Votre question

gros problèmes de virus

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Juillet 2008 10:14:29

Bonjour,
j'ai un gros problème de virus depuis ce matin,
impossible de lancer les antivirus, ni même HiJackThis.
un message m'indique que :
HiJackThis n'est pas une application win2 valide.

Autres pages sur : gros problemes virus

1 Juillet 2008 10:37:18

Bonjour,

As tu essayé de redémarrer ton ordinateur en mode sans echec pour lancer HJT ?

Il faut faire F8 au démarrage poru avoir accès au menu démarrage windows et choisir démarrer windows en mode sans échec.
1 Juillet 2008 11:04:05

Bonjour,

Télécharge ELIBAGLA en bas de cette page:
==> http://www.zonavirus.com/datos/descargas/95/elibagla.as...
Lance Elibagla en double cliquant dessus.
assure toi que le bouton "Eliminar Ficheros Automaticamente" soit coché.
Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
Clique sur le bouton Explorar.
à la fin poste le rapport C:\infoSat.txt

N.B : Si ELIBAGLA ne marche pas, reviens me le dire, sinon poste le rapport demandé :) 

********

Trigium, si tu as des questions, n'hésite pas par MP :) 
Contenus similaires
1 Juillet 2008 12:45:01


Bonjour,
voilà le fichier result :

Tue Jul 01 11:40:43 2008
EliBagle v11.53 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 27 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Jul 01 11:41:34 2008
EliBagle v11.53 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 27 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
C:\Recycled\DC1753.ZIP --> Eliminado Bagle.dldr
C:\Recycled\DC1754.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 6032
Nº Total de Ficheros: 74491
Nº de Ficheros Analizados: 14635
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3
1 Juillet 2008 12:57:14

Re,

Télécharge ComboFix (de sUBs) sur ton Bureau.
Renomme le en Combo-Fix.exe avant le téléchargement !

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    1 Juillet 2008 13:55:55

    Impossible de lancer COMBOFIX
    j'ai le même message :
    combo-fix.exe n'est pas une application win 32 valide
    1 Juillet 2008 22:35:12

    Ok, on va tenter une autre manip.
    Repasse Elibagla, puis télécharge et exécute ceci : http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...

    Fais redémarrer ton ordinateur en mode sans échec avec prise en charge réseau.
    Au démarrage de l'ordinateur, tapote plusieurs fois la touche F8 (ou F5) jusqu'à arriver à un menu. Sélectionne Mode sans échec avec prise en charge réseau.
    Ne fais surtout pas redémarrer ton ordinateur via MSConfig !

    Une fois dans ce mode, retélécharge ComboFix et tente de le lancer.
    10 Juillet 2008 08:56:04

    Bonjour,
    je n'ai pas eu le temps de m'occuper du problème pour des raisons familliales.

    Bref, merci pour votre aide mais je ne peux toujours pas lancer ce combofix.
    il m'affiche le meme message : ... n'est pas une application valide
    10 Juillet 2008 10:26:17

    j'ai réussi à télécharger combofix en me déconnectant de mon réseau du boulot pour me connecter sur un autre réseau.
    je l'ai enregistré au nom de combo-fix.exe et je l'ai lancé sans pb.
    dès que le traitement est terminé, je posterai le compte rendu.
    A+
    10 Juillet 2008 10:50:27

    voici le rapport de combofix :

    ComboFix 08-07-09.5 - MVanlaeres 2008-07-10 10:22:28.1 - FAT32x86 NETWORK
    Endroit: C:\Documents and Settings\mvanlaeres\Bureau\Combo-Fix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Starware
    C:\Documents and Settings\mvanlaeres\Application Data\install.dat
    C:\Documents and Settings\mvanlaeres\Bureau\Error Cleaner.url
    C:\Documents and Settings\mvanlaeres\Bureau\Privacy Protector.url
    C:\Documents and Settings\mvanlaeres\Bureau\Spyware&Malware Protection.url
    C:\Documents and Settings\mvanlaeres\Favoris\Error Cleaner.url
    C:\Documents and Settings\mvanlaeres\Favoris\Privacy Protector.url
    C:\Documents and Settings\mvanlaeres\Favoris\Spyware&Malware Protection.url
    C:\Program Files\screensavers.com
    C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
    C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
    C:\Program Files\screensavers.com\Installer\bin\ScreensaversInst.dll
    C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
    C:\Program Files\screensavers.com\Installer\temp\dmB4.tmp
    C:\Program Files\screensavers.com\Installer\temp\mstub-pal_ncr_qt_a359_r16934.exe
    C:\Program Files\screensavers.com\Installer\temp\pltbinst.exe
    C:\Program Files\screensavers.com\Wallpaper\Heidi Klum.jpg
    C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
    C:\WINDOWS\edla.exe
    C:\WINDOWS\ksendlbtrkd.dll
    C:\WINDOWS\neltabxw.exe
    C:\WINDOWS\system32\_000046_.tmp.dll
    C:\WINDOWS\system32\dial32.exe
    C:\WINDOWS\system32\drivers\down
    C:\WINDOWS\system32\intranet.dll
    C:\WINDOWS\system32\mdm.exe
    C:\WINDOWS\system32\oeminfo.ini
    C:\WINDOWS\system32\regsvr.exe
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\z11.exe
    C:\WINDOWS\system32\zlbw.dll
    C:\WINDOWS\vrmdtneg.dll
    C:\WINDOWS\wpvmqosg.dll
    C:\WINDOWS\xvorfwbd.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-01 11:02 . 2008-07-01 11:02 <REP> d--hs---- C:\FOUND.000
    2008-06-24 15:15 . 2008-06-24 15:15 <REP> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
    2008-06-24 15:05 . 2008-06-24 15:05 <REP> d-------- C:\$ldcfg$
    2008-06-24 14:38 . 2008-06-24 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-24 11:51 . 2008-06-24 11:51 <REP> d-------- C:\magicmenu
    2008-06-24 11:51 . 2008-06-24 15:50 485,493 --a------ C:\magicmenu.zip
    2008-06-13 11:35 . 2008-06-13 11:35 <REP> d-------- C:\SAVMX1
    2008-06-13 11:34 . 2008-06-13 11:34 <REP> d-------- C:\SESAM
    2008-06-13 11:31 . 2008-06-10 12:39 165,957,935 --a------ C:\FICLHA.LZH

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-04 08:52 --------- d-----w C:\Program Files\MSECache
    2008-06-04 08:13 --------- d-----w C:\Program Files\LogMeIn
    2008-06-04 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
    2008-06-02 13:30 13,493,760 ----a-w C:\Picard.exe
    2008-05-29 07:18 --------- d-----w C:\Program Files\Apache Software Foundation
    2008-05-28 10:33 83,288 ----a-w C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll
    2008-05-28 10:33 24,608 ----a-w C:\WINDOWS\SYSTEM32\LMIport.dll
    2008-05-28 10:32 87,352 ----a-w C:\WINDOWS\SYSTEM32\LMIinit.dll
    2008-05-28 10:32 23,736 ----a-w C:\WINDOWS\SYSTEM32\lmimirr.dll
    2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\SYSTEM32\lmimirr2.dll
    2008-05-16 07:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-04-18 07:52 579 ----a-w C:\Thalwin.bat
    2008-03-31 11:08 1,437 ----a-w C:\Program Files\INSTALL.LOG
    2004-11-12 07:39 0 ----a-w C:\Documents and Settings\mvanlaeres\FAVORITES.DAT
    2004-11-12 07:38 25 ----a-w C:\Documents and Settings\mvanlaeres\RomInfo.dat
    2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
    1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
    1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
    1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
    1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
    1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
    1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
    2004-08-19 14:10 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-06-24 14:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
    "CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-30 09:00 22528]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-17 16:04 98304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-28 09:03 1836544]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
    "IntelAPMClient"="C:\Program Files\LANDesk\LDClient\amclient.exe" [2007-03-30 05:56 327680]
    "SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 08:06 258048]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "1"="http://intradim" [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-05-28 12:32 87352 C:\WINDOWS\SYSTEM32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Boot.Bat]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Boot.Bat
    backup=C:\WINDOWS\pss\Boot.BatCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK
    backup=C:\WINDOWS\pss\Fenêtre d'état de Canon LASER SHOT LBP-1120.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MemTurbo.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MemTurbo.lnk
    backup=C:\WINDOWS\pss\MemTurbo.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^mvanlaeres^Menu Démarrer^Programmes^Démarrage^MemTurbo.lnk]
    path=C:\Documents and Settings\mvanlaeres\Menu Démarrer\Programmes\Démarrage\MemTurbo.lnk
    backup=C:\WINDOWS\pss\MemTurbo.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
    C:\Program Files\ISTsvc\ [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNFckKXkd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQ3HelperStartUp]
    --a------ 2004-10-01 12:02 253952 C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aupd]
    --a------ 2006-02-23 10:47 48678 C:\WINDOWS\SYSTEM32\symsvcsa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    -ra------ 2002-08-14 13:22 28672 C:\WINDOWS\SYSTEM32\DSentry.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    --a------ 2005-07-12 15:35 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2004-02-10 11:55 155648 C:\WINDOWS\SYSTEM32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2005-08-11 16:30 249856 C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2005-08-11 16:30 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2005-05-04 17:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
    -ra------ 2006-01-30 18:00 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-06-17 16:04 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
    --a------ 2008-07-10 08:21 493024 C:\PROGRA~1\CA\ETRUST~1\Realmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    --a------ 2004-08-19 16:09 144384 C:\WINDOWS\SYSTEM32\mobsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
    --a------ 2005-10-25 09:56 107520 C:\Program Files\VVSN\VVSN.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2003-12-13 02:50 33792 C:\Program Files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4dcdb2-6c8f-11da-a38a-000d56c50254}]
    \Shell\AutoRun\command - G:\sysclean.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f5fe91-7eb6-11db-a3ed-000d56c50254}]
    \Shell\AutoRun\command - I:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f7b8753-8087-11dc-8cbd-000d56c50254}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-28 07:03:50 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    HKLM-Run-MSNSysRestore - C:\WINDOWS\system32\pc32.exe
    HKU-Default-Run-CTFMON.EXE - C:\WINDOWS\System32\CTFMON.EXE
    MSConfigStartUp-AdaptecDirectCD - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    MSConfigStartUp-AutoUpdater - C:\Program Files\AutoUpdate\AutoUpdate.exe
    MSConfigStartUp-BO1HelperStartUp - C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
    MSConfigStartUp-CTFMON - C:\WINDOWS\System32\ctfmon.exe
    MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    MSConfigStartUp-gw7sRjMFl - hsfxdev.exe
    MSConfigStartUp-x7oi3tg - gwfend.exe


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-10 10:28:21
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
    "ImagePath"="\"C:\WWW\MySQL\bin\mysqld-nt\" --defaults-file=\"C:\WWW\MySQL\my.ini\" MySQL"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WWW\Apache2\bin\httpd.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\collector.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\WINDOWS\system32\CBA\pds.exe
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\WWW\Apache2\bin\httpd.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\WWW\MySQL\bin\mysqld-nt.exe
    C:\Program Files\LANDesk\LDClient\softmon.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-10 10:33:35 - machine was rebooted [MVanlaeres]
    ComboFix-quarantined-files.txt 2008-07-10 08:33:28

    Pre-Run: 2,196,500,480 octets libres
    Post-Run: 1,623,859,200 octets libres

    245
    10 Juillet 2008 12:17:23

    Re,

    - Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Supprime C:\FOUND.000

    µ*******ù

    Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    10 Juillet 2008 12:35:49

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:33, on 2008-07-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WWW\Apache2\bin\httpd.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\collector.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\WINDOWS\system32\CBA\pds.exe
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\WWW\Apache2\bin\httpd.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\WWW\MySQL\bin\mysqld-nt.exe
    C:\Program Files\LANDesk\LDClient\softmon.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intradim/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-web.santesurf.com:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cegedimgroup;*.cegedim.grp;*.cegedim;*.cegedim.fr;*.santesurf.com;*.cegedim-srh;*.teamsweb.org;*.teamsweb.net;*.medexact.fr;128.*;172.*;*.data.fr;*.soltimfm;*.alliadis.net;*.resipfse.net;*.hospitalis.org;*.hospi-marches.com;*.hospi-marches.fr;*.cegedim-srh.com;192.168.*;*.cegedim.com;*.amispharma.fr;*.aclclub.org;*.cegedimstrategicdata.com;*.cegedim-strategic-data.com;*.cam-group.*;*.cam-partners.com;*.cegedimsd.com;*.decisionsresearch.com;*.mscegedim.com;*.reseau;192.168.*;155.94.60.143;10.248.64.242;10.229.245.128;*.*.wyeth.*;*.epartner.wyeth.com;10.0.0.*;*.juniper.*;10.229.*;10.228.*;*.drte.com;cegedim.grp;*.targetsoftware.com;*.targetmm.com;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
    O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Policies\Explorer\Run: [1] http://intradim
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://intradim
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O16 - DPF: {DC811A54-8FE7-4653-9DB6-49CEABCE705A} (MOVEitUpDownWiz Class) - https://teledistrib.cegedim.fr/COM/MOVEitUploadWizard5....
    O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://inquiero.cegedim.fr/inquiero/mod/setup/ntractive...
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O17 - HKLM\Software\..\Telephony: DomainName = cegedim.cegedimgroup
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\WWW\Apache2\bin\httpd.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
    O23 - Service: DB2 Management Service (ToadF30) (DB2MGMTSVC_ToadF30) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
    O23 - Service: DB2 Security Server (ToadF30) (DB2NTSECSERVER_ToadF30) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2sec.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
    O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LANDesk CBA8 RPC Execute - Unknown owner - C:\WINDOWS\$ldcba8$\ntremoteexec.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MySQL - Unknown owner - C:\WWW\MySQL\bin\mysqld-nt (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe

    --
    End of file - 11458 bytes
    10 Juillet 2008 13:13:54

    Re,

    Tu utilises un Proxy, un domaine ?
    Tu n'as pas d'Antivirus ?

    Si non :

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur download the latest version.
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau.
    - Contrôler automatiquement les mises à jour de CCleaner.
  • Lance le Nettoyage.
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ********************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Aide : Comment installer et utiliser AntiVir.
    10 Juillet 2008 15:25:10


    Re,
    comme c'est bizarre, il n'a rien trouvé comme virus.
    pour info : depuis le passage de combofix, j'ai constaté du mieux mais lorsque j'essaie de lancer spyboot par exemple, il me dit toujours que ce nest pas une application win32 valide.

    voici le compte rendu de Antivir.
    Merci
    Avira AntiVir Personal
    Report file date: 2008-07-10 15:10

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: MVanlaeres
    Computer name: MVANLAERES

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:58
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:38
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:24
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:42
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:22
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:46
    AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:46
    AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:46
    AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:44
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:46
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:46
    AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:44
    AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:44
    AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:44
    AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:34
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:54
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:52
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:48
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:50
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:32
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:26
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:12

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: 2008-07-10 15:10

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard\PSGuard\License\data
    [INFO] The registry entry is invisible.
    HKEY_USERS\S-1-5-21-449860374-1898712295-1848903544-2994\Software\Microsoft\Protected Storage System Provider\S-1-5-21-449860374-1898712295-1848903544-2994\data
    [INFO] The registry entry is invisible.
    '453801' objects were checked, '2' hidden objects were found.


    End of the scan: 2008-07-10 15:12
    Used time: 02:40 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    453801 Objects were scanned with rootkit scan
    2 Hidden objects were found

    10 Juillet 2008 15:34:40

    Re,

    Citation :
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off

    Tu n'as rien scanné avec AntiVir.
    Refais-le :) 

    Oui pou spybot, c'est normal, il a été endommagé par l'infection.
    Tu dois le désinstaller-réinstaller ;) 
    10 Juillet 2008 17:01:42

    effectivement le traitement est beaucoup plus long, le traitement n'est pas terminé.
    Il reste 20 % et je dois y aller.
    pour info il a trouvé 35 détections, je les mets tous en quarantaine.
    10 Juillet 2008 18:48:25

    Ok, à plus tard.
    11 Juillet 2008 09:41:06

    Bonjour, voici le compte rendu d'antivir :



    Avira AntiVir Personal
    Report file date: 2008-07-10 16:21

    Scanning for 1165085 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: MVanlaeres
    Computer name: MVANLAERES

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:58
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:38
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:24
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:42
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
    ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
    Engineversion : 8.1.0.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:22
    AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:46
    AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:46
    AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:46
    AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:44
    AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:46
    AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:46
    AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:44
    AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:44
    AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:44
    AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:34
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:54
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:52
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:48
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:50
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:32
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:26
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:12

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium
    Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: 2008-07-10 16:21

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'amclient.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'SDClientMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'fbserver.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CAP3SWK.EXE' - '1' Module(s) have been scanned
    Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
    Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
    Scan process 'SoftMon.exe' - '1' Module(s) have been scanned
    Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'CAP3RSK.EXE' - '1' Module(s) have been scanned
    Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
    Scan process 'RaMaint.exe' - '1' Module(s) have been scanned
    Scan process 'httpd.exe' - '1' Module(s) have been scanned
    Scan process 'tmcsvc.exe' - '1' Module(s) have been scanned
    Scan process 'pds.exe' - '1' Module(s) have been scanned
    Scan process 'LocalSch.EXE' - '1' Module(s) have been scanned
    Scan process 'Iap.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'fbguard.exe' - '1' Module(s) have been scanned
    Scan process 'collector.exe' - '1' Module(s) have been scanned
    Scan process 'db2mgmtsvc.exe' - '1' Module(s) have been scanned
    Scan process 'residentAgent.exe' - '1' Module(s) have been scanned
    Scan process 'ASFAgent.exe' - '1' Module(s) have been scanned
    Scan process 'httpd.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    53 processes with 53 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '16' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\boot.inx
    [DETECTION] Is the Trojan horse TR/Dldr.Del.aeq.1.A
    [NOTE] The file was moved to '48e51c30.qua'!
    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48e51c30.qua
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48e51c30.qua
    [DETECTION] Is the Trojan horse TR/Dldr.Del.aeq.1.A
    [NOTE] The file was moved to '48db1c86.qua'!
    C:\Documents and Settings\mvanlaeres\Bureau\Combo-Fix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> 327882R2FWJFW\psexec.cfexe
    [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
    --> 327882R2FWJFW\pv.cfexe
    [DETECTION] Contains detection pattern of the SPR/Tool.PV program
    [NOTE] The file was moved to '48e31d0b.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\46209807-08D6-47B8-82C7-E6C56B\C495A926-A3D6-4DA3-8D20-12B7D6
    [DETECTION] Is the Trojan horse TR/StartPage.VB.FV
    [NOTE] The file was moved to '48af1f80.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\46209807-08D6-47B8-82C7-E6C56B\8FE91FEC-97EC-485F-9950-81012B
    [DETECTION] Is the Trojan horse TR/StartPage.VB.FV
    [NOTE] The file was moved to '48bb1f94.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\301831F7-4C9B-433E-943E-C23B40\19919841-BC08-4FF2-94C4-1D6932
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.C.1
    [NOTE] The file was moved to '48af1f8a.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\301831F7-4C9B-433E-943E-C23B40\721E471C-1852-4076-816F-7F793E
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.C.1
    [NOTE] The file was moved to '48a71f85.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\301831F7-4C9B-433E-943E-C23B40\38CCDCD5-FA23-4EAA-8A76-9CA7B7
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.C.1
    [NOTE] The file was moved to '48b91f8d.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\EBB58AA6-B1DD-4D46-97F7-71F132\87DE35D8-1C84-4304-A127-6FD77E
    [DETECTION] Is the Trojan horse TR/Drop.Small.MR.1
    [NOTE] The file was moved to '48ba1f8e.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\A955603B-09AC-4D0A-A8A4-CDCB66\7277AD7E-8C94-4904-B072-6162D4
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
    [NOTE] The file was moved to '48ad1f8b.qua'!
    C:\Program Files\Microsoft AntiSpyware\Quarantine\A955603B-09AC-4D0A-A8A4-CDCB66\2AF68EE8-06FB-42BA-A835-9E1168
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
    [NOTE] The file was moved to '48bc1f9f.qua'!
    C:\Program Files\Alcohol Soft\Alcohol 120\Patch1005.exe
    [DETECTION] Contains detection pattern of the application APPL/Tpatch.P
    [NOTE] The file was moved to '48ea201a.qua'!
    C:\Program Files\ZIP PASSWORD FINDER\recover.exe
    [DETECTION] Contains detection pattern of the SPR/PSWRecover.A program
    [NOTE] The file was moved to '48d9201f.qua'!
    C:\WINDOWS\SYSTEM32\z12.exe
    [DETECTION] Is the Trojan horse TR/Small.AWA
    [NOTE] The file was moved to '48a820c5.qua'!
    C:\WINDOWS\SYSTEM32\z13.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Del.aco.5.D
    [NOTE] The file was moved to '48a920c6.qua'!
    C:\WINDOWS\SYSTEM32\z15.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Del.aco.5.B
    [NOTE] The file was moved to '48ab20c8.qua'!
    C:\WINDOWS\SYSTEM32\z16.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.agq.4
    [NOTE] The file was moved to '48ac20c8.qua'!
    C:\WINDOWS\SYSTEM32\exeha2.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.agq.4
    [NOTE] The file was moved to '48db2111.qua'!
    C:\WINDOWS\SYSTEM32\supd130404.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Esepor.m.2
    [NOTE] The file was moved to '48e62112.qua'!
    C:\WINDOWS\SYSTEM32\exeha3.exe
    [DETECTION] Is the Trojan horse TR/Dldr.CWS.ARQ.2
    [NOTE] The file was moved to '48db2116.qua'!
    C:\WINDOWS\SYSTEM32\symsvcsa.exe
    [DETECTION] Is the Trojan horse TR/PCK.Tibs
    [NOTE] The file was moved to '48e32118.qua'!
    C:\WINDOWS\SYSTEM32\sywsvcs.exe
    [DETECTION] Is the Trojan horse TR/Packed.Klone.b.1
    [NOTE] The file was moved to '48ed2118.qua'!
    C:\WINDOWS\SYSTEM32\comdlj32.dll
    [DETECTION] Is the Trojan horse TR/Rkit.Agent.BK
    [NOTE] The file was moved to '48e32115.qua'!
    C:\WINDOWS\SYSTEM32\paradise.raw.exe
    [DETECTION] Is the Trojan horse TR/Packed.Klone.b.1
    [NOTE] The file was moved to '48e8210c.qua'!
    C:\WINDOWS\SYSTEM32\taskdir.dll
    [DETECTION] Is the Trojan horse TR/Agent.BKT.1
    [NOTE] The file was moved to '48e92111.qua'!
    C:\WINDOWS\SYSTEM32\sysupd1003.exe
    [DETECTION] Is the Trojan horse TR/Clicker.Small.AN
    [NOTE] The file was moved to '48e9213a.qua'!
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dial32.exe.vir
    [DETECTION] Is the Trojan horse TR/Dialer.AY.6
    [NOTE] The file was moved to '48d72250.qua'!
    Begin scan in 'D:\'
    D:\prog\Gravure\Alcohol 120% - 1.4.7.1005 - RETAIL.rar
    [0] Archive type: RAR
    --> Alcohol 120% - 1.4.7.1005 - RETAIL\Patch\Patch1005.exe
    [DETECTION] Contains detection pattern of the application APPL/Tpatch.P
    [NOTE] The file was moved to '48d92466.qua'!
    D:\prog\Gravure\Alcohol 120% - 1.4.7.1005 - RETAIL\Alcohol 120% - 1.4.7.1005 - RETAIL\Patch\Patch1005.exe
    [DETECTION] Contains detection pattern of the application APPL/Tpatch.P
    [NOTE] The file was moved to '48ea2469.qua'!
    D:\prog\crack access\Microsoft_Access_Password_Detection_v2.1.1.0.zip
    [0] Archive type: ZIP
    --> crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
    [NOTE] The file was moved to '48d92478.qua'!
    D:\prog\crack access\Microsoft_Access_Password_Detection_v3.1.zip
    [0] Archive type: ZIP
    --> crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
    [NOTE] The file was moved to '49a74849.qua'!
    D:\prog\crack access\Access_2000_Serial.zip
    [0] Archive type: ZIP
    --> crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
    [NOTE] The file was moved to '48d92472.qua'!
    D:\prog\crack access\Access_Administrator.zip
    [0] Archive type: ZIP
    --> crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
    [NOTE] The file was moved to '48d92473.qua'!
    D:\prog\crack access\Microsoft_Access_Password_Detection_v1.2.zip
    [0] Archive type: ZIP
    --> crack.exe
    [DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
    [NOTE] The file was moved to '48d92479.qua'!
    D:\truc de mx\calcul\ScreenLock.exe
    [DETECTION] Contains detection pattern of the CIH #2c virus
    [NOTE] The file was moved to '48e82507.qua'!


    End of the scan: 2008-07-10 17:05
    Used time: 43:51 min

    The scan has been done completely.

    5273 Scanning directories
    495294 Files were scanned
    36 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    35 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    495258 Files not concerned
    4755 Archives were scanned
    4 Warnings
    35 Notes

    11 Juillet 2008 13:17:32

    Une bonne chose de faire.
    Poste un nouveau rapport HijackThis.
    Où en sont tes soucis ? ;) 
    11 Juillet 2008 14:02:12

    pour l'heure je ne constate plus de problème, mais un virus peuten cacher un autre alors méfiance.
    je souhaite installer un Spyware, pour toi quel est le plus performant et gratuit.
    pour l'heure j'ai mis Dcoteur Spyware mais il est payant.
    voici le compte rendu de HijackThis.
    Bon courage
    11 Juillet 2008 14:02:37

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:54, on 2008-07-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WWW\Apache2\bin\httpd.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\collector.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\WINDOWS\system32\CBA\pds.exe
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\WWW\Apache2\bin\httpd.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32\CAP3RSK.EXE
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
    C:\WWW\MySQL\bin\mysqld-nt.exe
    C:\Program Files\LANDesk\LDClient\softmon.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intradim/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-web.santesurf.com:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cegedimgroup;*.cegedim.grp;*.cegedim;*.cegedim.fr;*.santesurf.com;*.cegedim-srh;*.teamsweb.org;*.teamsweb.net;*.medexact.fr;128.*;172.*;*.data.fr;*.soltimfm;*.alliadis.net;*.resipfse.net;*.hospitalis.org;*.hospi-marches.com;*.hospi-marches.fr;*.cegedim-srh.com;192.168.*;*.cegedim.com;*.amispharma.fr;*.aclclub.org;*.cegedimstrategicdata.com;*.cegedim-strategic-data.com;*.cam-group.*;*.cam-partners.com;*.cegedimsd.com;*.decisionsresearch.com;*.mscegedim.com;*.reseau;192.168.*;155.94.60.143;10.248.64.242;10.229.245.128;*.*.wyeth.*;*.epartner.wyeth.com;10.0.0.*;*.juniper.*;10.229.*;10.228.*;*.drte.com;cegedim.grp;*.targetsoftware.com;*.targetmm.com;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
    O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Policies\Explorer\Run: [1] http://intradim
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://intradim
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O16 - DPF: {DC811A54-8FE7-4653-9DB6-49CEABCE705A} (MOVEitUpDownWiz Class) - https://teledistrib.cegedim.fr/COM/MOVEitUploadWizard5....
    O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://inquiero.cegedim.fr/inquiero/mod/setup/ntractive...
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O17 - HKLM\Software\..\Telephony: DomainName = cegedim.cegedimgroup
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\WWW\Apache2\bin\httpd.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
    O23 - Service: DB2 Management Service (ToadF30) (DB2MGMTSVC_ToadF30) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
    O23 - Service: DB2 Security Server (ToadF30) (DB2NTSECSERVER_ToadF30) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2sec.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
    O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LANDesk CBA8 RPC Execute - Unknown owner - C:\WINDOWS\$ldcba8$\ntremoteexec.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MySQL - Unknown owner - C:\WWW\MySQL\bin\mysqld-nt (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe

    --
    End of file - 12019 bytes
    11 Juillet 2008 14:43:37

    Tu souhaites installer un Spyware ?

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Policies\Explorer\Run: [1] http://intradim

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    ***********

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, MBAM et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Bagle, Smitfraud.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    11 Juillet 2008 16:19:35

    je peux les virer à la main les fichiers non supprimés :

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\mvanlaeres\Bureau\HijackThis.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\mvanlaeres\Bureau\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: Erreur de suppression !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: Erreur de suppression !
    12 Juillet 2008 00:14:27

    Ouaip ;) 

    C'est clean; @++
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS