Votre question

Hyperinfection help

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Décembre 2008 13:48:53

Bonjour à tous,

Je me suis fais infecté hier soir. Je ne peux pas executer de .exe, car j'ai un message d'erreur me disant que le programme n'est pas un programme executable win32. En gros, je ne peux pas faire de scan hijacthis, ni faire un scan antivirus (qui d'ailleurs est désactivé, et je ne peux pas le remettre), et aucun programme se lance, à part internet, et encore j'ai eu du mal pour réussir à poster.

Je m'en remet à vous pour savoir ce qu'il faut faire.
merci d'avance

Autres pages sur : hyperinfection help

1 Décembre 2008 13:51:37

Bonjour ,
Tu as essayé d'executer le scan hijackthis en mode sans echec ??
1 Décembre 2008 15:14:59

Bonjour,

Oui, j'ai essayé de redemarrer le pc en mode sans échec. Mais surprise il redemarre automatiquement. J'ai essayé les différents modes sans échec, mais sans résultat. Je peux l'alumer quand mode windows normal. j'ai essayé de formater le pc, mais le lecteur cd plante au démarrage de windows et pendant une session...
Contenus similaires
1 Décembre 2008 15:19:20

Et une restauration a une date antérieur ?
Sinon on va voir le positif tu as accès a internet tente de faire un scan en ligne chez kaspersky par exemple et poste le rapport de scan .
1 Décembre 2008 15:35:41

Je n'est pas de restauration à une date antérieur.
Je tente le scan kaspersky

A tte
1 Décembre 2008 15:55:12

Alors, il y a un message d'erreur;

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Failed to resolve source DNS name]

j'ai tenté de recommencer plusieurs fois.

Ce serai le trojan TR/Agent.AKWY.7 et le worm worm.win.autorun.nuu!A2
1 Décembre 2008 17:57:15

Alors voilà, j'ai réussi à faire tourner combofix,

Voilà le rapport;

j'espère que ça pourra aider;

ComboFix 08-11-30.02 - dams 2008-12-01 17:45:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.772 [GMT 1:00]
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\docume~1\dams\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\dams\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\dams\Application Data\m
c:\documents and settings\dams\Application Data\m\data.oct
c:\documents and settings\dams\Application Data\m\flec006.exe
c:\documents and settings\dams\Application Data\m\list.oct
c:\documents and settings\dams\Application Data\m\shared\3D Cover Boxshot Designer 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\A4_Video_Converter_2.4.zip
c:\documents and settings\dams\Application Data\m\shared\ContentWays Local 1.0.0.4.zip
c:\documents and settings\dams\Application Data\m\shared\Cowboy with Keyboard 2.1 KeyGen.zip
c:\documents and settings\dams\Application Data\m\shared\DeskNow_WebMessenger_1.4_Key+Serial.zip
c:\documents and settings\dams\Application Data\m\shared\DKMY_1.00.00.zip
c:\documents and settings\dams\Application Data\m\shared\Easy_Folder_Security_1.5_(Key).zip
c:\documents and settings\dams\Application Data\m\shared\Flow_Diagrams_Software_2.0.zip
c:\documents and settings\dams\Application Data\m\shared\iDailyDiary_Free_3.41.zip
c:\documents and settings\dams\Application Data\m\shared\InternetFileSize 3.60.zip
c:\documents and settings\dams\Application Data\m\shared\InvoiceMaker_1.0_build_453.zip
c:\documents and settings\dams\Application Data\m\shared\Leithauser Research EBook Reader - The Best American Humorous Short Stories 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\LingvoSoft_Picture_Dictionary_2007_Polish_-_Chinese_Mandarin_Traditional_1.1.20_[Patch].czip
c:\documents and settings\dams\Application Data\m\shared\Logic Friday 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\MyOdd_2.10.zip
c:\documents and settings\dams\Application Data\m\shared\Outlook_Express_Backup_Restore_2.12_(KeyGen).zip
c:\documents and settings\dams\Application Data\m\shared\Quick 3D Cover 1.5.1.zip
c:\documents and settings\dams\Application Data\m\shared\RefCon_Rx_1.15.zip
c:\documents and settings\dams\Application Data\m\shared\Sorax_Reader_1.zip
c:\documents and settings\dams\Application Data\m\shared\spEye_1.2_beta.zip
c:\documents and settings\dams\Application Data\m\shared\Suncycle_1.0.9.3.zip
c:\documents and settings\dams\Application Data\m\shared\Super_Webscan_8.0_[Cracked].zip
c:\documents and settings\dams\Application Data\m\shared\SwfSaver_Pro_2.0.zip
c:\documents and settings\dams\Application Data\m\shared\TalkingSlide_1.1.zip
c:\documents and settings\dams\Application Data\m\shared\The BMW Collection Screensaver 1.0.zip
c:\documents and settings\dams\Application Data\m\shared\Whizlabs SCJP 6.0 Preparation Kit 6.0.1.zip
c:\documents and settings\dams\Application Data\m\shared\WinPresenter_1.6.zip
c:\documents and settings\dams\Application Data\m\shared\Xorax Contact Sheet 1.0a.zip
c:\documents and settings\dams\Application Data\m\shared\ZC Trigram Generator 1.0.zip
c:\documents and settings\dams\Application Data\m\srvlist.oct
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\Windows Live\Messenger\MsnMsgr.Exe
C:\resycled
c:\resycled\boot.com
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\103438.exe
c:\windows\system32\drivers\downld\108225.exe
c:\windows\system32\drivers\downld\110408.exe
c:\windows\system32\drivers\downld\112591.exe
c:\windows\system32\drivers\downld\115946.exe
c:\windows\system32\drivers\downld\116447.exe
c:\windows\system32\drivers\downld\116898.exe
c:\windows\system32\drivers\downld\121584.exe
c:\windows\system32\drivers\downld\122426.exe
c:\windows\system32\drivers\downld\126932.exe
c:\windows\system32\drivers\downld\128574.exe
c:\windows\system32\drivers\downld\133782.exe
c:\windows\system32\drivers\downld\135635.exe
c:\windows\system32\drivers\downld\138709.exe
c:\windows\system32\drivers\downld\139230.exe
c:\windows\system32\drivers\downld\140732.exe
c:\windows\system32\drivers\downld\141062.exe
c:\windows\system32\drivers\downld\145018.exe
c:\windows\system32\drivers\downld\146070.exe
c:\windows\system32\drivers\downld\147472.exe
c:\windows\system32\drivers\downld\14749368.exe
c:\windows\system32\drivers\downld\14773713.exe
c:\windows\system32\drivers\downld\14783026.exe
c:\windows\system32\drivers\downld\14784829.exe
c:\windows\system32\drivers\downld\14847940.exe
c:\windows\system32\drivers\downld\14876220.exe
c:\windows\system32\drivers\downld\14904942.exe
c:\windows\system32\drivers\downld\14906384.exe
c:\windows\system32\drivers\downld\151537.exe
c:\windows\system32\drivers\downld\157616.exe
c:\windows\system32\drivers\downld\161852.exe
c:\windows\system32\drivers\downld\163024.exe
c:\windows\system32\drivers\downld\163855.exe
c:\windows\system32\drivers\downld\164206.exe
c:\windows\system32\drivers\downld\175802.exe
c:\windows\system32\drivers\downld\176233.exe
c:\windows\system32\drivers\downld\179868.exe
c:\windows\system32\drivers\downld\181500.exe
c:\windows\system32\drivers\downld\182262.exe
c:\windows\system32\drivers\downld\187649.exe
c:\windows\system32\drivers\downld\194619.exe
c:\windows\system32\drivers\downld\195180.exe
c:\windows\system32\drivers\downld\196823.exe
c:\windows\system32\drivers\downld\201479.exe
c:\windows\system32\drivers\downld\206176.exe
c:\windows\system32\drivers\downld\208049.exe
c:\windows\system32\drivers\downld\214618.exe
c:\windows\system32\drivers\downld\218323.exe
c:\windows\system32\drivers\downld\218984.exe
c:\windows\system32\drivers\downld\220176.exe
c:\windows\system32\drivers\downld\220877.exe
c:\windows\system32\drivers\downld\227957.exe
c:\windows\system32\drivers\downld\231182.exe
c:\windows\system32\drivers\downld\237771.exe
c:\windows\system32\drivers\downld\239173.exe
c:\windows\system32\drivers\downld\240445.exe
c:\windows\system32\drivers\downld\249829.exe
c:\windows\system32\drivers\downld\251441.exe
c:\windows\system32\drivers\downld\252793.exe
c:\windows\system32\drivers\downld\257289.exe
c:\windows\system32\drivers\downld\258561.exe
c:\windows\system32\drivers\downld\266433.exe
c:\windows\system32\drivers\downld\267795.exe
c:\windows\system32\drivers\downld\269667.exe
c:\windows\system32\drivers\downld\270058.exe
c:\windows\system32\drivers\downld\271730.exe
c:\windows\system32\drivers\downld\275556.exe
c:\windows\system32\drivers\downld\287363.exe
c:\windows\system32\drivers\downld\289035.exe
c:\windows\system32\drivers\downld\292210.exe
c:\windows\system32\drivers\downld\295935.exe
c:\windows\system32\drivers\downld\308904.exe
c:\windows\system32\drivers\downld\312559.exe
c:\windows\system32\drivers\downld\3236313.exe
c:\windows\system32\drivers\downld\3239878.exe
c:\windows\system32\drivers\downld\3243443.exe
c:\windows\system32\drivers\downld\325347.exe
c:\windows\system32\drivers\downld\326409.exe
c:\windows\system32\drivers\downld\3265145.exe
c:\windows\system32\drivers\downld\3268129.exe
c:\windows\system32\drivers\downld\3278133.exe
c:\windows\system32\drivers\downld\3285123.exe
c:\windows\system32\drivers\downld\3291022.exe
c:\windows\system32\drivers\downld\342692.exe
c:\windows\system32\drivers\downld\48519.exe
c:\windows\system32\drivers\downld\48880.exe
c:\windows\system32\drivers\downld\49631.exe
c:\windows\system32\drivers\downld\51063.exe
c:\windows\system32\drivers\downld\55549.exe
c:\windows\system32\drivers\downld\56461.exe
c:\windows\system32\drivers\downld\60647.exe
c:\windows\system32\drivers\downld\61488.exe
c:\windows\system32\drivers\downld\62720.exe
c:\windows\system32\drivers\downld\64913.exe
c:\windows\system32\drivers\downld\71252.exe
c:\windows\system32\drivers\downld\73585.exe
c:\windows\system32\drivers\downld\73986.exe
c:\windows\system32\drivers\downld\80435.exe
c:\windows\system32\drivers\downld\82748.exe
c:\windows\system32\drivers\downld\82839.exe
c:\windows\system32\drivers\downld\85042.exe
c:\windows\system32\drivers\downld\86173.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\kdupd.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.

2008-12-01 16:39 . 2008-12-01 16:44 <REP> d-------- c:\documents and settings\dams\.housecall6.6
2008-12-01 15:42 . 2008-12-01 15:42 <REP> d-------- c:\windows\Sun
2008-12-01 15:40 . 2008-12-01 15:40 <REP> d-------- c:\program files\Java
2008-12-01 15:40 . 2008-12-01 15:40 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 15:40 . 2008-12-01 15:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-01 13:43 . 2008-12-01 13:43 <REP> d-------- c:\program files\Trend Micro
2008-12-01 00:43 . 2008-12-01 00:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-12-01 00:41 . 2008-12-01 00:40 286,720 --a------ c:\windows\iun507.exe
2008-11-30 23:57 . 2008-11-30 23:57 <REP> d-------- c:\program files\GetData
2008-11-30 23:57 . 2008-12-01 00:39 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-30 23:55 . 2008-11-30 23:55 <REP> d--h----- c:\windows\PIF
2008-11-30 23:54 . 2008-12-01 00:41 <REP> d-------- c:\program files\RecoverySoft
2008-11-30 23:11 . 2008-11-30 23:11 <REP> d-------- c:\program files\TouchStoneSoftware
2008-11-30 21:36 . 2008-11-30 21:36 <REP> d-------- c:\program files\Stellar Phoenix NTFS Data Recovery
2008-11-30 21:36 . 1998-06-24 00:00 260,920 --a------ c:\windows\system32\MSDATGRD.OCX
2008-11-30 21:36 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe
2008-11-30 21:36 . 2006-03-01 02:10 69,632 --a------ c:\windows\system32\Crypserv.exe
2008-11-30 21:36 . 2006-01-10 03:47 31,846 --a------ c:\windows\system32\Ckldrv.sys
2008-11-30 21:36 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe
2008-11-30 21:36 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll
2008-11-30 21:36 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe
2008-11-30 21:36 . 2008-11-30 21:36 1,680 --a------ c:\windows\system32\esnecil.nlp
2008-11-30 21:36 . 2008-12-01 00:28 1,680 --a------ c:\windows\system32\esnecil.ind
2008-11-30 21:36 . 2008-11-30 21:36 68 --a------ c:\windows\Crypkey.ini
2008-11-30 21:36 . 2008-11-30 21:36 4 --a------ c:\windows\vx86036.dat
2008-11-30 20:39 . 2008-11-30 20:39 <REP> d-------- c:\windows\system32\NtmsData
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Real
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-11-23 15:41 . 2008-11-23 15:41 <REP> d-------- c:\program files\Fichiers communs\Real
2008-11-16 13:58 . 2008-11-16 14:03 <REP> d-------- c:\windows\BDOSCAN8
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\documents and settings\dams\Application Data\Malwarebytes
2008-11-13 21:30 . 2008-11-13 21:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 21:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 21:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 21:24 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 21:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 12:23 --------- d-----w c:\documents and settings\dams\Application Data\DNA
2008-12-01 11:54 --------- d-----w c:\program files\DNA
2008-12-01 11:45 --------- d-----w c:\program files\eMule
2008-11-30 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-30 20:04 --------- d-----w c:\documents and settings\dams\Application Data\U3
2008-11-30 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 13:49 --------- d-----w c:\program files\Steam
2008-11-13 22:21 --------- d-----w c:\documents and settings\dams\Application Data\BitTorrent
2008-11-02 18:10 --------- d-----w c:\documents and settings\dams\Application Data\Apple Computer
2008-10-25 11:59 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-25 11:54 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-25 11:52 --------- d-----w c:\program files\Logitech
2008-10-25 10:38 --------- d-----w c:\program files\ma-config.com
2008-10-25 10:38 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 11:54 --------- d-----w c:\program files\Windows Live
2008-10-10 21:17 --------- d-----w c:\program files\7-Zip
2008-10-07 20:26 --------- d-----w c:\program files\ffdshow
2008-10-07 20:23 --------- d-----w c:\documents and settings\dams\Application Data\vlc
2008-10-06 20:38 --------- d-----w c:\program files\BitTorrent
2008-10-05 10:28 --------- d-----w c:\program files\Google
2008-10-05 08:57 --------- d-----w c:\program files\OpenPlsInWMP
2008-10-05 08:45 --------- d-----w c:\program files\Audacity
2008-10-04 19:44 --------- d-----w c:\program files\Lavalys
2008-10-04 12:21 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-04 10:26 --------- d-----w c:\program files\MSBuild
2008-10-04 10:26 --------- d-----w c:\program files\Microsoft Works
2008-10-04 10:25 --------- d-----w c:\program files\Microsoft.NET
2008-10-04 10:22 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-01 19:13 --------- d-----w c:\program files\Teamspeak2_RC2
2008-10-01 19:13 --------- d-----w c:\documents and settings\dams\Application Data\teamspeak2
2008-09-18 14:42 21,361 ----a-w c:\windows\AegisP.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 435736]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^dams^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\dams\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-02-10 20:10 335872 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-12-01 13:33 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-16 11:12 342336 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CplBCL50]
--a------ 2004-03-02 10:45 401408 c:\program files\EzButton\CplBCL50.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2008-03-04 13:41 1101824 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-04-28 08:08 184320 c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2007-02-06 16:43 252704 c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 12:41 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-23 15:41 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-07-25 04:22 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 09:24 28672 c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-19 10:53 65024 c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-22 56344]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2008-09-18 25856]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-09-02 191656]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8796a1-9143-11dd-9050-0012f00ebe6b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-c:\windows\system32\kdupd.exe - c:\windows\system32\kdupd.exe
MSConfigStartUp-kdupd - c:\windows\system32\kdupd.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\dams\Application Data\Mozilla\Firefox\Profiles\wbbnwolq.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 17:48:56
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\netprovcredman.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-01 17:54:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-01 16:54:31

Avant-CF: 93,475,717,120 octets libres
Après-CF: 93,937,762,304 octets libres

363 --- E O F --- 2008-11-13 22:48:00
1 Décembre 2008 20:13:52

Hello hello,

Alors voilà, j'ai réussi à faire un rapport hijacthis!

Merci de bien vouloir l'étudié (malgré d'infructueux résultats sur hijackthis.de)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:36, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dams\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/1rewlsup/WinInstaller
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\dams\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/j...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Windows Live Contrôle parental (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7478 bytes


Merci de votre aide, je ne arriverais pas tout seul...
1 Décembre 2008 21:20:27

bonsoir
vu que c'est bagle, on va voir ce qu'il en est de tes cracks pourris... à l'origine de ton infection.

1

Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


    2
    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.

    1 Décembre 2008 21:32:26

    Merci

    Oui, c'était à cause d'un krak, ma clé usb avait flanché. J'avais trouvé un logiciel satisfesant, Ondata recoverysoft, mais je suis étudiant, et a 100€ les 24h... Mais j'ai eu tord, et je le reconnais. Merci de m'aider

    Le rapport LOP



    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.80GHz )
    BIOS : Insyde Software MobilePRO BIOS Version 4.00.00
    USER : dams ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
    C:\ (Local Disk) - NTFS - Total:111 Go (Free:87 Go)
    D:\ (CD or DVD)
    E:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 01/12/2008|21:27 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [18/09/2008|15:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
    [22/09/2008|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [21/09/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [04/10/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [18/09/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [18/09/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [18/09/2008|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [18/09/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
    [25/10/2008|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
    [13/11/2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [04/10/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [30/11/2008|21:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [01/12/2008|00:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22/09/2008|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [19/09/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [04/10/2008|17:07] C:\DOCUME~1\dams\APPLIC~1\Adobe
    [02/11/2008|19:10] C:\DOCUME~1\dams\APPLIC~1\Apple Computer
    [13/11/2008|23:21] C:\DOCUME~1\dams\APPLIC~1\BitTorrent
    [27/09/2008|23:46] C:\DOCUME~1\dams\APPLIC~1\DeepBurner
    [01/12/2008|13:23] C:\DOCUME~1\dams\APPLIC~1\DNA
    [05/10/2008|11:28] C:\DOCUME~1\dams\APPLIC~1\Google
    [18/09/2008|15:17] C:\DOCUME~1\dams\APPLIC~1\Identities
    [18/09/2008|15:42] C:\DOCUME~1\dams\APPLIC~1\Intel
    [23/09/2008|11:01] C:\DOCUME~1\dams\APPLIC~1\InterVideo
    [19/09/2008|18:02] C:\DOCUME~1\dams\APPLIC~1\Macromedia
    [13/11/2008|21:30] C:\DOCUME~1\dams\APPLIC~1\Malwarebytes
    [30/11/2008|21:27] C:\DOCUME~1\dams\APPLIC~1\Microsoft
    [19/09/2008|13:11] C:\DOCUME~1\dams\APPLIC~1\Mozilla
    [23/11/2008|15:42] C:\DOCUME~1\dams\APPLIC~1\Real
    [01/12/2008|15:38] C:\DOCUME~1\dams\APPLIC~1\Sun
    [19/09/2008|13:11] C:\DOCUME~1\dams\APPLIC~1\Talkback
    [01/10/2008|20:13] C:\DOCUME~1\dams\APPLIC~1\teamspeak2
    [30/11/2008|21:04] C:\DOCUME~1\dams\APPLIC~1\U3
    [07/10/2008|21:23] C:\DOCUME~1\dams\APPLIC~1\vlc

    [18/09/2008|15:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
    [18/09/2008|15:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [18/09/2008|15:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
    [18/09/2008|15:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [18/09/2008|15:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
    [18/09/2008|15:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [21/11/2008 00:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [01/12/2008 21:24][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [10/10/2008|22:17] C:\Program Files\7-Zip
    [04/10/2008|13:20] C:\Program Files\Adobe
    [20/09/2008|17:39] C:\Program Files\Apple Software Update
    [27/09/2008|23:33] C:\Program Files\Astonsoft
    [18/09/2008|15:24] C:\Program Files\ATI Technologies
    [05/10/2008|09:45] C:\Program Files\Audacity
    [18/09/2008|18:52] C:\Program Files\Avira
    [18/09/2008|15:25] C:\Program Files\AvRack
    [06/10/2008|21:38] C:\Program Files\BitTorrent
    [21/09/2008|16:44] C:\Program Files\Bonjour
    [22/09/2008|11:34] C:\Program Files\CCleaner
    [18/09/2008|15:07] C:\Program Files\ComPlus Applications
    [01/12/2008|12:54] C:\Program Files\DNA
    [01/12/2008|12:45] C:\Program Files\eMule
    [18/09/2008|15:28] C:\Program Files\EzButton
    [07/10/2008|21:26] C:\Program Files\ffdshow
    [01/12/2008|21:18] C:\Program Files\Fichiers communs
    [30/11/2008|23:57] C:\Program Files\GetData
    [05/10/2008|11:28] C:\Program Files\Google
    [30/11/2008|20:44] C:\Program Files\InstallShield Installation Information
    [18/09/2008|15:41] C:\Program Files\Intel
    [16/10/2008|02:03] C:\Program Files\Internet Explorer
    [23/09/2008|11:00] C:\Program Files\InterVideo
    [21/09/2008|17:16] C:\Program Files\iPod
    [21/09/2008|17:16] C:\Program Files\iTunes
    [01/12/2008|15:40] C:\Program Files\Java
    [04/10/2008|20:44] C:\Program Files\Lavalys
    [25/10/2008|12:52] C:\Program Files\Logitech
    [18/09/2008|15:27] C:\Program Files\ltmoh
    [25/10/2008|11:38] C:\Program Files\ma-config.com
    [13/11/2008|21:30] C:\Program Files\Malwarebytes' Anti-Malware
    [22/09/2008|10:18] C:\Program Files\Microsoft
    [18/09/2008|15:10] C:\Program Files\microsoft frontpage
    [04/10/2008|11:26] C:\Program Files\Microsoft Office
    [22/09/2008|10:18] C:\Program Files\Microsoft SQL Server Compact Edition
    [04/10/2008|11:26] C:\Program Files\Microsoft Visual Studio
    [04/10/2008|11:22] C:\Program Files\Microsoft Visual Studio 8
    [04/10/2008|11:26] C:\Program Files\Microsoft Works
    [04/10/2008|11:25] C:\Program Files\Microsoft.NET
    [20/09/2008|18:25] C:\Program Files\Movie Maker
    [01/12/2008|18:06] C:\Program Files\Mozilla Firefox
    [04/10/2008|11:26] C:\Program Files\MSBuild
    [18/09/2008|15:05] C:\Program Files\MSN
    [18/09/2008|15:06] C:\Program Files\MSN Gaming Zone
    [19/09/2008|02:02] C:\Program Files\MSXML 6.0
    [20/09/2008|18:24] C:\Program Files\NetMeeting
    [18/09/2008|18:35] C:\Program Files\Nouveau dossier
    [18/09/2008|15:06] C:\Program Files\Online Services
    [05/10/2008|09:57] C:\Program Files\OpenPlsInWMP
    [20/09/2008|18:23] C:\Program Files\Outlook Express
    [01/12/2008|18:32] C:\Program Files\Panda Security
    [21/09/2008|17:15] C:\Program Files\QuickTime
    [23/11/2008|15:41] C:\Program Files\Real
    [18/09/2008|15:25] C:\Program Files\Realtek Sound Manager
    [01/12/2008|00:41] C:\Program Files\RecoverySoft
    [22/09/2008|11:36] C:\Program Files\RegCleaner
    [21/09/2008|16:50] C:\Program Files\Safari
    [18/09/2008|15:08] C:\Program Files\Services en ligne
    [23/11/2008|14:49] C:\Program Files\Steam
    [30/11/2008|21:36] C:\Program Files\Stellar Phoenix NTFS Data Recovery
    [01/10/2008|20:13] C:\Program Files\Teamspeak2_RC2
    [30/11/2008|23:11] C:\Program Files\TouchStoneSoftware
    [01/12/2008|13:43] C:\Program Files\Trend Micro
    [18/09/2008|15:17] C:\Program Files\Uninstall Information
    [23/09/2008|22:18] C:\Program Files\VideoLAN
    [11/10/2008|12:54] C:\Program Files\Windows Live
    [22/09/2008|10:57] C:\Program Files\Windows Media Connect 2
    [22/09/2008|10:57] C:\Program Files\Windows Media Player
    [20/09/2008|18:23] C:\Program Files\Windows NT
    [18/09/2008|15:08] C:\Program Files\WindowsUpdate
    [19/09/2008|13:12] C:\Program Files\WinZip
    [18/09/2008|15:10] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [04/10/2008|13:21] C:\Program Files\Fichiers communs\Adobe
    [21/09/2008|17:14] C:\Program Files\Fichiers communs\Apple
    [04/10/2008|11:26] C:\Program Files\Fichiers communs\DESIGNER
    [25/10/2008|12:54] C:\Program Files\Fichiers communs\InstallShield
    [25/10/2008|12:59] C:\Program Files\Fichiers communs\LogiShrd
    [05/10/2008|17:45] C:\Program Files\Fichiers communs\Microsoft Shared
    [18/09/2008|15:08] C:\Program Files\Fichiers communs\MSSoap
    [18/09/2008|16:47] C:\Program Files\Fichiers communs\ODBC
    [23/11/2008|15:41] C:\Program Files\Fichiers communs\Real
    [18/09/2008|15:08] C:\Program Files\Fichiers communs\Services
    [18/09/2008|16:47] C:\Program Files\Fichiers communs\SpeechEngines
    [04/10/2008|11:22] C:\Program Files\Fichiers communs\System
    [22/09/2008|10:07] C:\Program Files\Fichiers communs\Windows Live
    [19/09/2008|19:04] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [23/11/2008|15:41] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 37 Processes )

    iexplore.exe ~ [PID:2708]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\dams\Cookies\dams@advertstream[1].txt
    C:\DOCUME~1\dams\Cookies\dams@advertising[1].txt
    C:\DOCUME~1\dams\Cookies\dams@ero-advertising[1].txt
    C:\DOCUME~1\dams\Cookies\dams@adopt.euroclick[1].txt
    C:\DOCUME~1\dams\Cookies\dams@partypoker[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-01 21:28:30
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 4

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\dams\Cookies\dams@crackdb[1].txt
    C:\DOCUME~1\dams\Cookies\dams@crackserialkeygen[2].txt


    [F:397][D:0]-> C:\DOCUME~1\dams\Cookies
    [F:170][D:4]-> C:\DOCUME~1\dams\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 01/12/2008|21:29 - Option : [1]

    --------------------\\ Fin du rapport a 21:29:05

    L'analyse Kaspersky est en route
    1 Décembre 2008 21:43:40

    barbadam a dit :
    Merci

    Oui, c'était à cause d'un krak, ma clé usb avait flanché. J'avais trouvé un logiciel satisfesant, Ondata recoverysoft, mais je suis étudiant, et a 100€ les 24h... Mais j'ai eu tord, et je le reconnais. Merci de m'aider

    bah quand j'étais étudiant, j'avais pas de pc, c'est dire si j'étais pauvre :lol: 

    plus sérieusement, cherche vers les gratuit, en général on trouve à peu près tout. ;) 

    j'attends ton rapport de scan en ligne


    1 Décembre 2008 23:07:32

    lol, oui j'ai cherché toute une nuit, et j'ai craqué pour la facilité :s

    Voici le scan kaspersky;

    Monday, December 1, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, December 01, 2008 18:39:03
    Records in database: 1429900


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    C:\
    D:\
    E:\

    Scan statistics
    Files scanned 42097
    Threat name 9
    Infected objects 42
    Suspicious objects 0
    Duration of the scan 00:53:41

    File name Threat name Threats count
    C:\Documents and Settings\dams\Bureau\Freezer_Live_V.3.0.zip Infected: Backdoor.Win32.VB.gkv 1

    C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.nuu 1

    C:\Qoobox\Quarantine\C\Documents and Settings\dams\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\DOCUME~1\dams\LOCALS~1\Temp\tmp1.tmp.vir Infected: Trojan.Win32.Small.yon 1

    C:\Qoobox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr.exe.vir Infected: Trojan-Downloader.Win32.Bagle.agv 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\103438.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\110408.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\115946.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\116447.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\121584.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\122426.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\133782.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\141062.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\145018.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\147472.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\14773713.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\157616.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\164206.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\175802.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\176233.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\179868.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\181500.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\187649.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\194619.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\220176.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\231182.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\249829.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3239878.exe.vir Infected: Email-Worm.Win32.Bagle.vr 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3243443.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3278133.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3285123.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\3291022.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\55549.exe.vir Infected: Email-Worm.Win32.Bagle.vr 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\60647.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\73986.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\80435.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\82839.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\downld\86173.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\winfilse.exe.vir Infected: Trojan-Downloader.Win32.Bagle.agv 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_srosa_.sys.zip Infected: Trojan-Downloader.Win32.Bagle.afl 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

    The selected area was scanned.
    1 Décembre 2008 23:49:31

    re
    supprime
    C:\Documents and Settings\dams\Bureau\Freezer_Live_V.3.0.zip

    C:\Qoobox
    vide ta corbeille

    fais un scan avec antivir à jour pour vérifier stp
    2 Décembre 2008 09:28:34

    Hello,

    Freezer live et Qoobox supprimé, mais je ne peux pas lancer antivir.
    Il y a un message d'erreur;

    Avira\..\...\..\avcenter.exe n'est pas une application Win32 valide


    Okay, j'ai réinstaller l'antivirus et il marche!
    Il a trouvé le virus Bagle et d'autres, 61 fichiers infectés...
    Mais j'ai fait le boulet... J'ai pas enregistrer le rapport... :D 
    Je refais un scan avec le rapport
    2 Décembre 2008 20:37:57

    Le voici;



    Avira AntiVir Personal
    Report file date: mardi 2 décembre 2008 19:26

    Scanning for 1069442 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: CQFD

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
    ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 17:51:51
    ANTIVIR3.VDF : 7.1.0.176 132608 Bytes 02/12/2008 17:51:52
    Engineversion : 8.2.0.36
    AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
    AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
    AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
    AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
    AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
    AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
    AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
    AEHELP.DLL : 8.1.2.0 119159 Bytes 02/12/2008 17:51:55
    AEGEN.DLL : 8.1.1.6 323955 Bytes 02/12/2008 17:51:54
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.5.2 172405 Bytes 02/12/2008 17:51:53
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 2 décembre 2008 19:26

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'Crypserv.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '48' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!


    End of the scan: mardi 2 décembre 2008 19:54
    Used time: 28:16 Minute(s)

    The scan has been done completely.

    4899 Scanning directories
    154901 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    154900 Files not concerned
    1348 Archives were scanned
    2 Warnings
    0 Notes

    2 Décembre 2008 21:22:55

    re

    Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    2 Décembre 2008 22:32:58

    Voici les rapports;


    DDS;



    DDS (Version 1.0) - NTFSx86
    Run by dams at 22:29:40,14 on 02/12/2008
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.549 [GMT 1:00]

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    c:\program files\avira\antivir personaledition classic\avcenter.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\dams\Bureau\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uStart Page = hxxp://www.google.fr/
    uInternet Connection Wizard,ShellNext = hxxp://g.live.com/1rewlsup/WinInstaller
    uInternet Settings,ProxyOverride = *.local
    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [WUAppSetup] c:\program files\fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08a9 -f video -m logitech -d 10.5.1.2023
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\dams\menu démarrer\programmes\imvu\Run IMVU.lnk
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\dams\menu démarrer\programmes\imvu\Run IMVU.lnk
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-1 28544]
    R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-12-2 11840]
    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-12-2 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-12-2 151297]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-9-22 56344]
    R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-12-2 52032]
    R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WBSD.SYS [2008-9-18 25856]
    S3 fsssvc;Windows Live Contrôle parental;"c:\program files\windows live\family safety\fsssvc.exe" []
    S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-9-2 191656]
    S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-1 27904]

    =============== Created Last 30 ================

    2008-12-02 18:50 <DIR> --d----- c:\program files\Avira
    2008-12-02 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
    2008-12-01 21:27 <DIR> --d----- C:\Lop SD
    2008-12-01 21:17 <DIR> a-dshr-- C:\cmdcons
    2008-12-01 21:14 <DIR> --d----- C:\Combo-Fix
    2008-12-01 21:14 <DIR> a-dshr-- C:\autorun.inf
    2008-12-01 18:32 28,544 a------- c:\windows\system32\drivers\pavboot.sys
    2008-12-01 18:32 <DIR> --d----- c:\program files\Panda Security
    2008-12-01 17:38 161,792 a------- c:\windows\SWREG.exe
    2008-12-01 17:38 98,816 a------- c:\windows\sed.exe
    2008-12-01 16:39 <DIR> --d----- c:\documents and settings\dams\.housecall6.6
    2008-12-01 15:40 410,976 a------- c:\windows\system32\deploytk.dll
    2008-12-01 15:40 73,728 a------- c:\windows\system32\javacpl.cpl
    2008-12-01 13:43 <DIR> --d----- c:\program files\Trend Micro
    2008-12-01 00:43 27,904 a------- c:\windows\system32\drivers\ndisprot.sys
    2008-12-01 00:41 286,720 a------- c:\windows\iun507.exe
    2008-11-30 23:57 <DIR> --d----- c:\program files\GetData
    2008-11-30 23:55 <DIR> --d-h--- c:\windows\PIF
    2008-11-30 23:54 <DIR> --d----- c:\program files\RecoverySoft
    2008-11-30 23:11 <DIR> --d----- c:\program files\TouchStoneSoftware
    2008-11-30 21:36 1,680 a------- c:\windows\system32\esnecil.nlp
    2008-11-30 21:36 1,680 a------- c:\windows\system32\esnecil.ind
    2008-11-30 21:36 4 a------- c:\windows\vx86036.dat
    2008-11-30 21:36 68 a------- c:\windows\Crypkey.ini
    2008-11-30 21:36 27,648 a----r-- c:\windows\Setup_ck.exe
    2008-11-30 21:36 165,888 a------- c:\windows\Ckconfig.exe
    2008-11-30 21:36 69,632 a------- c:\windows\system32\Crypserv.exe
    2008-11-30 21:36 31,846 a------- c:\windows\system32\Ckldrv.sys
    2008-11-30 21:36 18,432 a------- c:\windows\Setup_ck.dll
    2008-11-30 21:36 11,776 a------- c:\windows\Ckrfresh.exe
    2008-11-30 21:36 260,920 a------- c:\windows\system32\MSDATGRD.OCX
    2008-11-30 21:36 <DIR> --d----- c:\program files\Stellar Phoenix NTFS Data Recovery
    2008-11-30 20:39 <DIR> --d----- c:\windows\system32\NtmsData
    2008-11-23 15:41 <DIR> --d----- c:\program files\fichiers communs\xing shared
    2008-11-23 15:41 <DIR> --d----- c:\program files\Real
    2008-11-23 15:41 <DIR> --d----- c:\program files\fichiers communs\Real
    2008-11-13 21:30 <DIR> --d----- c:\docume~1\dams\applic~1\Malwarebytes
    2008-11-13 21:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2008-11-13 21:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-13 21:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2008-11-13 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2008-11-13 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-13 21:24 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

    ==================== Find3M ====================

    2008-12-01 13:23 <DIR> --d----- c:\docume~1\dams\applic~1\DNA
    2008-12-01 12:54 <DIR> --d----- c:\program files\DNA
    2008-12-01 12:45 <DIR> --d----- c:\program files\eMule
    2008-11-23 15:41 499,712 a------- c:\windows\system32\msvcp71.dll
    2008-11-23 15:41 348,160 a------- c:\windows\system32\msvcr71.dll
    2008-11-23 14:49 <DIR> --d----- c:\program files\Steam
    2008-11-13 23:21 <DIR> --d----- c:\docume~1\dams\applic~1\BitTorrent
    2008-10-28 10:04 459,164 a------- c:\windows\system32\perfh00C.dat
    2008-10-28 10:04 71,980 a------- c:\windows\system32\perfc00C.dat
    2008-10-25 12:54 <DIR> --d----- c:\program files\fichiers communs\InstallShield
    2008-10-25 11:38 <DIR> --d----- c:\program files\ma-config.com
    2008-10-25 11:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ma-config.com
    2008-10-07 21:26 <DIR> --d----- c:\program files\ffdshow
    2008-10-06 21:38 <DIR> --d----- c:\program files\BitTorrent
    2008-10-05 09:57 <DIR> --d----- c:\program files\OpenPlsInWMP
    2008-10-05 09:45 <DIR> --d----- c:\program files\Audacity
    2008-10-04 20:44 <DIR> --d----- c:\program files\Lavalys
    2008-10-04 11:22 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
    2008-09-20 18:27 76,507 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2008-09-18 15:42 <DIR> --d----- c:\docume~1\dams\applic~1\Intel
    2008-09-18 15:42 21,361 a------- c:\windows\AegisP.sys
    2008-09-18 15:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel
    2008-09-18 15:07 21,892 a------- c:\windows\system32\emptyregdb.dat
    2008-09-15 16:26 1,846,528 a------- c:\windows\system32\win32k.sys
    2008-09-10 02:15 1,307,648 a------- c:\windows\system32\msxml6.dll
    2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll
    2008-09-04 18:16 1,106,944 a------- c:\windows\system32\msxml3.dll

    ============= FINISH: 22:29:51,04 ===============



    3 Décembre 2008 13:47:38

    re
    encore des soucis?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS