Impossible d'installer antivirus

Bonjour,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

Voici le rapport de GMER AngerDark

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-31 14:43:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwClose
SSDT 820B1CC0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwCreateDirectoryObject
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwMakeTemporaryObject
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwQueryInformationFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwReadFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwUnmapViewOfSection
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\PROCEXP110.SYS Le fichier spécifié est introuvable.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[380] SHELL32.dll!SHFileOperationW 7CA7FD0A 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F846A1DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F846A1DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F846A454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F846A1DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F846A1DE] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F846A1DE] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F845DF4C] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F845DF4C] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE

Héberge ce rapport sur C*Joint car il n'est pas complet sur le forum.

AngelDark, je ne sais pas ce qu'est C*joint, ni la marche a suivre pour héberger mon rapport

Merci par avance

Le site se nomme C-Joint

Voici donc le lien de mlon rapport GMER AngerDark

http://cjoint.com/?kFp0mQ68pe

Merci

C'est apparemment ok.

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Bonjour, voici le rapport de Combofix
Petite précision, j'arrive a installer maintenant un antivirus (avast) ainsi que Spybot mais n'arrive pas a lancer la protéction résidente d'avast et ai des acces refusés par spybot
Merci de m'aider svp

ComboFix 07-10-29.1 - RAFAEL 2007-10-31 18:21:14.1 - NTFSx86
Running from: C:\Documents and Settings\RAFAEL\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\ykpbexamrd.dat
C:\WINDOWS\system32\ykpbexamrd_nav.dat
C:\WINDOWS\system32\ykpbexamrd_navps.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SROSA
-------\NPF


((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))))))))
.

2007-10-31 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 17:09 85,760 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-31 17:09 83,968 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-31 17:09 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-31 17:09 24,240 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-31 17:09 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-31 17:08 <REP> d-------- C:\Program Files\Alwil Software
2007-10-31 17:08 503,296 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-31 17:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-10-31 13:49 <REP> d-------- C:\Documents and Settings\RAFAEL\Pavark
2007-10-31 13:41 <REP> d-------- C:\Program Files\Trend Micro
2007-10-30 16:42 <REP> d-------- C:\Program Files\TESTRAF
2007-10-30 16:33 <REP> d-------- C:\Program Files\a-squared Free
2007-10-30 09:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-25 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft2
2007-10-25 09:02 <REP> d-------- C:\Program Files\Draxysoft
2007-10-25 08:55 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Wallpaper
2007-10-25 08:50 <REP> d-------- C:\Program Files\Change Mon Ecran
2007-10-24 16:37 <REP> d-------- C:\Program Files\Change Ecran
2007-10-24 13:29 <REP> d-------- C:\Program Files\PapierPeint
2007-10-19 15:07 127,043 --a------ C:\WINDOWS\CWBAFDM.EXE
2007-10-19 15:07 37,376 --a------ C:\WINDOWS\system32\CWBAFAPI.DLL
2007-10-15 10:41 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Samsung
2007-10-10 08:54 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 13:07 <REP> d-------- C:\Program Files\QuickTime Alternative
2007-10-05 13:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-27 12:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{BA5D4C17-BBA0-42C9-A526-23FE5567F32B}
2007-09-20 12:55 <REP> d-------- C:\WINDOWS\pzzxs
2007-09-20 12:31 <REP> d-------- C:\TLKGAMES
2007-09-18 13:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 13:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-18 13:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-07 14:19 <REP> d-------- C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2007-09-07 14:19 <REP> d-------- C:\Program Files\DVDVIDEOSOFT
2007-09-07 12:56 <REP> d-------- C:\Program Files\MediaCoder
2007-09-07 11:27 <REP> d-------- C:\Documents and Settings\RAFAEL\dwhelper
2007-09-06 10:11 342,144 --a------ C:\WINDOWS\system32\drivers\sfsz.sys
2007-09-06 10:11 159,907 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2007-09-06 10:11 15,488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys
2007-09-06 10:11 13,056 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys
2007-09-06 10:11 5,120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys
2007-09-06 09:55 294,993 --a------ C:\WINDOWS\system32\MicroSANClient.dll
2007-09-06 09:55 114,688 --a------ C:\WINDOWS\system32\ZNS_Resource.dll
2007-09-06 09:55 98,381 --a------ C:\WINDOWS\system32\MicroSANDevice.dll
2007-09-06 09:55 81,988 --a------ C:\WINDOWS\system32\LSMAPI.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 12:42 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-10-31 10:17 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\OpenOffice.org2
2007-10-31 09:06 --------- d-----w C:\Program Files\Le Mystere de la Momie Demo
2007-10-31 09:06 --------- d-----w C:\Program Files\KaraFun
2007-10-31 09:06 --------- d-----w C:\Program Files\JkDefrag
2007-10-31 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio
2007-10-31 09:04 --------- d-----w C:\Program Files\BankPerfect
2007-10-31 09:03 --------- d-----w C:\Program Files\CursorXP
2007-10-31 09:00 --------- d-----w C:\Program Files\Acoustica CD Label Maker
2007-10-30 08:38 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-30 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-24 09:57 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\XnView
2007-10-22 07:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-22 07:59 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-22 07:59 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-22 07:59 --------- d-----w C:\Program Files\Symantec
2007-09-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-24 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-06 09:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-06 09:02 --------- d-----w C:\Program Files\NETGEAR
2007-08-30 13:39 --------- d-----w C:\Program Files\Pando
2007-05-25 14:04 72,440 ----a-w C:\Documents and Settings\RAFAEL\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 11:20 134 ----a-w C:\Program Files\satsukidecodersettings.ini
2005-03-29 13:37 456,384 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys
2005-01-27 09:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE
2005-01-27 09:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 17:30]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-08-06 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-08-06 05:20]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-08-06 05:20]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2006-01-27 23:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2005-04-19 15:40:34]
SoftRemoteLT.lnk - C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe [2007-02-22 16:29:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
Atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Change Ecran]
C:\Program Files\Change Ecran\Change Ecran.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walser]
C:\Program Files\Draxysoft\Wallpaper Sequencer ultra\Walser.exe start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bgsvcgen"=2 (0x2)
"ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
"AtiPTA"=Atiptaxx.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys
R1 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 Crypto;Crypto;\??\C:\WINDOWS\system32\Drivers\Crypto.sys
R2 EACSvrMngr;(Equant Access Companion) Services Manager;C:\Program Files\Equant\Dialer\EACSvrMngr.exe
R2 EQDRV5;EQUANT NDIS 5 Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\eqdrv5.sys
R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
R3 ati2mpad;ati2mpad;C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys
R3 EACSys;(Equant Access Companion) Devices and Services Monitoring;C:\Program Files\Equant\Dialer\EACSys.exe
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys
R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys
R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys
S3 nk4Seem;nk4Seem;\??\C:\util\sécurite\analyseurs\Seem\nk4Seem.sys
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - ZETSFD
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-31 11:35:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - RAFAEL.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 18:37:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-31 18:41:51 - machine was rebooted
.
--- E O F ---

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

Bonjour et merci AngelDark de m'aider
Je ne peux pas installer Navilog1 car la page du site de Orange est en travaux
Sinon j'ai lancé un Log S & D et voici le rapport



------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\RAFAEL\Bureau"

Rapport créé Le 02/11/2007 à 12:58:53,69 PC : PCRAF

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\All Users\Application Data\Recisio
C:\Documents and settings\All Users\Application Data\Emjysoft2
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\{BA5D4C17-BBA0-42C9-A526-23FE5567F32B}
C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\Symantec
C:\Documents and settings\All Users\Application Data\DVD Shrink
C:\Documents and settings\All Users\Application Data\a32w
C:\Documents and settings\All Users\Application Data\Bluetooth
C:\Documents and settings\All Users\Application Data\Real
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\PC Drivers Headquarters
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\MSN6
C:\Documents and settings\All Users\Application Data\hpzinstall.log
C:\Documents and settings\All Users\Application Data\Hewlett-Packard
C:\Documents and settings\All Users\Application Data\HP
C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\desktop.ini

C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Microsoft

C:\Documents and settings\RAFAEL\Application Data\XnView
C:\Documents and settings\RAFAEL\Application Data\OpenOffice.org2
C:\Documents and settings\RAFAEL\Application Data\Wallpaper
C:\Documents and settings\RAFAEL\Application Data\Microsoft
C:\Documents and settings\RAFAEL\Application Data\Samsung
C:\Documents and settings\RAFAEL\Application Data\LEAPS
C:\Documents and settings\RAFAEL\Application Data\Pegasys Inc
C:\Documents and settings\RAFAEL\Application Data\Media Player Classic
C:\Documents and settings\RAFAEL\Application Data\Adobe
C:\Documents and settings\RAFAEL\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\RAFAEL\Application Data\Acoustica
C:\Documents and settings\RAFAEL\Application Data\Real
C:\Documents and settings\RAFAEL\Application Data\DivX
C:\Documents and settings\RAFAEL\Application Data\Microsoft Excel.ADR
C:\Documents and settings\RAFAEL\Application Data\Symantec
C:\Documents and settings\RAFAEL\Application Data\AdobeUM
C:\Documents and settings\RAFAEL\Application Data\Sun
C:\Documents and settings\RAFAEL\Application Data\vlc
C:\Documents and settings\RAFAEL\Application Data\MSN6
C:\Documents and settings\RAFAEL\Application Data\Mozilla
C:\Documents and settings\RAFAEL\Application Data\Help
C:\Documents and settings\RAFAEL\Application Data\IsolatedStorage
C:\Documents and settings\RAFAEL\Application Data\Macromedia
C:\Documents and settings\RAFAEL\Application Data\Identities
C:\Documents and settings\RAFAEL\Application Data\desktop.ini

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\Norton AntiVirus - Analyse système complète - RAFAEL.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\1964
C:\Program Files\2K Games
C:\Program Files\AC3Filter
C:\Program Files\Acoustica CD Label Maker
C:\Program Files\Adobe
C:\Program Files\adslTV
C:\Program Files\Ahead
C:\Program Files\AIDA32 - Enterprise System Information
C:\Program Files\AIK
C:\Program Files\Alwil Software
C:\Program Files\ArtCursors
C:\Program Files\a-squared Free
C:\Program Files\BankPerfect
C:\Program Files\CCleaner
C:\Program Files\Change Ecran
C:\Program Files\Change Mon Ecran
C:\Program Files\CHRYOPROD
C:\Program Files\C-Media 3D Audio
C:\Program Files\ComPlus Applications
C:\Program Files\CoSine Communications
C:\Program Files\CursorXP
C:\Program Files\DivX
C:\Program Files\Draxysoft
C:\Program Files\Driver-Soft
C:\Program Files\DVDVIDEOSOFT
C:\Program Files\EClea2_0-1
C:\Program Files\Equant
C:\Program Files\ffdshow
C:\Program Files\Fichiers communs
C:\Program Files\Fritivi
C:\Program Files\Haali
C:\Program Files\HardwareDetection
C:\Program Files\Hewlett-Packard
C:\Program Files\Hijackthis Version Française
C:\Program Files\HP
C:\Program Files\IBM
C:\Program Files\Illustrate
C:\Program Files\Internet Explorer
C:\Program Files\IVT Corporation
C:\Program Files\Java
C:\Program Files\JkDefrag
C:\Program Files\jv16 PowerTools 2005
C:\Program Files\KaraFun
C:\Program Files\Le Mystere de la Momie Demo
C:\Program Files\Media Player Classic
C:\Program Files\MediaCoder
C:\Program Files\Messenger
C:\Program Files\Micro Application
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Games
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\My Drivers
C:\Program Files\NETGEAR
C:\Program Files\NetMeeting
C:\Program Files\Norton AntiVirus
C:\Program Files\OpenOffice.org 2.0
C:\Program Files\option
C:\Program Files\Outlook Express
C:\Program Files\Pando
C:\Program Files\PapierPeint
C:\Program Files\Pegasys Inc
C:\Program Files\PhotoFiltre
C:\Program Files\Project64 1.6
C:\Program Files\Project64 v1.5
C:\Program Files\Quick ShutDown
C:\Program Files\QuickTime Alternative
C:\Program Files\Real Alternative
C:\Program Files\ReflexiveArcade
C:\Program Files\RegCleaner
C:\Program Files\Samsung
C:\Program Files\satsukidecodersettings.ini
C:\Program Files\Services en ligne
C:\Program Files\Smart Projects
C:\Program Files\SplitCam
C:\Program Files\Spn
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Symantec
C:\Program Files\TasksKiller
C:\Program Files\TechSmith
C:\Program Files\TESTRAF
C:\Program Files\Trend Micro
C:\Program Files\Tronics
C:\Program Files\Ulead Systems
C:\Program Files\Unlocker
C:\Program Files\VIA
C:\Program Files\VIA Technologies, Inc
C:\Program Files\VideoLAN
C:\Program Files\vlc-0.8.5
C:\Program Files\Windows Media Components
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\XnView
D:\Program Files\Advanced Invisible Keylogger
D:\Program Files\Project64 v1.5

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Designer
C:\program files\fichiers communs\Deterministic Networks
C:\program files\fichiers communs\DVDVIDEOSOFT
C:\program files\fichiers communs\Hewlett-Packard
C:\program files\fichiers communs\HP
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\SureThing Shared
C:\program files\fichiers communs\SWF Studio
C:\program files\fichiers communs\Symantec Shared
C:\program files\fichiers communs\System

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

Ne poste pas des rapports non demandés !
La page est accessible.

Voici le rapport de navilog AngelDark

Search Navipromo version 3.3.4 commencé le 02/11/2007 à 15:02:32,80

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\RAFAEL\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\RAFAEL\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\RAFAEL\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse terminée le 02/11/2007 à 15:03:57,16 ***

Refais un scan Combofix puis poste le rapport  

Voici le dernier rapport de Combofix
Merci pour ton aide !!

ComboFix 07-10-29.1 - RAFAEL 2007-11-02 17:21:05.2 - NTFSx86
Running from: C:\Documents and Settings\RAFAEL\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))))))))
.

2007-11-02 14:59 <REP> d-------- C:\Program Files\Navilog1
2007-10-31 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 17:09 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-31 17:09 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-31 17:09 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-31 17:09 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-31 17:09 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-31 17:08 <REP> d-------- C:\Program Files\Alwil Software
2007-10-31 17:08 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-31 17:08 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-10-31 13:49 <REP> d-------- C:\Documents and Settings\RAFAEL\Pavark
2007-10-31 13:41 <REP> d-------- C:\Program Files\Trend Micro
2007-10-30 16:42 <REP> d-------- C:\Program Files\TESTRAF
2007-10-30 16:33 <REP> d-------- C:\Program Files\a-squared Free
2007-10-30 09:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-25 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft2
2007-10-25 09:02 <REP> d-------- C:\Program Files\Draxysoft
2007-10-25 08:55 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Wallpaper
2007-10-25 08:50 <REP> d-------- C:\Program Files\Change Mon Ecran
2007-10-24 16:37 <REP> d-------- C:\Program Files\Change Ecran
2007-10-24 13:29 <REP> d-------- C:\Program Files\PapierPeint
2007-10-19 15:07 127,043 --a------ C:\WINDOWS\CWBAFDM.EXE
2007-10-19 15:07 37,376 --a------ C:\WINDOWS\system32\CWBAFAPI.DLL
2007-10-15 10:41 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Samsung
2007-10-10 08:54 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 13:07 <REP> d-------- C:\Program Files\QuickTime Alternative
2007-10-05 13:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 14:10 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\OpenOffice.org2
2007-11-02 11:10 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\XnView
2007-10-31 12:42 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-10-31 09:06 --------- d-----w C:\Program Files\Le Mystere de la Momie Demo
2007-10-31 09:06 --------- d-----w C:\Program Files\KaraFun
2007-10-31 09:06 --------- d-----w C:\Program Files\JkDefrag
2007-10-31 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio
2007-10-31 09:04 --------- d-----w C:\Program Files\BankPerfect
2007-10-31 09:03 --------- d-----w C:\Program Files\CursorXP
2007-10-31 09:00 --------- d-----w C:\Program Files\Acoustica CD Label Maker
2007-10-30 08:38 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-30 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-22 07:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-22 07:59 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-22 07:59 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-22 07:59 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-22 07:59 --------- d-----w C:\Program Files\Symantec
2007-09-27 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\{BA5D4C17-BBA0-42C9-A526-23FE5567F32B}
2007-09-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-24 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-07 13:19 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2007-09-07 13:19 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2007-09-07 12:30 --------- d-----w C:\Program Files\MediaCoder
2007-09-06 09:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-06 09:02 --------- d-----w C:\Program Files\NETGEAR
2007-08-24 11:42 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-08-24 11:42 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-25 14:04 72,440 ----a-w C:\Documents and Settings\RAFAEL\Application Data\GDIPFONTCACHEV1.DAT
2007-04-25 11:20 134 ----a-w C:\Program Files\satsukidecodersettings.ini
2005-03-29 13:37 456,384 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys
2005-01-27 09:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE
2005-01-27 09:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-31_18.39.03.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-02 10:04:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_27c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 17:30]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-08-06 05:20]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-08-06 05:20]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-08-06 05:20]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2006-01-27 23:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2005-04-19 15:40:34]
SoftRemoteLT.lnk - C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe [2007-02-22 16:29:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
Atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Change Ecran]
C:\Program Files\Change Ecran\Change Ecran.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walser]
C:\Program Files\Draxysoft\Wallpaper Sequencer ultra\Walser.exe start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bgsvcgen"=2 (0x2)
"ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
"AtiPTA"=Atiptaxx.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys
R1 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 Crypto;Crypto;\??\C:\WINDOWS\system32\Drivers\Crypto.sys
R2 EACSvrMngr;(Equant Access Companion) Services Manager;C:\Program Files\Equant\Dialer\EACSvrMngr.exe
R2 EQDRV5;EQUANT NDIS 5 Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\eqdrv5.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
R3 ati2mpad;ati2mpad;C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys
R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys
R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys
R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys
S2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
S3 EACSys;(Equant Access Companion) Devices and Services Monitoring;C:\Program Files\Equant\Dialer\EACSys.exe
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys
S3 nk4Seem;nk4Seem;\??\C:\util\sécurite\analyseurs\Seem\nk4Seem.sys
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys

*Newly Created Service* - ASWRDR
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-02 11:35:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - RAFAEL.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 17:25:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 17:27:28
C:\ComboFix2.txt ... 2007-10-31 18:41
.
--- E O F ---

J'ai une question AngelDark,
Si j'ai une autre machine qui a les memes symptomes que cette machine là, est ce que je peux faire chaque étape de A à Z ou dois-je reposter une demande d'aide sur le forum
Merci pour la réponse.

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.

AngelDark bonsoir,
Je suis sur mon autre pc là, peux tu me dire si je dois tout refaire comme pour l'autre ou dois je faire autrement ?
Merci par avance (pour Antivir je le ferais lundi matin sur l'autre pc)

Pas pareil  

Par quoi dois je commencer AngelDark ?

Tu peux réaliser la procédure demandé ?
[encore désolé pour le lock]

Voici le rapport de Antivir
Mais petite précision, l'update ne marche pas
J'ai du faire la mise a jour manuelle en récupérant le zip (ivdf_fusebundle_nt_en.zip) sur le site Antivir
Est ce normal ?

AntiVir PersonalEdition Classic
Report file date: mardi 6 novembre 2007 09:21

Scanning for 916490 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PCRAF

Version information:
BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:36
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:36:36
ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 05/11/2007 14:14:46
ANTIVIR3.VDF : 7.0.0.173 2048 Bytes 05/11/2007 14:14:46
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 26/10/2007 13:37:42
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 05/11/2007 14:14:48
AVPACK32.DLL : 7.3.0.15 360488 Bytes 24/08/2007 09:53:16
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 6 novembre 2007 09:21

Starting search for hidden objects.
'26982' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'pcsws.exe' - '1' Module(s) have been scanned
Scan process 'pcsws.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'pcscm.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'pcsws.exe' - '1' Module(s) have been scanned
Scan process 'SafeCfg.exe' - '1' Module(s) have been scanned
Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned
Scan process 'Z-SANService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'gearsec.exe' - '1' Module(s) have been scanned
Scan process 'EACSvrMngr.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IreIKE.exe' - '1' Module(s) have been scanned
Scan process 'IPSecMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Master boot sector HD2
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le volume ne contient pas de système de fichiers connu. Vérifiez si tous les pilotes de système
de fichiers nécessaires sont chargés et si le volume n'est pas endommagé.



End of the scan: mardi 6 novembre 2007 13:07
Used time: 3:46:02 min

The scan has been done completely.

5747 Scanning directories
310734 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
310734 Files not concerned
6800 Archives were scanned
2 Warnings
6 Notes
26982 Objects were scanned with rootkit scan
0 Hidden objects were found

Quel est ton FAI ?

wanadoo, pourquoi ?

Il y a parfois des problèmes de MaJ entre les deux.
Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 15:40 , on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Equant\Dialer\Safenet\IPSecMon.exe
C:\Program Files\Equant\Dialer\Safenet\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Program Files\a-squared Free\a2free.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
O4 - Startup: Raccourci vers APLUS.lnk = ?
O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EED0678-28EE-494A-9E9E-91C392530A9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFB8148-DB58-4958-B9B1-DBDA6F49A41E}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: 217C327C - Unknown owner - C:\WINDOWS\system32\217C327C.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Program Files\Equant\Dialer\EACSys.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Equant\Dialer\Safenet\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Equant\Dialer\Safenet\IreIKE.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

Analyse ce fichier (C:\WINDOWS\system32\217C327C.exe) sur VirusTotal puis poste le rapport.

Fichier 217C327C.exe reçu le 2007.11.06 15:59:45 (CET)
Résultat: 0/32 (0%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.7.0 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 -
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 -
AVG 7.5.0.503 2007.11.06 -
BitDefender 7.2 2007.11.06 -
CAT-QuickHeal 9.00 2007.11.06 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 -
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 -
Microsoft 1.3007 2007.11.06 -
NOD32v2 2640 2007.11.06 -
Norman 5.80.02 2007.11.06 -
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.06 -
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.05 -
Information additionnelle
File size: 6656 bytes
MD5: 2d2cfd52b636a3acdd036b74e55b9a7a
SHA1: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9

Tu as les mêmes problèmes ?

Non j'ai maintenant un antivirus, mais par contre spybot ne s'installe pas car dans le repertoire C:\Documents and Settings\All Users\Application Data tous les repertoires sont en "acces refusé" impossible de supprimer Spybot en entier
De plus le mode sans echec ne fonctionne toujours pas
Merci de me venir en aide !

Tu as essayé en sans échec ?

Je n'ai plus acces au mode sans echec
Le pc tourne dans le vide pendant 5 mn

Quel est l'emplacement du dossier ?

J'ai enfin pu faire un mode sans echec, et là aussi impossible de supprimer ce repertoire de spybot :
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

Tu as essayé avec UnLocker ?

Oui AngelDark j'ai essayé avec Unlocker mais rien y fait ni l'effacer, ni le déplacer, ni le renommer...
Il me propose aussi d'effectuer l'action après le redémarrage de la machine mais rien y fait !

C'est vraiment si grave ?

Ben disons que j'ai pas spybot car il considere que le repertoire existe déjà donc pas possisble de le réinstaller

Re,

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

Super il m'a déplacé le repertoire et tous les autres repertoires qui voulaient pas s'ouvrir, car ils étaient en acces refusé, s'ouvrent maintenant
Merci AngelDark

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy moved successfully.

Created on 11/06/2007 22:49:23

C'est ok ?

Fausses joies le rapport du dessus est de ma seconde machine qui est bonne
Celui de celle ci est le suivant :
Folder move failed. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy scheduled to be moved on reboot.

Created on 11/07/2007 10:35:33
Meme après reboot pas de dépalcement du dossier
Que puis je faire ?

Je sais pas  

Probleme de Dossier Spybot Acces Refusé résolu
http://www.infos-du-net.com/forum/92122-10-documents-an...
Merci a toi et a tous les Helpers du Site
Longue vie au Site Infos du Net

Bon surf.