0-4D61-8BE2-DAE045AC6C75}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{7BD34D38-233B-4A5F-B0D2-6472040D906C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{1BB617D7-A387-4B00-A70D-4B490BF947A7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{B1F741DD-52F9-49A1-95FA-6895416EDB1E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{9F7BCCA7-4B6E-4D19-A49C-47887047987D}C:\\windows.old.001\\program files\\emule\\emule.exe"= UDP:C:\windows.old.001\program files\emule\emule.exe:eMule
    "UDP Query User{476BBBE4-0B5F-42A8-B37C-86CF75FCC589}C:\\windows.old.001\\program files\\emule\\emule.exe"= TCP:C:\windows.old.001\program files\emule\emule.exe:eMule
    "{2A765411-160A-43C0-9F1E-6D5E4F521DE5}"= UDP:6281:eMule_TCP
    "{3CE1B17F-D2D7-4F57-87D5-10D52C5E545D}"= UDP:7288:eMule_UDP
    "{3F69773E-87C8-4AB1-A879-F61341778C49}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{82A40329-B55D-454B-93FE-977FED7A6E9D}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{EE7F1C21-E101-4B18-B9C6-15D2FF1797B2}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{BC789A86-E44D-42B2-B9F8-A7F1D1E9E97C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{CBDEDDB6-3D01-475A-8FC1-1862E5F233FD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{FB26914A-430E-4288-B767-108B9D029B33}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{430B94BB-FD94-4465-BA3C-B348C26CBD05}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{A86BE1B0-E353-4C00-8E7D-DC1118917FA7}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "TCP Query User{165CACE4-386F-4AF5-B42A-59915CC4AB2A}C:\\program files\\call of duty\\codmp.exe"= UDP:C:\program files\call of duty\codmp.exe:CoDMP
    "UDP Query User{BECC96FA-8666-4D7C-B2CB-7C102C095269}C:\\program files\\call of duty\\codmp.exe"= TCP:C:\program files\call of duty\codmp.exe:CoDMP
    "TCP Query User{1DE0EC09-95F1-4F3C-BA96-E6B7DAE74DDD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{95899069-E09A-46D7-9F71-1F5D5E118C6F}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{C846FF26-2D25-47C7-A565-119EC0B4CB29}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
    "UDP Query User{3EE20903-898A-4A62-ACD9-3862ED3AE366}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
    "TCP Query User{93085BED-4D1F-47AA-8EB1-A49714BF103D}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
    "UDP Query User{08962FC1-4CE8-4E57-8CF4-5F30118B1E0B}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
    "TCP Query User{3CAA51B5-AAF1-4A28-81E3-0A7BE58C3E02}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
    "UDP Query User{8A3699A7-C523-4E1B-BD23-ECB105BF399C}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
    "{314DDCC8-5B52-40D2-AC64-099A5006BF59}"= UDP:C:\Program Files\PPLive\PPLive.exe:PPLive
    "{75C2E343-A185-476E-B01B-BC9B79BDF106}"= TCP:C:\Program Files\PPLive\PPLive.exe:PPLive
    "TCP Query User{83227CF7-A369-4C92-98F0-C09471E31A98}C:\\program files\\ratajik software\\stationripper\\stationripperconsole.exe"= UDP:C:\program files\ratajik software\stationripper\stationripperconsole.exe:StationRipperConsole
    "UDP Query User{F2B0A77B-32CB-4963-81C0-D65261D2FCCE}C:\\program files\\ratajik software\\stationripper\\stationripperconsole.exe"= TCP:C:\program files\ratajik software\stationripper\stationripperconsole.exe:StationRipperConsole
    "{B5DD0542-544F-4F1D-AF68-C3E089D0F573}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{070DAE50-A5B4-474F-9480-36F9A11C871A}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "TCP Query User{B0D0A83C-E18A-44BF-AE0B-FD4864157BE7}C:\\users\\robin\\appdata\\local\\temp\\rar$ex00.791\\nestcl95.exe"= UDP:C:\users\robin\appdata\local\temp\rar$ex00.791\nestcl95.exe:nestcl95.exe
    "UDP Query User{CB9D84A8-75D9-4FCF-8C61-415492B72CED}C:\\users\\robin\\appdata\\local\\temp\\rar$ex00.791\\nestcl95.exe"= TCP:C:\users\robin\appdata\local\temp\rar$ex00.791\nestcl95.exe:nestcl95.exe
    "TCP Query User{BDA877E6-DE4C-4CE8-80FC-B2CAC6CE8AD2}C:\\users\\robin\\appdata\\local\\temp\\rar$ex04.328\\nestcl95.exe"= UDP:C:\users\robin\appdata\local\temp\rar$ex04.328\nestcl95.exe:nestcl95.exe
    "UDP Query User{6607EF81-F145-46F3-BC59-E9EF7A274F9F}C:\\users\\robin\\appdata\\local\\temp\\rar$ex04.328\\nestcl95.exe"= TCP:C:\users\robin\appdata\local\temp\rar$ex04.328\nestcl95.exe:nestcl95.exe
    "TCP Query User{E9850F1B-992E-4794-B5E8-7E316FC5CB9A}C:\\program files\\bitdownload\\bitdownload.exe"= UDP:C:\program files\bitdownload\bitdownload.exe:BitDownload
    "UDP Query User{C84658B4-463C-483F-A388-E48DE277FDE6}C:\\program files\\bitdownload\\bitdownload.exe"= TCP:C:\program files\bitdownload\bitdownload.exe:BitDownload
    "TCP Query User{F5ECA085-21F3-416F-9FAA-95374C144E73}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
    "UDP Query User{540C75D0-4886-499B-B2AB-73277DAF686F}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
    "{036E45EA-D12C-44FF-A464-125803FCF845}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
    "TCP Query User{AC4B3C5E-4BDC-4F97-A8AC-AEBF5AECCDB5}C:\\users\\robin\\appdata\\local\\temp\\electronicarts_patcher_001.exe"= UDP:C:\users\robin\appdata\local\temp\electronicarts_patcher_001.exe:electronicarts_patcher_001.exe
    "UDP Query User{E0D1CC39-AE4C-4ECD-BB58-92D9CAABD643}C:\\users\\robin\\appdata\\local\\temp\\electronicarts_patcher_001.exe"= TCP:C:\users\robin\appdata\local\temp\electronicarts_patcher_001.exe:electronicarts_patcher_001.exe
    "TCP Query User{5935319B-4C56-49E6-9EC2-A6607152DB40}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
    "UDP Query User{2361D2E9-3054-41E6-AD60-0C839DEE90A2}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
    "TCP Query User{ABCF4772-0867-4051-887A-F09CCD0B8F14}C:\\users\\robin\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\robin\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
    "UDP Query User{32857DE3-0F66-4E44-8E68-C8441AC15FBB}C:\\users\\robin\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\robin\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\HomeCinema\PlayMovie\[u]0/u00.fcl [2007-10-11 13:21]
    R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\HomeCinema\PowerDVD\[u]0/u00.fcl [2007-10-09 17:14]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
    R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 12:46]
    R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
    R2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-12-17 12:13]
    R2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 11:14]
    R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 21:34]
    R2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 11:17]
    R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe" [2007-10-15 22:58]
    R2 TVESched;TVEnhance Task Scheduler (TTS));"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe" [2007-10-15 22:58]
    R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-02-01 19:16]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 11:43]
    R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 11:31]
    S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 11:15]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{032661a1-f4ba-11dc-9b1b-001d922e0d0d}]
    \shell\AutoRun\command - I:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3e5206e-d8b6-11dc-b62d-0007cb0000ff}]
    \shell\AutoRun\command - H:\autorun_PES2008.exe

    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-10 18:37:02
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-10 18:37:24
    ComboFix-quarantined-files.txt 2008-04-10 16:37:18
    ComboFix2.txt 2008-04-10 16:34:05
    ComboFix3.txt 2008-04-07 17:12:18
    ComboFix4.txt 2008-04-07 16:35:40
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    .
    2008-04-09 18:33:49 --- E O F ---
    0
  • 1
  • 2