Downloader bagle - hijack - que faire ?

Résolu
sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   -  
sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Ce trojan a été trouvé par avg antispyware. J'ai fait un scan en ligne sur secuser, rien n'a été trouvé. Par contre avec kaspersky en ligne, 2 virus et 10 objets infectés, mais ces objets sont "locked" il dit "skipped.

J'ai aussi utilisé elibagla. Je mets un hijack : que dois-je faire ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:08, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\Ad_aware2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
F:\Ad_aware2007\Ad-Watch2007.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
F:\Alarm_Notes\ChamClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\AVG\AVG Anti-Spyware 7.5\guard.exe
F:\NEROBIS\Nero 8\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
F:\NEROBIS\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "D:\Omnipage v15\ScanSoft\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Ad-Watch] F:\Ad_aware2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [HomeAlarm] F:\Alarm_Notes\ChamClock.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47431C51-02DA-4AEA-9326-1F20BC3A7CBF}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{47431C51-02DA-4AEA-9326-1F20BC3A7CBF}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Ad_aware2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\AVG\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\NEROBIS\Nero 8\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\NEROBIS\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8582 bytes

Merci pour les réponses.
Configuration: Windows XP
Firefox 2.0.0.14

15 réponses

  1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, perso je trouve rien comme infection sur ton hijackthis mais c'est dommage que tu n'ais pas mis le rapport de kaspersky
    0
    1. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
       
      Voilà :

      C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\AWProcessesLog.log Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\CoreEngineCommunicationLog.log Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      C:\System Volume Information\_restore{3521E9ED-3177-45E5-8B37-F9EA6657AC9C}\RP83\change.log Object is locked skipped
      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
      C:\WINDOWS\Sti_Trace.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
      C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\default Object is locked skipped
      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
      C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
      C:\WINDOWS\system32\config\SAM Object is locked skipped
      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
      C:\WINDOWS\system32\config\software Object is locked skipped
      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\system Object is locked skipped
      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
      C:\WINDOWS\system32\h323log.txt Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
      C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat Object is locked skipped
      C:\WINDOWS\Temp\Perflib_Perfdata_628.dat Object is locked skipped
      C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
      C:\WINDOWS\wiadebug.log Object is locked skipped
      C:\WINDOWS\wiaservc.log Object is locked skipped
      C:\WINDOWS\WindowsUpdate.log Object is locked skipped
      D:\eMule\Incoming\LOGICIELS\Nero\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE_rar.vir/Setup/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
      D:\eMule\Incoming\LOGICIELS\Nero\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE_rar.vir/Setup/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
      D:\eMule\Incoming\LOGICIELS\Nero\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE_rar.vir/Setup/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
      D:\eMule\Incoming\LOGICIELS\Nero\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE_rar.vir RAR: infected - 3 skipped
      D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      F:\NEROBIS\Nero 8\Nero BackItUp\BIU1.txt Object is locked skipped
      F:\SYLVIE\LOGICIELS\Navilog1.exe/file09 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
      F:\SYLVIE\LOGICIELS\Navilog1.exe Inno: infected - 1 skipped
      F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      F:\System Volume Information\_restore{3521E9ED-3177-45E5-8B37-F9EA6657AC9C}\RP83\change.log Object is locked skipped
      F:\TELECHARGEMENT\LOGICIELS\nero 8.0.3.0 multilangue + n°de serie BY sersev.7z/Nero 8.0.3.0/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
      F:\TELECHARGEMENT\LOGICIELS\nero 8.0.3.0 multilangue + n°de serie BY sersev.7z/Nero 8.0.3.0/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
      F:\TELECHARGEMENT\LOGICIELS\nero 8.0.3.0 multilangue + n°de serie BY sersev.7z/Nero 8.0.3.0/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
      F:\TELECHARGEMENT\LOGICIELS\nero 8.0.3.0 multilangue + n°de serie BY sersev.7z 7-Zip: infected - 3 skipped
      G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      Scan process completed.


      merci d'avoir répondu.
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    vire tes cracks déjà!!!

    __________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    ___________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
       
      Salut Jlpjlp

      combo :
      ComboFix 08-06-06.4 - Administrateur 2008-06-06 22:27:37.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.540 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\Downloaded Program Files\setup.inf

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))))))
      .

      2008-06-06 21:17 . 2008-06-06 21:17 <REP> d-------- C:\Program Files\MozBackup
      2008-06-06 16:52 . 2008-06-06 16:52 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-06-06 16:52 . 2008-06-06 16:52 <REP> d-------- C:\WINDOWS\LastGood
      2008-06-06 16:52 . 2008-06-06 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-06-06 15:17 . 2008-06-06 15:17 <REP> d-------- C:\Program Files\Trend Micro
      2008-06-06 14:47 . 2008-06-06 14:47 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-06 14:47 . 2008-06-06 14:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-06 14:47 . 2008-06-06 14:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-06-06 14:47 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-06 14:47 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-06-06 14:03 . 2008-06-06 14:03 <REP> d-------- C:\WINDOWS\report
      2008-06-06 14:03 . 2008-06-06 14:03 <REP> d-------- C:\WINDOWS\AU_Backup
      2008-06-06 14:03 . 2008-06-06 14:03 35,014,633 --a------ C:\WINDOWS\VPTNFILE.325
      2008-06-06 14:03 . 2008-06-06 14:03 35,014,633 --a------ C:\WINDOWS\LPT$VPN.325
      2008-06-06 14:03 . 2008-06-06 14:03 1,958,484 --a------ C:\WINDOWS\tsc.ptn
      2008-06-06 14:03 . 2008-06-06 14:03 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
      2008-06-06 14:03 . 2008-06-06 14:03 333,576 --a------ C:\WINDOWS\TSC.exe
      2008-06-06 14:03 . 2008-06-06 14:03 91,744 --a------ C:\WINDOWS\BPMNT.dll
      2008-06-06 14:03 . 2008-06-06 14:03 71,749 --a------ C:\WINDOWS\hcextoutput.dll
      2008-06-06 14:03 . 2008-06-06 14:03 823 --a------ C:\WINDOWS\tsc.ini
      2008-06-06 14:02 . 2008-06-06 14:03 <REP> d-------- C:\WINDOWS\AU_Temp
      2008-06-06 14:02 . 2008-06-06 14:02 <REP> d-------- C:\WINDOWS\AU_Log
      2008-06-06 14:02 . 2008-06-06 14:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
      2008-06-06 14:02 . 2008-06-06 14:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
      2008-06-06 14:02 . 2008-06-06 14:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
      2008-06-06 14:02 . 2008-06-06 14:02 170 --a------ C:\WINDOWS\GetServer.ini
      2008-06-04 14:09 . 2008-06-04 14:09 <REP> d-------- C:\WINDOWS\Sun
      2008-06-04 14:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-06-04 14:08 . 2008-06-04 14:09 <REP> d-------- C:\Program Files\Java
      2008-06-04 14:08 . 2008-06-04 14:08 <REP> d-------- C:\Program Files\Fichiers communs\Java
      2008-05-29 16:15 . 2008-05-29 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
      2008-05-29 16:15 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-05-20 21:50 . 2008-05-20 21:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
      2008-05-20 09:26 . 2008-05-20 09:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-05-20 09:24 . 2008-05-20 09:24 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-05-17 15:34 . 2008-06-01 14:14 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
      2008-05-14 12:04 . 2008-05-14 12:04 <REP> d-------- C:\Documents and Settings\All Users\SonicStage
      2008-05-14 11:04 . 2008-05-14 11:05 <REP> d-------- C:\Program Files\Sony
      2008-05-14 11:04 . 2008-05-14 11:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
      2008-05-14 11:03 . 2008-05-14 11:04 <REP> d-------- C:\Program Files\Fichiers communs\Sony Shared
      2008-05-14 11:03 . 2008-05-14 12:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-06 12:45 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
      2008-05-20 07:32 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
      2008-05-20 07:31 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
      2008-05-20 07:31 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-05-17 13:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-05-07 18:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
      2008-05-01 16:30 457,728 ----a-w C:\WINDOWS\BBPAssoc.dll
      2008-04-28 15:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ACD Systems
      2008-04-28 08:34 286,720 ----a-w C:\WINDOWS\iun506.exe
      2008-04-20 13:47 --------- d-----w C:\Program Files\GIMP-2.0
      2008-04-18 13:38 17,600 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
      2008-04-18 13:21 --------- d-----w C:\Program Files\Apple Software Update
      2008-04-15 08:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
      2008-04-14 10:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ScanSoft
      2008-04-14 10:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Zeon
      2008-04-14 10:10 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Zeon
      2008-04-14 10:10 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
      2008-04-14 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zeon
      2008-04-14 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
      2008-04-14 10:08 --------- d-----w C:\Program Files\ScanSoft
      2008-04-14 10:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-04-14 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
      2008-04-14 09:12 --------- d-----w C:\Program Files\QuickTime
      2008-04-14 09:12 --------- d-----w C:\Program Files\iPod
      2008-04-14 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-04-14 09:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
      2008-04-14 09:11 --------- d-----w C:\Program Files\Fichiers communs\Apple
      2008-04-14 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
      2008-04-11 20:42 --------- d-----w C:\Program Files\HP
      2008-04-11 19:03 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
      2008-04-10 21:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nero
      2008-04-10 21:56 --------- d-----w C:\Program Files\Fichiers communs\Nero
      2008-04-10 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-04-08 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
      2008-04-08 16:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-04-08 10:56 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
      2008-04-08 08:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ArcSoft
      2008-04-07 16:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Thunderbird
      2008-04-07 16:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
      2008-04-07 16:06 --------- d-----w C:\Program Files\Goto.Games
      2008-04-07 16:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Goto.Games
      2008-04-06 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-04-06 21:09 --------- d-----w C:\Program Files\CCleaner
      2008-04-06 19:02 --------- d-----w C:\Program Files\Eurobarre
      2008-04-06 18:59 15,872 ------w C:\WINDOWS\system32\winskfr.dll
      2008-04-06 18:59 119,568 ------w C:\WINDOWS\system32\vb6fr.dll
      2008-04-06 10:01 --------- d-----w C:\Program Files\Logitech
      2008-04-06 10:01 --------- d-----w C:\Program Files\Fichiers communs\Logitech
      2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
      2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-06 13:18 102 ----a-w C:\WINDOWS\Fonts\templates.url
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HomeAlarm"="F:\Alarm_Notes\ChamClock.exe" [2006-10-26 22:25 915456]
      "OpAgent"="OpAgent.exe" []
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
      "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
      "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
      "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
      "ScanSoft OmniPage 16-reminder"="D:\Omnipage v15\ScanSoft\Ereg\Ereg.exe" [2007-07-20 09:50 328992]
      "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
      "Ad-Watch"="F:\Ad_aware2007\Ad-Watch2007.exe" [2007-06-30 21:53 4190208]
      "!AVG Anti-Spyware"="D:\AVG\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 16:09 138240]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

      C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
      Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe [2008-04-06 20:59:51 113664]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.VP40"= vp4vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2008-01-11 22:16 39792 D:\Adobe Reader 8.1.2\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2007-09-20 15:35 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
      --a------ 2007-09-20 10:35 1077032 F:\NEROBIS\Nero 8\InCD\InCD.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2008-03-30 10:36 267048 D:\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
      --a------ 2007-09-20 09:51 1836328 F:\NEROBIS\Nero 8\Nero BackItUp\NBKeyScan.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
      --a------ 2007-09-20 10:36 2044712 F:\NEROBIS\Nero 8\InCD\NBHGui.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "D:\\eMule\\emule.exe"=
      "D:\\iTunes\\iTunes.exe"=
      "C:\\WINDOWS\\system32\\ntvdm.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 09:50]

      *Newly Created Service* - CATCHME
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-06-02 20:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-06 22:28:38
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-06-06 22:29:09
      ComboFix-quarantined-files.txt 2008-06-06 20:29:03

      Pre-Run: 62,585,585,664 octets libres
      Post-Run: 62,578,106,368 octets libres

      187 --- E O F --- 2008-05-28 08:43:51


      Malewarebyte:
      Malwarebytes' Anti-Malware 1.15
      Version de la base de données: 831

      22:34:17 06/06/2008
      mbam-log-6-6-2008 (22-34-17).txt

      Type de recherche: Examen rapide
      Eléments examinés: 35096
      Temps écoulé: 2 minute(s), 9 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  3. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    il me semble que ton rapport n'est pas complet mais par précaution passes malwarebytes
    Telecharge malwarebytes

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    ps : les rapport sont aussi rangé dans l onglet rapport/log
    0
    1. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
       
      Salut,

      Merci de répondre,
      J'ai mis le rapport en réponse à jlpjlp,
      bonne soirée.
      0
    2. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
       
      Jlpjlp me renvoit vers vous :)

      comme il ne l'a indiqué j'ai fait "fix" avec cwshredder.

      dernier kaspersky:
      KASPERSKY ONLINE SCANNER REPORT
      Friday, June 06, 2008 11:15:15 PM
      Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
      Kaspersky Online Scanner version: 5.0.98.0
      Kaspersky Anti-Virus database last update: 6/06/2008
      Kaspersky Anti-Virus database records: 834859
      Scan Settings
      Scan using the following antivirus database extended
      Scan Archives true
      Scan Mail Bases true
      Scan Target Folders
      C:\
      Scan Statistics
      Total number of scanned objects 27576
      Number of viruses found 0
      Number of infected objects 0
      Number of suspicious objects 0
      Duration of the scan process 00:20:29

      Infected Object Name Virus Name Last Action
      C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\cert8.db Object is locked skipped
      C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\formhistory.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\history.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\key3.db Object is locked skipped
      C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\parent.lock Object is locked skipped
      C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\search.sqlite Object is locked skipped
      C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\urlclassifier2.sqlite Object is locked skipped
      C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\Cache\_CACHE_001_ Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\Cache\_CACHE_002_ Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\Cache\_CACHE_003_ Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\al7a72e9.default\Cache\_CACHE_MAP_ Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\Administrateur\UserData\index.dat Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
      C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      C:\System Volume Information\_restore{3521E9ED-3177-45E5-8B37-F9EA6657AC9C}\RP84\change.log Object is locked skipped
      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
      C:\WINDOWS\Sti_Trace.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
      C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\default Object is locked skipped
      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
      C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
      C:\WINDOWS\system32\config\SAM Object is locked skipped
      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
      C:\WINDOWS\system32\config\software Object is locked skipped
      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\system Object is locked skipped
      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
      C:\WINDOWS\system32\h323log.txt Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
      C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat Object is locked skipped
      C:\WINDOWS\Temp\Perflib_Perfdata_628.dat Object is locked skipped
      C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
      C:\WINDOWS\wiadebug.log Object is locked skipped
      C:\WINDOWS\wiaservc.log Object is locked skipped
      C:\WINDOWS\WindowsUpdate.log Object is locked skipped
      Scan process completed.
      0
  4. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
     
    Je peux fermer le post en résolu ?
    Bonne fin de soirée à tous.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok remets un hijakhcits pour voir

    mais je pense que c'est bon
    0
  7. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
     
    Bonsoir,
    non c'est pas bon,
    mais quant j'ai voulu continuer le fil de ce message j'ai eu comme réponse message effacé j'ai donc ouvert une autre question.
    j'avais oublié d'analyser une partition, kasperski continue à trouver un virus
    fiat500 m'a répondu sur mon autre post
    excusez-moi pour le mélange,
    dernier hijack :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:15:18, on 07/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    F:\Ad_aware2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    F:\Ad_aware2007\Ad-Watch2007.exe
    D:\AVG\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    F:\Alarm_Notes\ChamClock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Eurobarre\eb.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\AVG\AVG Anti-Spyware 7.5\guard.exe
    F:\NEROBIS\Nero 8\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    F:\NEROBIS\Nero 8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "D:\Omnipage v15\ScanSoft\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Ad-Watch] F:\Ad_aware2007\Ad-Watch2007.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [HomeAlarm] F:\Alarm_Notes\ChamClock.exe
    O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\OFFICE~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{47431C51-02DA-4AEA-9326-1F20BC3A7CBF}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{47431C51-02DA-4AEA-9326-1F20BC3A7CBF}: NameServer = 212.27.54.252,212.27.53.252
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Ad_aware2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\AVG\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\NEROBIS\Nero 8\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\NEROBIS\Nero 8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu as le rapport kaspersky?
    0
  9. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
     
    oui :

    KASPERSKY ONLINE SCANNER REPORT
    Saturday, June 07, 2008 2:15:16 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/06/2008
    Kaspersky Anti-Virus database records: 836505
    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true
    Scan Target Folders
    F:\
    Scan Statistics
    Total number of scanned objects 11693
    Number of viruses found 1
    Number of infected objects 2
    Number of suspicious objects 0
    Duration of the scan process 00:36:45

    Infected Object Name Virus Name Last Action
    F:\NEROBIS\Nero 8\Nero BackItUp\BIU1.txt Object is locked skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    F:\System Volume Information\_restore{3521E9ED-3177-45E5-8B37-F9EA6657AC9C}\RP84\A0006761.exe/file09 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    F:\System Volume Information\_restore{3521E9ED-3177-45E5-8B37-F9EA6657AC9C}\RP84\A0006761.exe Inno: infected - 1 skipped
    F:\System Volume Information\_restore{3521E9ED-3177-45E5-8B37-F9EA6657AC9C}\RP84\change.log Object is locked skipped
    Scan process completed.
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok cela va aller très vite!

    désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là : https://www.informatruc.com
    0
  11. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
     
    ok, c'est fait.
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait tu peux verifier avec kaspersky

    si rien c'est resolu!

    et remplace ta version ad aware par la version 2008
    0
    1. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
       
      oui, tout est ok
      un grand merci
      bonne fin de soirée à tous :)
      0
  13. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Bonsoir à tous

    jlpjlp, quelque chose m'échappe ==> pourquoi avoir fait faire "fix" avec cwshredder ?
    Je ne vois pas les indices .

    Est-ce pour la "O10" ou pour "AdTool.Win32.MyWebSearch.bm" --> (not-a-virus) ?

    Merci à toi
    Al.
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,
    afideg!

    par erreur j'avais mal vu !
    il y avais
    MyWebSearch dans kasperky et je me suis emporté ...
    0
  15. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Ok
    Merci
    Je préfère ainsi.
    C'est plus clair
    Amicalement
    Albert
    0
  16. sylvie3813 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   2
     
    Merci beaucoup
    tout est ok.
    0