Problème avec le Win32 [Résolu]
Forum Sécurité - Virus : Problème avec le Win32 [Résolu]
Bonjour,
Qaund je click pour démarrer mon antivirus j'ai un message qui s'affiche et qui me dit que C:\Program Files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide.
Qu'est que je dois faire svp
Merci d'avance.
Message édité par Xtrem2811 le 17-02-2008 à 22:16:57
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combo-fix (sUBs) sur ton Bureau.
- Double clique sur combo-fix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
Re,
voici le rapport de ComboFix :
ComboFix 08-02-15.1 - Mi©K 2008-02-17 13:41:42.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.604 [GMT 1:00]
Endroit: C:\Documents and Settings\Mi©K\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\100453.exe
C:\WINDOWS\system32\drivers\down\101343.exe
C:\WINDOWS\system32\drivers\down\101671.exe
C:\WINDOWS\system32\drivers\down\102171.exe
C:\WINDOWS\system32\drivers\down\103109.exe
C:\WINDOWS\system32\drivers\down\103156.exe
C:\WINDOWS\system32\drivers\down\103484.exe
C:\WINDOWS\system32\drivers\down\103609.exe
C:\WINDOWS\system32\drivers\down\104015.exe
C:\WINDOWS\system32\drivers\down\104734.exe
C:\WINDOWS\system32\drivers\down\105890.exe
C:\WINDOWS\system32\drivers\down\106296.exe
C:\WINDOWS\system32\drivers\down\107859.exe
C:\WINDOWS\system32\drivers\down\108875.exe
C:\WINDOWS\system32\drivers\down\110078.exe
C:\WINDOWS\system32\drivers\down\111031.exe
C:\WINDOWS\system32\drivers\down\111515.exe
C:\WINDOWS\system32\drivers\down\111593.exe
C:\WINDOWS\system32\drivers\down\112531.exe
C:\WINDOWS\system32\drivers\down\112828.exe
C:\WINDOWS\system32\drivers\down\113218.exe
C:\WINDOWS\system32\drivers\down\114828.exe
C:\WINDOWS\system32\drivers\down\115437.exe
C:\WINDOWS\system32\drivers\down\115875.exe
C:\WINDOWS\system32\drivers\down\116500.exe
C:\WINDOWS\system32\drivers\down\117234.exe
C:\WINDOWS\system32\drivers\down\118296.exe
C:\WINDOWS\system32\drivers\down\118968.exe
C:\WINDOWS\system32\drivers\down\120468.exe
C:\WINDOWS\system32\drivers\down\120640.exe
C:\WINDOWS\system32\drivers\down\120734.exe
C:\WINDOWS\system32\drivers\down\121140.exe
C:\WINDOWS\system32\drivers\down\121531.exe
C:\WINDOWS\system32\drivers\down\122812.exe
C:\WINDOWS\system32\drivers\down\123281.exe
C:\WINDOWS\system32\drivers\down\123343.exe
C:\WINDOWS\system32\drivers\down\123734.exe
C:\WINDOWS\system32\drivers\down\123953.exe
C:\WINDOWS\system32\drivers\down\124484.exe
C:\WINDOWS\system32\drivers\down\125593.exe
C:\WINDOWS\system32\drivers\down\126218.exe
C:\WINDOWS\system32\drivers\down\126250.exe
C:\WINDOWS\system32\drivers\down\126281.exe
C:\WINDOWS\system32\drivers\down\126703.exe
C:\WINDOWS\system32\drivers\down\126984.exe
C:\WINDOWS\system32\drivers\down\127234.exe
C:\WINDOWS\system32\drivers\down\128241875.exe
C:\WINDOWS\system32\drivers\down\128734.exe
C:\WINDOWS\system32\drivers\down\129671.exe
C:\WINDOWS\system32\drivers\down\130546.exe
C:\WINDOWS\system32\drivers\down\131125.exe
C:\WINDOWS\system32\drivers\down\132171.exe
C:\WINDOWS\system32\drivers\down\132390.exe
C:\WINDOWS\system32\drivers\down\133843.exe
C:\WINDOWS\system32\drivers\down\134250.exe
C:\WINDOWS\system32\drivers\down\134781.exe
C:\WINDOWS\system32\drivers\down\135312.exe
C:\WINDOWS\system32\drivers\down\136390.exe
C:\WINDOWS\system32\drivers\down\136484.exe
C:\WINDOWS\system32\drivers\down\138078.exe
C:\WINDOWS\system32\drivers\down\138515.exe
C:\WINDOWS\system32\drivers\down\139546.exe
C:\WINDOWS\system32\drivers\down\139750.exe
C:\WINDOWS\system32\drivers\down\141375.exe
C:\WINDOWS\system32\drivers\down\143156.exe
C:\WINDOWS\system32\drivers\down\143218.exe
C:\WINDOWS\system32\drivers\down\145296.exe
C:\WINDOWS\system32\drivers\down\145359.exe
C:\WINDOWS\system32\drivers\down\146406.exe
C:\WINDOWS\system32\drivers\down\14679015.exe
C:\WINDOWS\system32\drivers\down\14691890.exe
C:\WINDOWS\system32\drivers\down\14694906.exe
C:\WINDOWS\system32\drivers\down\146968.exe
C:\WINDOWS\system32\drivers\down\14712968.exe
C:\WINDOWS\system32\drivers\down\14712984.exe
C:\WINDOWS\system32\drivers\down\14717656.exe
C:\WINDOWS\system32\drivers\down\14719390.exe
C:\WINDOWS\system32\drivers\down\14721765.exe
C:\WINDOWS\system32\drivers\down\14723656.exe
C:\WINDOWS\system32\drivers\down\14733625.exe
C:\WINDOWS\system32\drivers\down\14736078.exe
C:\WINDOWS\system32\drivers\down\14736984.exe
C:\WINDOWS\system32\drivers\down\14737156.exe
C:\WINDOWS\system32\drivers\down\14737390.exe
C:\WINDOWS\system32\drivers\down\14739609.exe
C:\WINDOWS\system32\drivers\down\14740984.exe
C:\WINDOWS\system32\drivers\down\147515.exe
C:\WINDOWS\system32\drivers\down\14767734.exe
C:\WINDOWS\system32\drivers\down\14770328.exe
C:\WINDOWS\system32\drivers\down\149703.exe
C:\WINDOWS\system32\drivers\down\150812.exe
C:\WINDOWS\system32\drivers\down\151593.exe
C:\WINDOWS\system32\drivers\down\151984.exe
C:\WINDOWS\system32\drivers\down\153734.exe
C:\WINDOWS\system32\drivers\down\158218.exe
C:\WINDOWS\system32\drivers\down\160859.exe
C:\WINDOWS\system32\drivers\down\161671.exe
C:\WINDOWS\system32\drivers\down\163718.exe
C:\WINDOWS\system32\drivers\down\166953.exe
C:\WINDOWS\system32\drivers\down\171343.exe
C:\WINDOWS\system32\drivers\down\171515.exe
C:\WINDOWS\system32\drivers\down\172015.exe
C:\WINDOWS\system32\drivers\down\179109.exe
C:\WINDOWS\system32\drivers\down\187765.exe
C:\WINDOWS\system32\drivers\down\190265.exe
C:\WINDOWS\system32\drivers\down\195515.exe
C:\WINDOWS\system32\drivers\down\201125.exe
C:\WINDOWS\system32\drivers\down\201921.exe
C:\WINDOWS\system32\drivers\down\203343.exe
C:\WINDOWS\system32\drivers\down\206031.exe
C:\WINDOWS\system32\drivers\down\206546.exe
C:\WINDOWS\system32\drivers\down\208359.exe
C:\WINDOWS\system32\drivers\down\208796.exe
C:\WINDOWS\system32\drivers\down\209484.exe
C:\WINDOWS\system32\drivers\down\213296.exe
C:\WINDOWS\system32\drivers\down\215312.exe
C:\WINDOWS\system32\drivers\down\215328.exe
C:\WINDOWS\system32\drivers\down\220203.exe
C:\WINDOWS\system32\drivers\down\250062.exe
C:\WINDOWS\system32\drivers\down\255718.exe
C:\WINDOWS\system32\drivers\down\29179546.exe
C:\WINDOWS\system32\drivers\down\29189375.exe
C:\WINDOWS\system32\drivers\down\29192578.exe
C:\WINDOWS\system32\drivers\down\29206265.exe
C:\WINDOWS\system32\drivers\down\29206281.exe
C:\WINDOWS\system32\drivers\down\29210625.exe
C:\WINDOWS\system32\drivers\down\29212031.exe
C:\WINDOWS\system32\drivers\down\29213640.exe
C:\WINDOWS\system32\drivers\down\29215734.exe
C:\WINDOWS\system32\drivers\down\29220296.exe
C:\WINDOWS\system32\drivers\down\29222546.exe
C:\WINDOWS\system32\drivers\down\29222750.exe
C:\WINDOWS\system32\drivers\down\29223093.exe
C:\WINDOWS\system32\drivers\down\29223531.exe
C:\WINDOWS\system32\drivers\down\29224937.exe
C:\WINDOWS\system32\drivers\down\29226187.exe
C:\WINDOWS\system32\drivers\down\29252281.exe
C:\WINDOWS\system32\drivers\down\29254156.exe
C:\WINDOWS\system32\drivers\down\43663328.exe
C:\WINDOWS\system32\drivers\down\43665312.exe
C:\WINDOWS\system32\drivers\down\43667171.exe
C:\WINDOWS\system32\drivers\down\43670968.exe
C:\WINDOWS\system32\drivers\down\43684156.exe
C:\WINDOWS\system32\drivers\down\43684656.exe
C:\WINDOWS\system32\drivers\down\43688593.exe
C:\WINDOWS\system32\drivers\down\43690234.exe
C:\WINDOWS\system32\drivers\down\43691734.exe
C:\WINDOWS\system32\drivers\down\43695796.exe
C:\WINDOWS\system32\drivers\down\43701203.exe
C:\WINDOWS\system32\drivers\down\43703687.exe
C:\WINDOWS\system32\drivers\down\43704734.exe
C:\WINDOWS\system32\drivers\down\43705125.exe
C:\WINDOWS\system32\drivers\down\43705515.exe
C:\WINDOWS\system32\drivers\down\43707156.exe
C:\WINDOWS\system32\drivers\down\43711593.exe
C:\WINDOWS\system32\drivers\down\43737890.exe
C:\WINDOWS\system32\drivers\down\43739921.exe
C:\WINDOWS\system32\drivers\down\54984.exe
C:\WINDOWS\system32\drivers\down\55031.exe
C:\WINDOWS\system32\drivers\down\58152484.exe
C:\WINDOWS\system32\drivers\down\58168125.exe
C:\WINDOWS\system32\drivers\down\58171296.exe
C:\WINDOWS\system32\drivers\down\58189562.exe
C:\WINDOWS\system32\drivers\down\58189578.exe
C:\WINDOWS\system32\drivers\down\58192984.exe
C:\WINDOWS\system32\drivers\down\58194296.exe
C:\WINDOWS\system32\drivers\down\58199078.exe
C:\WINDOWS\system32\drivers\down\58203703.exe
C:\WINDOWS\system32\drivers\down\58208875.exe
C:\WINDOWS\system32\drivers\down\58211109.exe
C:\WINDOWS\system32\drivers\down\58213187.exe
C:\WINDOWS\system32\drivers\down\58213500.exe
C:\WINDOWS\system32\drivers\down\58213906.exe
C:\WINDOWS\system32\drivers\down\58215578.exe
C:\WINDOWS\system32\drivers\down\58216859.exe
C:\WINDOWS\system32\drivers\down\58243125.exe
C:\WINDOWS\system32\drivers\down\58245968.exe
C:\WINDOWS\system32\drivers\down\59171.exe
C:\WINDOWS\system32\drivers\down\61656.exe
C:\WINDOWS\system32\drivers\down\62593.exe
C:\WINDOWS\system32\drivers\down\62812.exe
C:\WINDOWS\system32\drivers\down\63718.exe
C:\WINDOWS\system32\drivers\down\65109.exe
C:\WINDOWS\system32\drivers\down\68078.exe
C:\WINDOWS\system32\drivers\down\69796.exe
C:\WINDOWS\system32\drivers\down\72218.exe
C:\WINDOWS\system32\drivers\down\72781.exe
C:\WINDOWS\system32\drivers\down\73453.exe
C:\WINDOWS\system32\drivers\down\74968.exe
C:\WINDOWS\system32\drivers\down\75468.exe
C:\WINDOWS\system32\drivers\down\77328.exe
C:\WINDOWS\system32\drivers\down\77828.exe
C:\WINDOWS\system32\drivers\down\78750.exe
C:\WINDOWS\system32\drivers\down\78796.exe
C:\WINDOWS\system32\drivers\down\79812.exe
C:\WINDOWS\system32\drivers\down\80078.exe
C:\WINDOWS\system32\drivers\down\84718.exe
C:\WINDOWS\system32\drivers\down\85000.exe
C:\WINDOWS\system32\drivers\down\85171.exe
C:\WINDOWS\system32\drivers\down\86203.exe
C:\WINDOWS\system32\drivers\down\86718.exe
C:\WINDOWS\system32\drivers\down\86937.exe
C:\WINDOWS\system32\drivers\down\88750.exe
C:\WINDOWS\system32\drivers\down\89906.exe
C:\WINDOWS\system32\drivers\down\90875.exe
C:\WINDOWS\system32\drivers\down\92109.exe
C:\WINDOWS\system32\drivers\down\92609.exe
C:\WINDOWS\system32\drivers\down\94250.exe
C:\WINDOWS\system32\drivers\down\94750.exe
C:\WINDOWS\system32\drivers\down\94953.exe
C:\WINDOWS\system32\drivers\down\96390.exe
C:\WINDOWS\system32\drivers\down\96593.exe
C:\WINDOWS\system32\drivers\down\97343.exe
C:\WINDOWS\system32\drivers\down\98062.exe
C:\WINDOWS\system32\drivers\down\98640.exe
C:\WINDOWS\system32\drivers\down\99359.exe
C:\WINDOWS\system32\drivers\down\99406.exe
C:\WINDOWS\system32\drivers\down\99921.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 13:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 13:39 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 13:39 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 13:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 13:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 13:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 13:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 12:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 12:30 . 2008-02-17 12:30 <REP> d-------- C:\WINDOWS\Sun
2008-02-17 12:08 . 2008-02-17 12:42 <REP> d-------- C:\Program Files\Java
2008-02-17 12:07 . 2008-02-17 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-17 11:45 . 2008-02-17 11:48 <REP> d-------- C:\Program Files\LClock
2008-02-15 16:08 . 2008-02-15 16:08 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Emjysoft
2008-02-14 17:42 . 2008-02-14 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft
2008-02-14 17:39 . 2008-02-14 17:39 <REP> d-------- C:\Program Files\Emjysoft
2008-02-13 20:56 . 2008-02-13 20:57 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-13 17:41 . 2008-02-13 17:41 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-13 16:06 . 2008-02-13 16:06 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-02-13 16:06 . 2008-02-13 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 16:06 . 2008-02-13 16:27 59,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-13 16:06 . 2008-02-13 16:27 4,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-13 16:06 . 2008-02-13 16:27 3,860 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-13 16:06 . 2008-02-13 16:27 1,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-13 14:35 . 2008-02-13 14:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-13 14:01 . 2006-03-02 13:00 428,032 --a------ C:\kmd.exe
2008-02-10 14:10 . 2008-02-10 14:10 <REP> d-------- C:\Program Files\id Software
2008-02-10 11:38 . 2008-02-10 11:38 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-10 11:09 . 2008-02-10 11:09 319 --a------ C:\WINDOWS\game.ini
2008-02-10 11:05 . 2008-02-10 11:05 <REP> d-------- C:\Program Files\Activision
2008-02-10 10:37 . 2007-08-14 23:16 1,335,296 --a------ C:\WINDOWS\system32\msxml6.dll
2008-02-10 10:37 . 2007-08-14 23:16 2,048 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-02-10 10:36 . 2008-02-10 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VadeRetro
2008-02-10 10:36 . 1999-02-22 16:46 148,992 --a------ C:\WINDOWS\UNWISE.EXE
2008-02-10 10:36 . 1998-12-23 08:19 5,891 --a------ C:\WINDOWS\UNWISE.INI
2008-02-04 20:22 . 2008-02-04 20:22 <REP> d-------- C:\WINDOWS\Mozilla
2008-02-03 17:49 . 2008-02-13 17:37 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-03 17:49 . 2008-02-10 13:48 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-03 14:35 . 2008-02-03 14:35 <REP> d-------- C:\Fichier texte
2008-02-03 13:37 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-03 12:01 . 2008-02-03 12:03 <REP> d-------- C:\Program Files\Serious Sam 2
2008-02-02 15:11 . 2008-02-02 15:11 <REP> d-------- C:\Program Files\Lavasoft
2008-02-02 15:11 . 2008-02-02 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 15:09 . 2008-02-02 15:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-30 17:20 . 2008-01-30 17:20 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-30 17:20 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-30 17:20 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-01-30 17:20 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-30 17:20 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-30 17:20 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-30 17:20 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-01-30 17:20 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-01-30 17:20 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-30 17:20 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-30 17:20 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-26 19:45 . 2008-01-26 19:46 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Winamp
2008-01-26 19:45 . 2008-01-26 19:45 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\MiniLyrics
2008-01-25 18:08 . 2008-01-25 18:08 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-01-25 18:07 . 2008-01-25 18:07 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-25 18:07 . 2008-01-25 18:07 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-25 16:57 . 2008-02-13 17:15 <REP> d-------- C:\Documents and Settings\Alexis\Contacts
2008-01-24 21:17 . 2008-01-24 21:19 <REP> d-------- C:\Program Files\TVAnts
2008-01-23 17:10 . 2008-01-06 12:45 <REP> d--h----- C:\Documents and Settings\Alexis\Voisinage r‚seau
2008-01-23 17:10 . 2008-01-06 12:45 <REP> d--h----- C:\Documents and Settings\Alexis\Voisinage d'impression
2008-01-23 17:10 . 2008-01-06 12:37 <REP> d--h----- C:\Documents and Settings\Alexis\ModŠles
2008-01-23 17:10 . 2008-02-13 17:47 <REP> d---s---- C:\Documents and Settings\Alexis\Mes documents
2008-01-23 17:10 . 2008-01-06 12:45 <REP> dr------- C:\Documents and Settings\Alexis\Menu D‚marrer
2008-01-23 17:10 . 2008-01-23 17:10 <REP> d---s---- C:\Documents and Settings\Alexis\Favoris
2008-01-23 17:10 . 2008-02-13 17:21 <REP> d-------- C:\Documents and Settings\Alexis\Bureau
2008-01-22 20:23 . 2008-01-22 20:23 <REP> d-------- C:\Program Files\Everest Ultimate Edition 2007
2008-01-22 20:22 . 2008-01-22 20:22 <REP> d-------- C:\Program Files\Lavalys
2008-01-20 18:34 . 2008-01-20 18:36 <REP> d-------- C:\WINDOWS\NV3348528.TMP
2008-01-20 18:34 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-20 18:33 . 2008-01-21 20:00 <REP> dr------- C:\NVIDIA
2008-01-20 18:26 . 2008-01-20 18:28 <REP> d-------- C:\Program Files\PhotoFiltre
2008-01-20 18:25 . 2004-10-08 11:59 326,656 --a------ C:\WINDOWS\system32\drivers\Camdrl.sys
2008-01-20 18:10 . 2008-01-20 18:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-01-20 18:10 . 2008-01-20 18:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-20 18:10 . 2008-01-20 18:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 12:38 --------- d-----r C:\Program Files\Alwil Software
2008-02-17 12:35 942,080 ----a-w C:\Program Files\Scanner.exe
2008-02-13 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-13 17:09 9,729 ----a-w C:\Program Files\hijackthis.log
2008-02-10 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 19:36 --------- d-----w C:\Program Files\Lyrics
2008-02-03 17:14 --------- d-----w C:\Program Files\Steam
2008-02-02 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-22 08:55 --------- d-----r C:\Program Files\Mozilla Thunderbird
2008-01-21 18:58 --------- d-----r C:\Program Files\Intel
2008-01-20 17:24 --------- d-----r C:\Program Files\Logitech
2008-01-16 18:52 --------- d-----w C:\Program Files\Veoh Networks
2008-01-16 14:03 --------- d-----w C:\Program Files\BitTorrent
2008-01-16 14:02 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-01-16 13:57 --------- d-----w C:\Program Files\DivX
2008-01-15 17:58 --------- d-----w C:\Program Files\QuickTime
2008-01-15 17:57 --------- d-----w C:\Program Files\Apple Software Update
2008-01-15 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-13 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-01-13 17:19 --------- d-----r C:\Program Files\Yahoo!
2008-01-13 17:06 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2008-01-13 17:04 --------- d-----w C:\Program Files\Common Files
2008-01-13 16:55 --------- d-----w C:\Program Files\Samsung
2008-01-10 19:38 --------- d-----w C:\Program Files\StuffPlug3
2008-01-10 17:46 --------- d-----w C:\Program Files\Microsoft Works
2008-01-10 17:45 --------- d-----w C:\Program Files\MSBuild
2008-01-09 14:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-01-09 14:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-09 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-08 19:24 --------- d-----w C:\Program Files\Nero
2008-01-08 19:24 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-01-07 18:35 --------- d-----w C:\Program Files\Dofus
2008-01-07 17:48 --------- d-----r C:\Program Files\Windows Live
2008-01-07 13:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-07 13:38 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-06 17:42 --------- d-----w C:\Program Files\KONAMI
2008-01-06 16:57 --------- d-----w C:\Program Files\Fichiers communs\FotoWire
2008-01-06 16:56 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-01-06 16:55 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-01-06 16:43 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-06 16:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-06 16:41 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-06 16:36 128 --sha-w C:\Program Files\desktop.ini
2008-01-06 16:36 --------- d-----w C:\Program Files\CaptEcran
2008-01-06 16:30 --------- d-----w C:\Program Files\Sony
2008-01-06 16:29 --------- d-----r C:\Program Files\OVAO
2008-01-06 15:42 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-06 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-06 15:26 --------- d-----w C:\Program Files\Minilyrics
2008-01-06 15:11 --------- d-----r C:\Program Files\Winamp
2008-01-06 15:05 --------- d-----w C:\Program Files\ma-config.com
2008-01-06 14:52 --------- d-----w C:\Program Files\AdVantage
2008-01-06 14:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-06 14:43 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-06 14:42 128 --sha-w C:\Program Files\Fichiers communs\desktop.ini
2008-01-06 14:42 --------- d-----r C:\Program Files\Winamp Remote
2008-01-06 14:42 --------- d-----r C:\Program Files\Webteh
2008-01-06 14:42 --------- d-----r C:\Program Files\Wanadoo
2008-01-06 14:42 --------- d-----r C:\Program Files\VideoLAN
2008-01-06 14:42 --------- d-----r C:\Program Files\Stardock
2008-01-06 14:42 --------- d-----r C:\Program Files\SAGEM
2008-01-06 14:42 --------- d-----r C:\Program Files\Realtek
2008-01-06 14:42 --------- d-----r C:\Program Files\My Company Name
2008-01-06 14:42 --------- d-----r C:\Program Files\microsoft frontpage
2008-01-06 14:42 --------- d-----r C:\Program Files\Messenger Plus! Live
2008-01-06 14:42 --------- d-----r C:\Program Files\GameFace Messenger
2008-01-06 14:42 --------- d-----r C:\Program Files\CCleaner
2008-01-06 14:42 --------- d-----r C:\Program Files\Attansic
2008-01-06 14:42 --------- d-----r C:\Program Files\ASUS
2008-01-06 14:39 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2008-01-06 14:26 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-01-06 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-01-06 13:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-06 13:34 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-06 12:28 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-06 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 11:53 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-06 11:53 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-06 11:46 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2008-01-06 11:46 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2008-01-06 11:40 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-06-07 08:14 165,888 ----a-w C:\Program Files\ToYcon.exe
2004-03-11 15:32 439,296 ----a-w C:\Program Files\JADgen.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-05-17 12:11 5729136]
"tr_winamp"="C:\Program Files\Winamp\winamp.exe" [2007-12-20 16:17 1327616]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 19:27 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-06 16:42 190024]
"Emjysoft_Anti-spam"="C:\Program Files\Emjysoft\Anti-Spam\antispam.exe" [2007-05-10 16:29 1049088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-17 13:43 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnmmj]
nnnnmmj.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2007-06-28 15:19 880080 C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 04:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2006-08-18 18:58 1081344 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
--a------ 2006-08-02 16:06 2048000 C:\Program Files\GameFace Messenger\GameFace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-01-06 17:55 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2002-11-08 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 02:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-08-01 05:10 16049664 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-01-10 20:26 1266936 c:\program files\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VadeRetro Outlook]
C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VadeRetro Outlook Express & Windows Mail]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_Oe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMAAD]
--a------ 2007-02-16 18:41 110592 C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-27 22:28]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 20:16]
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-31 20:51:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-06 16:46:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1199637940.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 13:45:56
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-17 13:48:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 12:48:44
ComboFix2.txt 2008-02-13 16:55:29
ComboFix3.txt 2008-02-13 14:38:49
.
2008-02-13 19:58:12 --- E O F ---
Qu'est que je dois faire maintenant s'il vous plait ?
Voici un log hijackthis au cas où vous en auriez besoin :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Emjysoft\Anti-Spam\antispam.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Mi©K\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Emjysoft_Anti-spam] C:\Program Files\Emjysoft\Anti-Spam\antispam.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [tr_winamp] C:\Program Files\Winamp\winamp.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 9624044890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - Winlogon Notify: nnnnmmj - nnnnmmj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10102 bytes
Un peu de patience ?
Supprime ta version de Combofix puis recommence avec la version suivante :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Répondre à Angeldark
Désolé.
Voici le nouveau rapport combofix :
ComboFix 08-02-17.2 - Mi©K 2008-02-17 16:32:53.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.459 [GMT 1:00]
Endroit: C:\Documents and Settings\Mi©K\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 14:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 14:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 14:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 14:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 14:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 14:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 14:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 13:33 . 2007-06-28 14:36 401,720 --a------ C:\Program Files\HijackThis.exe
2008-02-17 12:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 12:30 . 2008-02-17 12:30 <REP> d-------- C:\WINDOWS\Sun
2008-02-17 12:08 . 2008-02-17 12:42 <REP> d-------- C:\Program Files\Java
2008-02-17 12:07 . 2008-02-17 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-17 11:45 . 2008-02-17 11:48 <REP> d-------- C:\Program Files\LClock
2008-02-15 16:08 . 2008-02-15 16:08 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Emjysoft
2008-02-14 17:42 . 2008-02-14 17:42 <REP> d-------- C:\Documents and Settings\Mi©K\Application Data\Emjysoft
2008-02-14 17:42 . 2008-02-14 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft
2008-02-14 17:39 . 2008-02-14 17:39 <REP> d-------- C:\Program Files\Emjysoft
2008-02-13 17:41 . 2008-02-13 17:41 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-13 16:06 . 2008-02-13 16:06 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-02-13 16:06 . 2008-02-13 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 16:06 . 2008-02-13 16:27 59,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-13 16:06 . 2008-02-13 16:27 4,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-13 16:06 . 2008-02-13 16:27 3,860 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-13 16:06 . 2008-02-13 16:27 1,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-13 14:35 . 2008-02-13 14:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-10 14:10 . 2008-02-10 14:10 <REP> d-------- C:\Program Files\id Software
2008-02-10 11:38 . 2008-02-10 11:38 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-02-10 11:09 . 2008-02-10 11:09 319 --a------ C:\WINDOWS\game.ini
2008-02-10 11:05 . 2008-02-10 11:05 <REP> d-------- C:\Program Files\Activision
2008-02-10 10:37 . 2008-02-10 10:37 <REP> d-------- C:\Documents and Settings\Mi©K\Application Data\VadeRetro
2008-02-10 10:37 . 2007-08-14 23:16 1,335,296 --a------ C:\WINDOWS\system32\msxml6.dll
2008-02-10 10:37 . 2007-08-14 23:16 2,048 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-02-10 10:36 . 2008-02-10 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VadeRetro
2008-02-10 10:36 . 1999-02-22 16:46 148,992 --a------ C:\WINDOWS\UNWISE.EXE
2008-02-10 10:36 . 1998-12-23 08:19 5,891 --a------ C:\WINDOWS\UNWISE.INI
2008-02-04 20:22 . 2008-02-04 20:22 <REP> d-------- C:\WINDOWS\Mozilla
2008-02-04 20:22 . 2008-02-04 20:22 <REP> d-------- C:\Documents and Settings\Mi©K\Application Data\fltk.org
2008-02-03 17:49 . 2008-02-13 17:37 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-03 17:49 . 2008-02-10 13:48 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-03 14:35 . 2008-02-03 14:35 <REP> d-------- C:\Fichier texte
2008-02-03 13:37 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-03 12:01 . 2008-02-03 12:03 <REP> d-------- C:\Program Files\Serious Sam 2
2008-02-02 15:11 . 2008-02-02 15:11 <REP> d-------- C:\Program Files\Lavasoft
2008-02-02 15:11 . 2008-02-02 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 15:09 . 2008-02-02 15:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-30 17:20 . 2008-01-30 17:20 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-30 17:20 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-30 17:20 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-01-30 17:20 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-30 17:20 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-30 17:20 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-30 17:20 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-01-30 17:20 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-01-30 17:20 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-30 17:20 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-30 17:20 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-26 19:45 . 2008-01-26 19:46 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Winamp
2008-01-26 19:45 . 2008-01-26 19:45 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\MiniLyrics
2008-01-25 18:08 . 2008-01-25 18:08 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-01-25 18:07 . 2008-01-25 18:07 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-25 18:07 . 2008-01-25 18:07 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-25 16:57 . 2008-02-13 17:15 <REP> d-------- C:\Documents and Settings\Alexis\Contacts
2008-01-24 21:17 . 2008-01-24 21:19 <REP> d-------- C:\Program Files\TVAnts
2008-01-23 17:10 . 2008-01-06 12:45 <REP> d--h----- C:\Documents and Settings\Alexis\Voisinage réseau
2008-01-23 17:10 . 2008-01-06 12:45 <REP> d--h----- C:\Documents and Settings\Alexis\Voisinage d'impression
2008-01-23 17:10 . 2008-01-06 12:37 <REP> d--h----- C:\Documents and Settings\Alexis\Modèles
2008-01-23 17:10 . 2008-02-13 17:47 <REP> d---s---- C:\Documents and Settings\Alexis\Mes documents
2008-01-23 17:10 . 2008-01-06 12:45 <REP> dr------- C:\Documents and Settings\Alexis\Menu Démarrer
2008-01-23 17:10 . 2008-01-23 17:10 <REP> d---s---- C:\Documents and Settings\Alexis\Favoris
2008-01-23 17:10 . 2008-02-13 17:21 <REP> d-------- C:\Documents and Settings\Alexis\Bureau
2008-01-22 20:23 . 2008-01-22 20:23 <REP> d-------- C:\Program Files\Everest Ultimate Edition 2007
2008-01-22 20:22 . 2008-01-22 20:22 <REP> d-------- C:\Program Files\Lavalys
2008-01-20 18:34 . 2008-01-20 18:36 <REP> d-------- C:\WINDOWS\NV3348528.TMP
2008-01-20 18:34 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-20 18:33 . 2008-01-21 20:00 <REP> dr------- C:\NVIDIA
2008-01-20 18:26 . 2008-01-20 18:28 <REP> d-------- C:\Program Files\PhotoFiltre
2008-01-20 18:25 . 2004-10-08 11:59 326,656 --a------ C:\WINDOWS\system32\drivers\Camdrl.sys
2008-01-20 18:10 . 2008-01-20 18:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-01-20 18:10 . 2008-01-20 18:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-20 18:10 . 2008-01-20 18:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 13:53 --------- d-----r C:\Program Files\Alwil Software
2008-02-14 17:39 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\MiniLyrics
2008-02-13 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-13 17:09 9,729 ----a-w C:\Program Files\hijackthis.log
2008-02-10 12:14 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\ma-config.com
2008-02-10 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 19:36 --------- d-----w C:\Program Files\Lyrics
2008-02-03 17:14 --------- d-----w C:\Program Files\Steam
2008-02-02 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-22 19:53 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\BitTorrent DNA
2008-01-22 08:55 --------- d-----r C:\Program Files\Mozilla Thunderbird
2008-01-21 18:58 --------- d-----r C:\Program Files\Intel
2008-01-20 17:24 --------- d-----r C:\Program Files\Logitech
2008-01-16 18:52 --------- d-----w C:\Program Files\Veoh Networks
2008-01-16 14:05 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\BitTorrent
2008-01-16 14:03 --------- d-----w C:\Program Files\BitTorrent
2008-01-16 14:02 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-01-16 13:57 --------- d-----w C:\Program Files\DivX
2008-01-15 19:47 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\Winamp
2008-01-15 17:59 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\Apple Computer
2008-01-15 17:58 --------- d-----w C:\Program Files\QuickTime
2008-01-15 17:57 --------- d-----w C:\Program Files\Apple Software Update
2008-01-15 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-13 17:36 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\Sony Corporation
2008-01-13 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-01-13 17:19 --------- d-----r C:\Program Files\Yahoo!
2008-01-13 17:06 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2008-01-13 17:04 --------- d-----w C:\Program Files\Common Files
2008-01-13 17:03 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\InstallShield
2008-01-13 16:55 --------- d-----w C:\Program Files\Samsung
2008-01-12 09:32 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\vlc
2008-01-10 19:38 --------- d-----w C:\Program Files\StuffPlug3
2008-01-10 17:46 --------- d-----w C:\Program Files\Microsoft Works
2008-01-10 17:45 --------- d-----w C:\Program Files\MSBuild
2008-01-09 15:22 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\AdobeUM
2008-01-09 14:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-01-09 14:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-09 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-08 19:26 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\Ahead
2008-01-08 19:24 --------- d-----w C:\Program Files\Nero
2008-01-08 19:24 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-01-07 18:35 --------- d-----w C:\Program Files\Dofus
2008-01-07 17:48 --------- d-----r C:\Program Files\Windows Live
2008-01-07 13:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-07 13:38 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-06 17:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-06 17:59 --------- d--h--r C:\Documents and Settings\Mi©K\Application Data\SecuROM
2008-01-06 17:42 --------- d-----w C:\Program Files\KONAMI
2008-01-06 17:38 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\DAEMON Tools
2008-01-06 16:57 --------- d-----w C:\Program Files\Fichiers communs\FotoWire
2008-01-06 16:57 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\FotoWire
2008-01-06 16:56 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-01-06 16:55 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-01-06 16:46 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\Hewlett-Packard
2008-01-06 16:43 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-06 16:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-06 16:41 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-06 16:36 128 --sha-w C:\Program Files\desktop.ini
2008-01-06 16:36 --------- d-----w C:\Program Files\CaptEcran
2008-01-06 16:32 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\BSplayer Pro
2008-01-06 16:30 --------- d-----w C:\Program Files\Sony
2008-01-06 16:29 --------- d-----r C:\Program Files\OVAO
2008-01-06 15:42 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-06 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-06 15:26 --------- d-----w C:\Program Files\Minilyrics
2008-01-06 15:11 --------- d-----r C:\Program Files\Winamp
2008-01-06 15:05 --------- d-----w C:\Program Files\ma-config.com
2008-01-06 14:52 --------- d-----w C:\Program Files\AdVantage
2008-01-06 14:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-06 14:43 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-06 14:39 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2008-01-06 14:26 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-01-06 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-01-06 13:58 --------- d-----w C:\Documents and Settings\Mi©K\Application Data\Thunderbird
2008-01-06 13:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-06 13:34 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-06 12:28 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-06 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 11:53 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-06 11:53 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-06 11:53 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-06-07 08:14 165,888 ----a-w C:\Program Files\ToYcon.exe
2006-06-22 23:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2004-03-11 15:32 439,296 ----a-w C:\Program Files\JADgen.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-05-17 12:11 5729136]
"tr_winamp"="C:\Program Files\Winamp\winamp.exe" [2007-12-20 16:17 1327616]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 19:27 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-06 16:42 190024]
"Emjysoft_Anti-spam"="C:\Program Files\Emjysoft\Anti-Spam\antispam.exe" [2007-05-10 16:29 1049088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 13:00 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
C:\Documents and Settings\Mi¸K\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-06 15:26:09 Mick 3450608]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnmmj]
nnnnmmj.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Mi©K^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Mi©K\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2007-06-28 15:19 880080 C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 04:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2006-08-18 18:58 1081344 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
--a------ 2006-08-02 16:06 2048000 C:\Program Files\GameFace Messenger\GameFace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-01-06 17:55 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2002-11-08 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 02:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-08-01 05:10 16049664 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-01-10 20:26 1266936 c:\program files\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VadeRetro Outlook]
C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VadeRetro Outlook Express & Windows Mail]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_Oe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMAAD]
--a------ 2007-02-16 18:41 110592 C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-27 22:28]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 20:16]
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-31 20:51:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-06 16:46:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1199637940.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 16:35:22
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\LClock\LC.dll
.
Temps d'accomplissement: 2008-02-17 16:36:00
ComboFix-quarantined-files.txt 2008-02-17 15:35:51
ComboFix2.txt 2008-02-17 12:48:47
ComboFix3.txt 2008-02-13 16:55:29
ComboFix4.txt 2008-02-13 14:38:49
.
2008-02-13 19:58:12 --- E O F ---
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
Re,
Antivir n'est pas en français ?
Avast l'était ...
Il est simple d'utilisation, tu as regardé l'aide ?
Répondre à Angeldark
Oui, je vais le garder je pense il a l'air efficace !
Là je suis en train de faire un scan. Je post le rapport juste après.
Est ce que Antivir comporte une protection résidente?
C'est à dire, imaginons je télécharge un fichier infecté est-ce-que Antivir va m'en avertir?
Oui bien sûr.
Répondre à Angeldark
Re,
Voici le rapport complet fait par antivir :
AntiVir PersonalEdition Classic
Report file date: 2008-02-17 17:32
Scanning for 1110678 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: COMPUTER
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 16:31:39
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 16:31:39
ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 2008-02-15 16:31:39
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-17 16:31:40
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-17 16:31:40
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-02-17 17:32
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'winamp.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'antispam.exe' - '1' Module(s) have been scanned
Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned
Scan process 'iTouch.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-02-13_175257.68.zip
[0] Archive type: ZIP
--> jkklk.dll
[DETECTION] Is the Trojan horse TR/Vundo.gc
--> snubejmr.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '482c68d2.qua'!
C:\QooBox\Quarantine\catchme2008-02-17_134549.54.zip
[0] Archive type: ZIP
--> srosa.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> wintems.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
--> mdelk.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '482c68d7.qua'!
C:\QooBox\Quarantine\C\Program Files\Fichiers communs\StorageProtector\strpmon.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '482a68ee.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\aeximwds.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '483068e1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fkgfxqun.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '481f68e9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkklk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '482368eb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lmpjxetp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '482868ef.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '481d68e8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\qomjhii.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '482568f5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\scredir32.dll.vir
[DETECTION] Is the Trojan horse TR/Hijacker.Gen
[INFO] The file was moved to '482a68ea.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\snubejmr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '482d68f7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
[INFO] The file was moved to '482668f6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '482668f8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\WinUpdating.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.fgk.1
[INFO] The file was moved to '482668fa.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '481c68ff.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14679015.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47ee68cc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29179546.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e968d6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43665312.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47ee68d3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\54984.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47f168d7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\55031.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e868da.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58152484.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e968e0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\61656.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47ee68db.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\62593.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47ed68de.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\65109.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e968e3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\69796.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47ef68e9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\72781.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47ef68e4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\79812.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47f068ed.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\96593.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47ed68ec.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP125\A0016069.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '47e868f0.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019123.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '47e868fc.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019125.dll
[DETECTION] Is the Trojan horse TR/Hijacker.Gen
[INFO] The file was moved to '47e868fe.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019126.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.cbo
[INFO] The file was moved to '47e86900.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019127.exe
[DETECTION] Is the Trojan horse TR/Agent.fgk.1
[INFO] The file was moved to '47e86902.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019129.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e86903.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019131.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '47e86905.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019133.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '47e86907.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019143.dll
[DETECTION] Is the Trojan horse TR/Vundo.gc
[INFO] The file was moved to '47e86908.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019145.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '47e8690a.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019155.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '47e8690c.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP127\A0019221.exe
[DETECTION] Is the Trojan horse TR/Pakes.bzo
[INFO] The file was moved to '47e86910.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP130\A0020440.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e86930.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP130\A0020517.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e86934.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP130\A0020520.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47e86936.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP130\A0020521.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47e86937.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP131\A0020650.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e8693d.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP132\A0020786.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e86942.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP132\A0020808.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e86944.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP132\A0020869.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e86947.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP132\A0020871.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47e86949.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP132\A0020873.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47e8694c.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP132\A0020891.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e8694d.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP132\A0021013.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e86950.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021101.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e86953.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021152.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e86955.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021171.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '46967d16.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021189.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e86956.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021190.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '46967d17.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021191.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e86957.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021210.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '46967d18.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021211.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e86958.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021214.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '46967d19.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021216.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '47e8695a.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021218.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '47e86959.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021226.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was moved to '46967d1a.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021243.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was moved to '46967d1b.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021264.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47e8695b.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021265.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '46967d1c.qua'!
C:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP133\A0021266.exe
[DETECTION] Is the Trojan horse TR/Killav.28714
[INFO] The file was moved to '47e8695d.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <LaCie>
D:\System Volume Information\_restore{E86B1AE6-54C7-4BFE-9FB6-D12520B61D19}\RP135\A0021700.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.duj.85 Backdoor server programs
[INFO] The file was moved to '47e8726d.qua'!
Begin scan in 'E:\' <Disque multimédia>
End of the scan: 2008-02-17 18:43
Used time: 1:11:15 min
The scan has been done completely.
10248 Scanning directories
498528 Files were scanned
72 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
69 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
498456 Files not concerned
3912 Archives were scanned
2 Warnings
2 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
Rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Emjysoft\Anti-Spam\antispam.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mi©K\Mes documents\emule0.47c-Xtreme5.4.1\emule.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Emjysoft_Anti-spam] C:\Program Files\Emjysoft\Anti-Spam\antispam.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [tr_winamp] C:\Program Files\Winamp\winamp.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 9624044890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - Winlogon Notify: nnnnmmj - nnnnmmj.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 9878 bytes
Tu as encore de soucis ?
Répondre à Angeldark
Non pour l'instant sa à l'air de tout bien aller 
Je te remercie pour ton aide 
Des questions ?
Répondre à Angeldark
Oui :
qu'est que je dois faire pour éviter de reprendre des virus ou des cheval de troie ?
Tout est indiqué ci-dessous
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
Re,
Voici le rapport de ToolsCleaner :
-->- Recherche:
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Mi©K\Mes documents\Z058_jpg spyware\ComboFix.exe: trouvé !
C:\Documents and Settings\Mi©K\Mes documents\Z058_jpg spyware\MsnFix: trouvé !
C:\Documents and Settings\Mi©K\Recent\MSNFix.lnk: trouvé !
C:\Program Files\ComboFix.exe: trouvé !
C:\Program Files\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Mi©K\Mes documents\Z058_jpg spyware\ComboFix.exe: supprimé !
C:\Documents and Settings\Mi©K\Recent\MSNFix.lnk: supprimé !
C:\Program Files\ComboFix.exe: supprimé !
C:\Program Files\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\Mi©K\Mes documents\Z058_jpg spyware\MsnFix: supprimé !
Bon surf
Répondre à Angeldark
Il y a 2549 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
