Votre question

[Résolu] : hidr.exe et srosa.sys

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Février 2008 10:09:59

Mon PC est apparemment infecté avec hidr.exe et srosa.sys

Le virus a désactivé AVAST. Un redémarrage en mode sans échec fait planter le PC. Un scan avec un antispyware le fait également planter.

Merci par avance pour vos aides et conseils.

Autres pages sur : resolu hidr exe srosa sys

20 Février 2008 10:34:22

Salut,

Télécharge ELIBAGLA au bas de cette page. Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien C:\
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
20 Février 2008 10:56:23

Bonjour.

Merci de me venir en aide.

Voici le rapport :


Wed Feb 20 10:42:20 2008
EliBagle v11.02 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.02
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.02
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Wed Feb 20 10:43:58 2008
EliBagle v11.02 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP222\A0046573.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP222\A0046580.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046611.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046619.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046630.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046671.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046673.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0047671.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0048660.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0048666.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0049666.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0049672.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0050741.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0050742.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0055737.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056734.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056788.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056792.EXE --> Eliminado Bagle

Nº Total de Directorios: 10691
Nº Total de Ficheros: 129609
Nº de Ficheros Analizados: 13558
Nº de Ficheros Infectados: 19
Nº de Ficheros Limpiados: 18
Contenus similaires
Pas de réponse à votre question ? Demandez !
20 Février 2008 11:59:13

Re,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
20 Février 2008 12:40:00

Voici le rapport demandé :

ComboFix 08-02-20.2 - THINKPAD 2008-02-20 12:23:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.458 [GMT 1:00]
Endroit: C:\Documents and Settings\THINKPAD\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sdlflzoip
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\102750.exe
C:\WINDOWS\system32\drivers\down\111265.exe
C:\WINDOWS\system32\drivers\down\116515.exe
C:\WINDOWS\system32\drivers\down\121375.exe
C:\WINDOWS\system32\drivers\down\129187.exe
C:\WINDOWS\system32\drivers\down\129640.exe
C:\WINDOWS\system32\drivers\down\134156.exe
C:\WINDOWS\system32\drivers\down\138171.exe
C:\WINDOWS\system32\drivers\down\142781.exe
C:\WINDOWS\system32\drivers\down\144859.exe
C:\WINDOWS\system32\drivers\down\146468.exe
C:\WINDOWS\system32\drivers\down\147062.exe
C:\WINDOWS\system32\drivers\down\149984.exe
C:\WINDOWS\system32\drivers\down\150265.exe
C:\WINDOWS\system32\drivers\down\150390.exe
C:\WINDOWS\system32\drivers\down\151390.exe
C:\WINDOWS\system32\drivers\down\152609.exe
C:\WINDOWS\system32\drivers\down\154562.exe
C:\WINDOWS\system32\drivers\down\156140.exe
C:\WINDOWS\system32\drivers\down\156218.exe
C:\WINDOWS\system32\drivers\down\156453.exe
C:\WINDOWS\system32\drivers\down\158250.exe
C:\WINDOWS\system32\drivers\down\160921.exe
C:\WINDOWS\system32\drivers\down\161453.exe
C:\WINDOWS\system32\drivers\down\161671.exe
C:\WINDOWS\system32\drivers\down\162468.exe
C:\WINDOWS\system32\drivers\down\164578.exe
C:\WINDOWS\system32\drivers\down\167328.exe
C:\WINDOWS\system32\drivers\down\169312.exe
C:\WINDOWS\system32\drivers\down\171031.exe
C:\WINDOWS\system32\drivers\down\171484.exe
C:\WINDOWS\system32\drivers\down\173078.exe
C:\WINDOWS\system32\drivers\down\173984.exe
C:\WINDOWS\system32\drivers\down\174859.exe
C:\WINDOWS\system32\drivers\down\175171.exe
C:\WINDOWS\system32\drivers\down\176359.exe
C:\WINDOWS\system32\drivers\down\176812.exe
C:\WINDOWS\system32\drivers\down\177328.exe
C:\WINDOWS\system32\drivers\down\177437.exe
C:\WINDOWS\system32\drivers\down\178000.exe
C:\WINDOWS\system32\drivers\down\178109.exe
C:\WINDOWS\system32\drivers\down\178203.exe
C:\WINDOWS\system32\drivers\down\178843.exe
C:\WINDOWS\system32\drivers\down\181140.exe
C:\WINDOWS\system32\drivers\down\181546.exe
C:\WINDOWS\system32\drivers\down\181625.exe
C:\WINDOWS\system32\drivers\down\182703.exe
C:\WINDOWS\system32\drivers\down\182906.exe
C:\WINDOWS\system32\drivers\down\184984.exe
C:\WINDOWS\system32\drivers\down\185203.exe
C:\WINDOWS\system32\drivers\down\185359.exe
C:\WINDOWS\system32\drivers\down\185453.exe
C:\WINDOWS\system32\drivers\down\186421.exe
C:\WINDOWS\system32\drivers\down\186812.exe
C:\WINDOWS\system32\drivers\down\187046.exe
C:\WINDOWS\system32\drivers\down\187531.exe
C:\WINDOWS\system32\drivers\down\187703.exe
C:\WINDOWS\system32\drivers\down\188328.exe
C:\WINDOWS\system32\drivers\down\189468.exe
C:\WINDOWS\system32\drivers\down\189703.exe
C:\WINDOWS\system32\drivers\down\190265.exe
C:\WINDOWS\system32\drivers\down\191125.exe
C:\WINDOWS\system32\drivers\down\191640.exe
C:\WINDOWS\system32\drivers\down\192625.exe
C:\WINDOWS\system32\drivers\down\193343.exe
C:\WINDOWS\system32\drivers\down\193609.exe
C:\WINDOWS\system32\drivers\down\194093.exe
C:\WINDOWS\system32\drivers\down\194625.exe
C:\WINDOWS\system32\drivers\down\196015.exe
C:\WINDOWS\system32\drivers\down\197062.exe
C:\WINDOWS\system32\drivers\down\197468.exe
C:\WINDOWS\system32\drivers\down\197906.exe
C:\WINDOWS\system32\drivers\down\199546.exe
C:\WINDOWS\system32\drivers\down\200000.exe
C:\WINDOWS\system32\drivers\down\200328.exe
C:\WINDOWS\system32\drivers\down\200406.exe
C:\WINDOWS\system32\drivers\down\201312.exe
C:\WINDOWS\system32\drivers\down\202125.exe
C:\WINDOWS\system32\drivers\down\202890.exe
C:\WINDOWS\system32\drivers\down\203921.exe
C:\WINDOWS\system32\drivers\down\204000.exe
C:\WINDOWS\system32\drivers\down\204250.exe
C:\WINDOWS\system32\drivers\down\204531.exe
C:\WINDOWS\system32\drivers\down\204734.exe
C:\WINDOWS\system32\drivers\down\204937.exe
C:\WINDOWS\system32\drivers\down\204953.exe
C:\WINDOWS\system32\drivers\down\205281.exe
C:\WINDOWS\system32\drivers\down\206031.exe
C:\WINDOWS\system32\drivers\down\206468.exe
C:\WINDOWS\system32\drivers\down\206578.exe
C:\WINDOWS\system32\drivers\down\206687.exe
C:\WINDOWS\system32\drivers\down\206921.exe
C:\WINDOWS\system32\drivers\down\207906.exe
C:\WINDOWS\system32\drivers\down\208718.exe
C:\WINDOWS\system32\drivers\down\209609.exe
C:\WINDOWS\system32\drivers\down\209718.exe
C:\WINDOWS\system32\drivers\down\209781.exe
C:\WINDOWS\system32\drivers\down\210359.exe
C:\WINDOWS\system32\drivers\down\210703.exe
C:\WINDOWS\system32\drivers\down\211375.exe
C:\WINDOWS\system32\drivers\down\212218.exe
C:\WINDOWS\system32\drivers\down\212546.exe
C:\WINDOWS\system32\drivers\down\212968.exe
C:\WINDOWS\system32\drivers\down\213046.exe
C:\WINDOWS\system32\drivers\down\213265.exe
C:\WINDOWS\system32\drivers\down\213500.exe
C:\WINDOWS\system32\drivers\down\213671.exe
C:\WINDOWS\system32\drivers\down\214046.exe
C:\WINDOWS\system32\drivers\down\214078.exe
C:\WINDOWS\system32\drivers\down\214875.exe
C:\WINDOWS\system32\drivers\down\214906.exe
C:\WINDOWS\system32\drivers\down\215046.exe
C:\WINDOWS\system32\drivers\down\215093.exe
C:\WINDOWS\system32\drivers\down\215390.exe
C:\WINDOWS\system32\drivers\down\215515.exe
C:\WINDOWS\system32\drivers\down\215890.exe
C:\WINDOWS\system32\drivers\down\216812.exe
C:\WINDOWS\system32\drivers\down\216984.exe
C:\WINDOWS\system32\drivers\down\217859.exe
C:\WINDOWS\system32\drivers\down\218062.exe
C:\WINDOWS\system32\drivers\down\218171.exe
C:\WINDOWS\system32\drivers\down\218343.exe
C:\WINDOWS\system32\drivers\down\218421.exe
C:\WINDOWS\system32\drivers\down\218875.exe
C:\WINDOWS\system32\drivers\down\219109.exe
C:\WINDOWS\system32\drivers\down\220140.exe
C:\WINDOWS\system32\drivers\down\220375.exe
C:\WINDOWS\system32\drivers\down\220406.exe
C:\WINDOWS\system32\drivers\down\220484.exe
C:\WINDOWS\system32\drivers\down\221859.exe
C:\WINDOWS\system32\drivers\down\222296.exe
C:\WINDOWS\system32\drivers\down\223250.exe
C:\WINDOWS\system32\drivers\down\223312.exe
C:\WINDOWS\system32\drivers\down\223546.exe
C:\WINDOWS\system32\drivers\down\223640.exe
C:\WINDOWS\system32\drivers\down\223890.exe
C:\WINDOWS\system32\drivers\down\224687.exe
C:\WINDOWS\system32\drivers\down\224890.exe
C:\WINDOWS\system32\drivers\down\225078.exe
C:\WINDOWS\system32\drivers\down\226640.exe
C:\WINDOWS\system32\drivers\down\227140.exe
C:\WINDOWS\system32\drivers\down\227343.exe
C:\WINDOWS\system32\drivers\down\227656.exe
C:\WINDOWS\system32\drivers\down\228015.exe
C:\WINDOWS\system32\drivers\down\228296.exe
C:\WINDOWS\system32\drivers\down\228578.exe
C:\WINDOWS\system32\drivers\down\228671.exe
C:\WINDOWS\system32\drivers\down\228937.exe
C:\WINDOWS\system32\drivers\down\229968.exe
C:\WINDOWS\system32\drivers\down\230140.exe
C:\WINDOWS\system32\drivers\down\230609.exe
C:\WINDOWS\system32\drivers\down\230718.exe
C:\WINDOWS\system32\drivers\down\231609.exe
C:\WINDOWS\system32\drivers\down\231687.exe
C:\WINDOWS\system32\drivers\down\232156.exe
C:\WINDOWS\system32\drivers\down\232984.exe
C:\WINDOWS\system32\drivers\down\233718.exe
C:\WINDOWS\system32\drivers\down\234296.exe
C:\WINDOWS\system32\drivers\down\234390.exe
C:\WINDOWS\system32\drivers\down\236171.exe
C:\WINDOWS\system32\drivers\down\238171.exe
C:\WINDOWS\system32\drivers\down\238343.exe
C:\WINDOWS\system32\drivers\down\238375.exe
C:\WINDOWS\system32\drivers\down\239265.exe
C:\WINDOWS\system32\drivers\down\239359.exe
C:\WINDOWS\system32\drivers\down\239765.exe
C:\WINDOWS\system32\drivers\down\241546.exe
C:\WINDOWS\system32\drivers\down\241953.exe
C:\WINDOWS\system32\drivers\down\242265.exe
C:\WINDOWS\system32\drivers\down\243546.exe
C:\WINDOWS\system32\drivers\down\244500.exe
C:\WINDOWS\system32\drivers\down\244671.exe
C:\WINDOWS\system32\drivers\down\244984.exe
C:\WINDOWS\system32\drivers\down\246000.exe
C:\WINDOWS\system32\drivers\down\246406.exe
C:\WINDOWS\system32\drivers\down\246640.exe
C:\WINDOWS\system32\drivers\down\248156.exe
C:\WINDOWS\system32\drivers\down\248171.exe
C:\WINDOWS\system32\drivers\down\250093.exe
C:\WINDOWS\system32\drivers\down\250765.exe
C:\WINDOWS\system32\drivers\down\251796.exe
C:\WINDOWS\system32\drivers\down\252062.exe
C:\WINDOWS\system32\drivers\down\252609.exe
C:\WINDOWS\system32\drivers\down\253625.exe
C:\WINDOWS\system32\drivers\down\254093.exe
C:\WINDOWS\system32\drivers\down\254312.exe
C:\WINDOWS\system32\drivers\down\255484.exe
C:\WINDOWS\system32\drivers\down\255609.exe
C:\WINDOWS\system32\drivers\down\257984.exe
C:\WINDOWS\system32\drivers\down\258718.exe
C:\WINDOWS\system32\drivers\down\258750.exe
C:\WINDOWS\system32\drivers\down\259656.exe
C:\WINDOWS\system32\drivers\down\260062.exe
C:\WINDOWS\system32\drivers\down\260859.exe
C:\WINDOWS\system32\drivers\down\262015.exe
C:\WINDOWS\system32\drivers\down\262125.exe
C:\WINDOWS\system32\drivers\down\262593.exe
C:\WINDOWS\system32\drivers\down\263265.exe
C:\WINDOWS\system32\drivers\down\265531.exe
C:\WINDOWS\system32\drivers\down\265640.exe
C:\WINDOWS\system32\drivers\down\267968.exe
C:\WINDOWS\system32\drivers\down\273484.exe
C:\WINDOWS\system32\drivers\down\277468.exe
C:\WINDOWS\system32\drivers\down\277484.exe
C:\WINDOWS\system32\drivers\down\279250.exe
C:\WINDOWS\system32\drivers\down\281281.exe
C:\WINDOWS\system32\drivers\down\286203.exe
C:\WINDOWS\system32\drivers\down\289312.exe
C:\WINDOWS\system32\drivers\down\290328.exe
C:\WINDOWS\system32\drivers\down\294687.exe
C:\WINDOWS\system32\drivers\down\295156.exe
C:\WINDOWS\system32\drivers\down\302843.exe
C:\WINDOWS\system32\drivers\down\303640.exe
C:\WINDOWS\system32\drivers\down\307609.exe
C:\WINDOWS\system32\drivers\down\308281.exe
C:\WINDOWS\system32\drivers\down\317578.exe
C:\WINDOWS\system32\drivers\down\322718.exe
C:\WINDOWS\system32\drivers\down\324078.exe
C:\WINDOWS\system32\drivers\down\338625.exe
C:\WINDOWS\system32\drivers\down\346875.exe
C:\WINDOWS\system32\drivers\down\354250.exe
C:\WINDOWS\system32\drivers\down\357953.exe
C:\WINDOWS\system32\drivers\down\386140.exe
C:\WINDOWS\system32\drivers\down\389515.exe
C:\WINDOWS\system32\drivers\down\391109.exe
C:\WINDOWS\system32\drivers\down\392562.exe
C:\WINDOWS\system32\drivers\down\394796.exe
C:\WINDOWS\system32\drivers\down\398531.exe
C:\WINDOWS\system32\drivers\down\401718.exe
C:\WINDOWS\system32\drivers\down\455812.exe
C:\WINDOWS\system32\drivers\down\497875.exe
C:\WINDOWS\system32\drivers\down\562062.exe
C:\WINDOWS\system32\drivers\down\567890.exe
C:\WINDOWS\system32\drivers\down\572484.exe
C:\WINDOWS\system32\drivers\down\595781.exe
C:\WINDOWS\system32\drivers\down\596234.exe
C:\WINDOWS\system32\drivers\down\604671.exe
C:\WINDOWS\system32\drivers\down\608515.exe
C:\WINDOWS\system32\drivers\down\612203.exe
C:\WINDOWS\system32\drivers\down\617031.exe
C:\WINDOWS\system32\drivers\down\626171.exe
C:\WINDOWS\system32\drivers\down\632328.exe
C:\WINDOWS\system32\drivers\down\633546.exe
C:\WINDOWS\system32\drivers\down\637593.exe
C:\WINDOWS\system32\drivers\down\638578.exe
C:\WINDOWS\system32\drivers\down\645531.exe
C:\WINDOWS\system32\drivers\down\653515.exe
C:\WINDOWS\system32\drivers\down\709437.exe
C:\WINDOWS\system32\drivers\down\98281.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

2008-02-20 12:31 . 2008-02-20 12:31 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-02-20 10:42 . 2008-02-20 10:42 <REP> d-------- C:\Muestras
2008-02-20 10:28 . 2008-02-20 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-02-19 23:37 . 2008-02-19 23:37 <REP> d-------- C:\_OTMoveIt
2008-02-19 22:50 . 2008-02-20 09:12 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-19 22:50 . 2008-02-19 22:50 <REP> d-------- C:\Documents and Settings\THINKPAD\Application Data\SUPERAntiSpyware.com
2008-02-19 22:50 . 2008-02-19 22:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-19 21:28 . 2008-02-19 21:29 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-18 10:42 . 2008-02-18 10:42 611,212 --a------ C:\FRAGLIST.HTM
2008-02-18 10:14 . 2008-02-18 10:14 <REP> d-------- C:\Program Files\UltraDefrag
2008-02-15 17:23 . 2008-02-15 17:23 4,608 --a------ C:\WINDOWS\system32\agtdtoac.dll
2008-02-15 15:47 . 2008-02-18 10:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 17:54 . 2008-02-05 17:54 <REP> d-------- C:\Program Files\WOCAR
2008-02-05 17:54 . 2008-02-06 00:55 3,204 --a------ C:\WINDOWS\WOCAR2.INI
2008-02-05 17:53 . 1996-02-02 20:58 284,160 --a------ C:\WINDOWS\uninst.exe
2008-02-05 17:44 . 2008-02-05 17:44 <REP> d-------- C:\Documents and Settings\THINKPAD\WINDOWS
2008-01-28 16:27 . 2008-01-28 16:27 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-22 17:33 . 2008-02-14 23:33 <REP> d-------- C:\Documents and Settings\THINKPAD\Application Data\HP
2008-01-22 17:30 . 2008-01-22 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-22 17:21 . 2008-01-22 17:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-22 17:19 . 2008-01-22 17:20 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-01-22 17:16 . 2008-01-22 17:16 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-01-22 17:16 . 2008-01-22 17:16 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-22 17:14 . 2006-04-13 01:02 827,392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
2008-01-22 17:14 . 2006-04-13 01:02 659,456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
2008-01-22 17:14 . 2006-04-13 01:02 254,026 -ra------ C:\WINDOWS\system32\hpovst09.dll
2008-01-22 17:14 . 2006-01-04 10:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-01-22 17:14 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2008-01-22 17:14 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-01-22 17:14 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-01-22 17:14 . 2008-01-22 17:14 686 --a------ C:\WINDOWS\hpntwksetup.ini
2008-01-22 17:14 . 2008-01-22 17:14 161 --a------ C:\WINDOWS\system32\AddPort.ini
2008-01-22 17:12 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-22 17:12 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-01-22 17:12 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-01-22 17:12 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-01-22 17:12 . 2007-08-09 08:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-01-22 17:12 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-01-22 17:12 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-01-22 17:11 . 2008-01-22 17:17 <REP> d-------- C:\Program Files\HP
2008-01-22 17:10 . 2008-01-22 17:34 128,606 --a------ C:\WINDOWS\hpoins11.dat
2008-01-21 00:43 . 2008-01-21 00:44 <REP> d-------- C:\Documents and Settings\THINKPAD\Application Data\SecondLife
2008-01-21 00:42 . 2008-01-21 00:52 <REP> d-------- C:\Program Files\SecondLifeWindLight

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 23:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 23:39 --------- d-----w C:\Program Files\Google
2008-02-19 23:34 --------- d-----w C:\Program Files\AgentWebRanking PRO
2008-02-19 23:33 --------- d-----w C:\Program Files\ABC Amber DBF Converter
2008-02-19 21:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-19 19:53 --------- d-----w C:\Program Files\eMule
2008-02-16 21:31 --------- d-----w C:\Documents and Settings\THINKPAD\Application Data\dvdcss
2008-02-09 01:09 --------- d-----w C:\Program Files\MSN Messenger
2008-01-28 15:44 --------- d-----w C:\Program Files\epson
2008-01-28 15:40 --------- d-----w C:\Program Files\Submitic
2008-01-28 15:38 --------- d-----w C:\Program Files\MaCuisineLapeyre
2008-01-28 15:38 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-28 15:37 --------- d-----w C:\Program Files\iMagic Restaurant Reservation
2008-01-08 15:07 --------- d-----w C:\Program Files\SkyTeam Travel Timetable
2008-01-02 22:05 --------- d-----w C:\Documents and Settings\THINKPAD\Application Data\IBP
2007-12-22 20:50 23,552 ----a-w C:\WINDOWS\system32\drivers\ultradfg.sys
2006-07-27 10:17 20,800 ----a-w C:\Documents and Settings\THINKPAD\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-09-09 01:03 728321]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"amsg"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-08-01 20:36 475136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 09:48 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 09:48 512000]
"TpShocks"="TpShocks.exe" [2005-08-22 18:29 86016 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 00:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-31 01:20 237568]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 09:19 94208]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-21 20:00 344064]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-23 01:02 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-08-01 20:36 475136]
"ISUSPM Startup"="c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"cssauth"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-02 17:52 1988144]
"PDService.exe"="C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 14:22 49152]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 15:11 196696]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-13 00:15 196608]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-13 00:15 208896]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 15:28 868352]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 18:14 35328]
"IBM Warranty Notification"="C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe" [2004-03-12 17:24 106496]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 18:36 536576]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-05-17 10:46 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-05-17 10:41 126976]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-20 09:25 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-13 23:32 185896]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 04:20 122940]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 14:06 716800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 04:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-08 17:08 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 22:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-06-06 10:59]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 08:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 10:24]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 10:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-04-13 00:15]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-08-02 17:15]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 07:26]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-08-02 16:47]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Fichiers communs\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-08 17:01]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-08 16:41]
S0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-08 12:48]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-12-22 21:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1015a61-fd47-11db-8bcf-00166f03d006}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL thunbs.db
\Shell\´ò¿ª(&O)\command - E:\thunbs.db

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6851d8-718e-11dc-8caa-00166f03d006}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-07 07:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-20 11:31:00 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 12:31:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-20 12:36:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 11:36:21
.
2008-02-13 09:05:05 --- E O F ---
20 Février 2008 12:52:27

Re,

Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
Autorise les active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
20 Février 2008 15:07:59

Re,

Voici le rapport Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 20, 2008 3:07:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 573496
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 116800
Number of viruses found: 5
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 01:40:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\THINKPAD\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped
C:\Documents and Settings\THINKPAD\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\THINKPAD\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\Microsoft\Outlook\GenerationShopping.pst Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\Microsoft\Outlook\ManuPerso.pst Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Historique\History.IE5\MSHist012008022020080221\index.dat Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Temp\~DF79A0.tmp Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Temp\~DF9F94.tmp Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\THINKPAD\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\THINKPAD\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\THINKPAD\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102750.exe.vir Infected: Trojan.Win32.Pakes.bwy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\111265.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\116515.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\121375.exe.vir Infected: Trojan.Win32.Pakes.bwy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129187.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129640.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134156.exe.vir Infected: Trojan.Win32.Pakes.bwy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\147062.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\161671.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\497875.exe.vir Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\98281.exe.vir Infected: Trojan.Win32.Pakes.bwy skipped
C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP200\A0042077.exe/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP200\A0042077.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP200\A0042077.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP222\A0046511.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046632.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0047672.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056815.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056816.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056817.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056818.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056819.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056820.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056821.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056822.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056823.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056824.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056825.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056837.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056838.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056839.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056840.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056841.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056842.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056843.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056848.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056861.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0057067.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0057085.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_730.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
20 Février 2008 15:51:38

Dois-je exécuté l'utilitaire Symantec, même si je n'utilise aucun logiciel Norton ??
20 Février 2008 16:07:36

Oui, il y a des restes de Symantec sur ton ordi ;) 
20 Février 2008 16:13:38

Ok. Utilitaire Symantec exécuté, et rapport Hijackthis ci-dessous :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:24, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spinpalace/FlashAX.c...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421EB50-A251-4184-BAB0-4769EC0DD8AA}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14429 bytes
20 Février 2008 16:16:11

Tu n'as plus d'antivirus ?

Si c'est le cas :

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
20 Février 2008 19:06:17

Tout est fait. Voir rapport Antivir ci-dessous.

Le virus a l'air d'avoir été éradiqué, mais il reste un symptome qui persiste : à chaque ouverture de nouvelle fenêtre ou onglet IE, celle-ci reste figé pendant 1 à 2 minutes avant que je ne puisse l'utiliser. En revanche, lorsque la fenêtre n'est plus figée et que je navigue à l'intérieur d'un même site, c'est parfaitement fluide... et dès que je clique sur un lien pointant sur un autre site, c'est reparti pour 1 ou 2 minutes d'attente avant qu'elle ne se charge.

Penses-tu que cela puisse un "cadeau" résiduel du virus ?

Le rapport AntiVir :



AntiVir PersonalEdition Classic
Report file date: mercredi 20 février 2008 17:12

Scanning for 1118450 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: LENOVO-FDFBD262

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:12:00
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 16:12:00
ANTIVIR3.VDF : 7.0.2.169 308736 Bytes 20/02/2008 16:12:00
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 20/02/2008 16:12:01
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 20/02/2008 16:12:01
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 20 février 2008 17:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'HPZinw12.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqnrs08.exe' - '1' Module(s) have been scanned
Scan process 'pwmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ACWLIcon.exe' - '1' Module(s) have been scanned
Scan process 'AcMurocHlpr.exe' - '1' Module(s) have been scanned
Scan process 'ACTray.exe' - '1' Module(s) have been scanned
Scan process 'scheduler_proxy.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'pdservice.exe' - '1' Module(s) have been scanned
Scan process 'cssauth.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'AMSG.EXE' - '1' Module(s) have been scanned
Scan process 'LPMGR.EXE' - '1' Module(s) have been scanned
Scan process 'TpScrex.exe' - '1' Module(s) have been scanned
Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned
Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned
Scan process 'EZEJMNAP.EXE' - '1' Module(s) have been scanned
Scan process 'TpShocks.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SvcGuiHlpr.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'AcSvc.exe' - '1' Module(s) have been scanned
Scan process 'tvtsched.exe' - '1' Module(s) have been scanned
Scan process 'rrservice.exe' - '1' Module(s) have been scanned
Scan process 'ibmtcsd.exe' - '1' Module(s) have been scanned
Scan process 'TpKmpSvc.exe' - '1' Module(s) have been scanned
Scan process 'TPHDEXLG.exe' - '1' Module(s) have been scanned
Scan process 'SUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AcPrfMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'IPSSVC.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
81 processes with 81 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '71' files ).


Starting the file scan:

Begin scan in 'C:\' <IBM_PRELOAD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.02
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102750.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\111265.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\116515.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\121375.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129187.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129640.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134156.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146468.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\147062.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\161671.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\169312.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\191125.exe.vir
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\497875.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\98281.exe.vir
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP221\A0046444.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP222\A0046511.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP222\A0046512.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP222\A0046528.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP222\A0046561.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046632.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046634.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP223\A0046667.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0047667.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0047668.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0047672.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0048648.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0049648.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0049685.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0050685.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP224\A0050720.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP225\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP226\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP227\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0055717.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056716.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056770.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056815.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056816.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056817.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056818.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056819.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056820.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056821.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056822.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056823.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056824.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\A0056825.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP228\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056837.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056838.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056839.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056840.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056841.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056842.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056843.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056847.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056848.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056861.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056865.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0056898.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0057067.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP229\A0057085.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\srosa.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!


End of the scan: mercredi 20 février 2008 18:29
Used time: 1:16:55 min

The scan has been done completely.

10092 Scanning directories
379332 Files were scanned
64 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
64 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
379268 Files not concerned
8773 Archives were scanned
2 Warnings
6 Notes
20 Février 2008 20:18:37

On va voir si ça s'améliore.

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
20 Février 2008 20:38:47

Re, et merci.

Voici le rapport Clean :

20/02/2008 a 20:35:30,20

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\tphklock.dll FOUND

*** Recherche des fichiers dans C:\Program Files
20 Février 2008 21:52:00

Re,

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
21 Février 2008 08:24:32

Re.

Voici le rapport AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08:01:20 21/02/2008

+ Résultat de l'analyse:



C:\Documents and Settings\THINKPAD\Bureau\EliBaglA.exe -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\AceBIT\Hello Engines! Standard 4\HTML\20070520\ParisGourmandcom le WebMagazine de lArt de V\Linksindex.html -> Not-A-Virus.Exploit.HTML.Mht : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\THINKPAD\Cookies\thinkpad@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.


Fin du rapport

21 Février 2008 08:25:32

...et le rapport Clean :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 21/02/2008 a 8:02:46,70

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\tphklock.dll
Impossible de supprimer C:\WINDOWS\system32\tphklock.dll

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
21 Février 2008 13:20:28

Re,

Reposte un Hijackthis.
21 Février 2008 13:50:15

Re,

Voici le nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:27, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\THINKPAD\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\THINKPAD\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spinpalace/FlashAX.c...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421EB50-A251-4184-BAB0-4769EC0DD8AA}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

--
End of file - 15554 bytes
21 Février 2008 14:06:13

Re,

Plus de problèmes ?

Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

Puis Fix Checked !

********

Télécharge ToolsCleaner2( de A.Rothstein)

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter],
Poste ce rapport ~>C:\TCleaner.txt<~

Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Bagle

Puis regarde ce dossier :

Sécurité/Prévention
21 Février 2008 14:46:35

Voici le rapport ToolsCleaner2

-->- Recherche:

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\HijackThis: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\MsnFix: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\tar.exe: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\remove.reg: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\pskill.exe: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\LFiles.exe: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\gzip.exe: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\delr.cmd: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\del3.cmd: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\del2.cmd: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\clean.cmd: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\cherche.cmd: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\HiJackThis\HijackThis.exe: trouvé !
C:\Documents and Settings\THINKPAD\Bureau\MSNFix\MsnFix: trouvé !
C:\Program Files\ThinkPad\Bluetooth Software\gzip.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\upload_moi_LENOVO-FDFBD262\Qoobox: trouvé !
C:\upload_moi_LENOVO-FDFBD262\_OtMoveIt: trouvé !
C:\upload_moi_LENOVO-FDFBD262\qoobox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\tar.exe: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\remove.reg: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\pskill.exe: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\LFiles.exe: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\gzip.exe: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\delr.cmd: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\del3.cmd: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\del2.cmd: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\clean.cmd: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\clean\clean\cherche.cmd: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\HiJackThis\HijackThis.exe: supprimé !
C:\Program Files\ThinkPad\Bluetooth Software\gzip.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\HijackThis: supprimé !
C:\Documents and Settings\THINKPAD\Bureau\MsnFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\upload_moi_LENOVO-FDFBD262\Qoobox: supprimé !
C:\upload_moi_LENOVO-FDFBD262\_OtMoveIt: supprimé !
21 Février 2008 14:52:20

Pour répondre à ton autre question "Plus de problèmes ?", mon PC semble refonctionner normalement, hormis :

- Internet Explorer, qui continue à être pratiquement inutilisable (j'ai installé Firefox qui fonctionne quant à lui parfaitement bien).
- Le firewall de windows que je suis obligé de réactiver à chaque démarrage, car il se désactive systématiquement.

Pour internet explorer, penses-tu que je doive le désinstaller, puis le réinstaller ?

Pour le Firewall, je crois que j'utilisais auparavant celui de Avast (je n'en suis pas certain). Est-ce que je cours un risque à réutiliser mon PC sans aucun pare-feu ?

En tous les cas, je t'adresse un grand merci pour ton aide précieuse.
21 Février 2008 15:56:14

Je ne vois pas d'autre infection présente pourtant et Bagle semble avoir été complètement éradiqué.

Essaie de désinstaller/réinstaller IE7 ouais.

Avast n'a pas de Firewall, il est préférable que tu aies un parefeu en effet, pas normal que celui-ci se désactive...
Désactive-le.

Installe un parefeu :
Je t'en propose plusieurs :
Sygate, Oupost, Kerio, ou encore Zone Alarm, etc ....
Désactive le parefeu de Windows après avoir installé un nouveau parefeu
Tuto.
21 Février 2008 19:10:20

Bonsoir.

- je n'ai plus de bugs liés à Bagle
- j'ai réinstallé IE7, et tout est OK
- j'ai installé Zone Alarm et il n'a pas l'air de trop ralentir le surf
- tout mon système a l'air clean

Je t'adresse un grand merci pour ton aide et pour ta patience.
21 Février 2008 19:45:47

Okay, de rien et bonne soirée ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS