Se connecter / S'enregistrer
Votre question

Pb avast, ca sent le virus (RESOLU)

Tags :
  • Avast
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Novembre 2007 11:06:28

Bonjour a tous,

Depuis hier avast ne fonctionne plus, j'ai du le desisntaller avec l'utilitaire sur le site, mais impossible de le reinstaller...
le fichier ashServ.exe, avast.exe ont disparu et il ya un souci avec ashShell.dll
En navigant sur la tiole j en ai deduit que j'avais surement chope un virus ou malware...
j'ai utilise hijackthis mais je ne sais pas le lire
Quelqu un peut il m'aider? parce que je ne peux pas rester sans antivirus bien longtemps....
merci d'avance

Logfile of HijackThis v1.99.1
Scan saved at 5:53:21 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\temp\LOCK.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.add-ons.mozilla.com/fr/thunderbird/2.0.0.6/d...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Autres pages sur : avast sent virus resolu

2 Novembre 2007 11:23:24

bonjour

tu va essayer d'installer antivir, si ça ne marche pas, on penchera pour le virus bagle.

enlève les restes d'Avast!:

télécharge Antivir.

-->Tuto<--

fais un scan avec et poste le rapport

Pourquoi changer ? : Avast! vs Antivir
2 Novembre 2007 11:36:46

merci de ta reponse rapide!!!

Je telecharge antivir comme conseille,
mais je suis base en Chine et c'est horriblement long
Je reviens vers toi des que c'est fait (a mon avis d'ici 2heures!!!)
Contenus similaires
2 Novembre 2007 13:07:17

Re

Alors j'ai telecharge antivir comme tu l'as dit
mais il refuse d'etre installe, donc je ne peux meme pas faire de scans...
le message d'erreur est le suivant:
"Some files could not be created
close all applications, reboot and restart this installation"
Et puis avec le temps que j ai mis a le telecharger, j ai du en attraper des trucs malicieux...Snif
c'est grave docteur, qu'est ce qui va pas?????
2 Novembre 2007 20:23:06

bonsoir

on va vite ête fixés...


Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

ajoute un nouveau rapport Hijackthis.




3 Novembre 2007 06:03:55

Bonjour,
Donc j ai suivi tes instructions voici le rapport combofix
ComboFix 07-11-01.1** - Administrator 2007-11-03 12:55:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1443 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\exefld
C:\WINDOWS\exefld\157546.exe
C:\WINDOWS\exefld\46408171.exe
C:\WINDOWS\exefld\60824843.exe
C:\WINDOWS\exefld\74843.exe
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 12:54 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 06:47 11,776 --a--c--- C:\WINDOWS\system32\dllcache\chkdsk.exe
2007-11-03 06:47 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2007-11-02 21:37 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-02 19:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-02 19:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-11-02 19:52 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-02 19:52 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-02 19:52 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-02 19:52 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-02 19:18 <DIR> d-------- C:\Program Files\SOTI
2007-11-02 18:47 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-02 17:30 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-02 15:54 2,137,600 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-11-02 15:54 2,137,600 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-01 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-01 12:51 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-11-01 12:51 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-11-01 12:50 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-11-01 12:24 <DIR> d-------- C:\Program Files\Borland
2007-11-01 12:24 244,984 --a------ C:\WINDOWS\system32\Tutil32.dll
2007-11-01 12:23 <DIR> d-------- C:\CPPRO
2007-11-01 12:03 20 --a------ C:\WINDOWS\NaxMXTg.dat
2007-11-01 11:56 <DIR> d-------- C:\pvswarch
2007-11-01 11:56 <DIR> d-------- C:\PVSW
2007-11-01 11:56 <DIR> d-------- C:\Program Files\Common Files\Pervasive Software Shared
2007-11-01 11:56 146,976 --a------ C:\WINDOWS\system32\mfcoleui.dll
2007-11-01 11:56 43,760 --a------ C:\WINDOWS\system32\nwlocale.dll
2007-11-01 11:56 19,456 --a------ C:\WINDOWS\keyhh.exe
2007-11-01 11:52 <DIR> d-------- C:\Program Files\Maximizer
2007-11-01 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Maximizer
2007-11-01 11:47 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-31 19:52 <DIR> d-------- C:\Program Files\Ontrack
2007-10-24 06:41 <DIR> d-------- C:\Program Files\IrfanView
2007-10-23 01:55 51,496 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-10-19 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-19 05:55 <DIR> d-------- C:\Program Files\iPod
2007-10-18 15:52 <DIR> d-------- C:\Program Files\Windows Live
2007-10-18 15:52 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-10-17 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-17 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2007-10-17 12:41 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-10-17 12:41 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-10-17 12:36 <DIR> d-------- C:\Program Files\Bonjour
2007-10-17 12:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-17 08:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-16 09:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ectaco
2007-10-16 08:50 <DIR> d-------- C:\Program Files\SetupWuYuYo
2007-10-15 12:25 <DIR> d-------- C:\Program Files\LingvoSoft
2007-10-12 13:31 <DIR> d-------- C:\Program Files\Aspecto Software
2007-10-12 11:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-12 11:20 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-10-12 10:33 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-12 10:33 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-10-12 10:33 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-10-12 04:33 <DIR> d-------- C:\WINDOWS\Sun
2007-10-11 07:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Interact Commerce
2007-10-11 07:14 <DIR> d-------- C:\Program Files\ACT
2007-10-11 07:14 307,200 --------- C:\WINDOWS\IsUninstAct.exe
2007-10-11 07:14 192,512 --a------ C:\WINDOWS\system32\EmailShared.dll
2007-10-11 07:14 133,904 --------- C:\WINDOWS\system32\mfcans32.dll
2007-10-11 07:14 109,056 --------- C:\WINDOWS\system32\mfcuiw32.dll
2007-10-11 07:14 108,032 --------- C:\WINDOWS\system32\mfcuia32.dll
2007-10-11 07:13 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-10-10 21:35 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-08 09:31 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-10-06 16:26 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-10-06 16:26 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-10-06 16:26 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-10-06 16:26 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-10-06 16:26 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-10-06 16:26 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-10-06 16:26 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-10-06 16:26 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-10-06 16:26 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-10-06 16:14 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-10-06 16:14 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-05 09:53 <DIR> d-------- C:\Program Files\Java
2007-10-05 09:52 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-03 12:28 <DIR> d-------- C:\Program Files\PDFCreator
2007-10-03 12:28 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-10-03 12:28 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 04:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-11-02 22:16 --------- d-----w C:\Program Files\eMule
2007-11-02 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-02 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 03:56 190 ----a-w C:\Program Files\Common Files\psasetup.log
2007-10-18 21:55 --------- d-----w C:\Program Files\iTunes
2007-10-18 07:52 --------- d-----w C:\Program Files\MSN Messenger
2007-10-18 02:29 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-12 03:51 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-11 20:49 --------- d-----w C:\Program Files\Skype
2007-10-10 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-08 01:31 --------- d-----w C:\Program Files\Picasa2
2007-10-03 05:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-10-02 02:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
2007-10-01 19:02 --------- d-----w C:\Program Files\Microsoft Works
2007-10-01 18:57 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-01 17:20 --------- d-----w C:\Program Files\WinAce
2007-10-01 11:07 --------- d-----w C:\Program Files\Google
2007-10-01 10:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-10-01 10:16 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-10-01 10:15 --------- d-----w C:\Program Files\VideoLAN
2007-10-01 10:14 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-01 10:10 --------- d-----w C:\Program Files\SuperCopier
2007-10-01 07:54 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-01 05:55 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-01 05:55 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-01 05:50 --------- d-----w C:\Program Files\Logitech
2007-10-01 05:50 --------- d-----w C:\Program Files\Common Files\Logitech
2007-10-01 05:49 --------- d-----w C:\Program Files\Common Files\LogiShrd
2007-10-01 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-01 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-10-01 05:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-01 05:28 --------- d-----w C:\Program Files\TechSmith
2007-10-01 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2007-10-01 05:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 05:12 --------- d-----w C:\Program Files\QuickTime
2007-10-01 05:12 --------- d-----w C:\Program Files\Apple Software Update
2007-10-01 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-01 05:11 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-01 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-01 05:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-01 05:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-10-01 05:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-10-01 05:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Logitech
2007-10-01 05:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-10-01 05:02 --------- d-----w C:\Program Files\Common Files\Skype
2007-10-01 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-01 04:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thunderbird
2007-10-01 04:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2007-10-01 04:16 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-10-01 04:13 --------- d-----w C:\Program Files\ATI Technologies
2007-10-01 04:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-01 04:04 --------- d-----w C:\Program Files\Realtek
2007-10-01 04:00 --------- d-----w C:\Program Files\ASUS
2007-10-01 03:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-01 03:50 --------- d-----w C:\Program Files\Intel
2007-10-01 03:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-01 03:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-12 00:23 4,614,656 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-09-11 23:54 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-22 04:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-08-22 02:07 268,800 ------w C:\WINDOWS\system32\ati2dvag.dll
2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-08-22 01:47 3,091,392 ------w C:\WINDOWS\system32\ati3duag.dll
2007-08-22 01:35 1,586,816 ------w C:\WINDOWS\system32\ativvaxx.dll
2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-08-22 01:11 450,560 ------w C:\WINDOWS\system32\ati2cqag.dll
2007-08-21 06:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-03 20:22 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-13 22:25]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-12 07:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-04 04:22 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-11 03:35]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 18:06]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-12 06:32 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 21:24]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-20 08:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-09 06:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-09 06:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-02 01:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 16:11]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-27 05:42]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-05-25 13:18]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:32]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-14 04:31]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-09 05:44]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-20 03:55]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2004-06-11 01:03]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-14 04:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-01 13:06:14]
Outil de mise à jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-01 12:43:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 02:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-02 10:47:17 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 12:58:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 12:59:39 - machine was rebooted
.
--- E O F ---


et voici le nouveau rapport hijickthis

Logfile of HijackThis v1.99.1
Scan saved at 1:03:00 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.add-ons.mozilla.com/fr/thunderbird/2.0.0.6/d...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

j'espere que tu pourras mem dire d'ou ca vient parce que ca craint pour le moment...
Merci beaucoup
3 Novembre 2007 09:05:14

bonjour

c'est bien bagle
http://www.viruslist.com/en/viruses/encyclopedia?virusi...



~Télécharge Elibagla sur cette page :
http://www.zonavirus.com/datos/descargas/95/elibagla.as...

Tu trouveras le programme à télécharger tout en bas de la page :,
clique sur escargar Elibagla 10.66

Enregistre ce fichier sur le bureau
Va sur ton bureau et double-clic sur Elibagla.exe
La case "eliminar ficheros automaticamente" doit être cochée
Clique sur"explorar" et laisse-le travailler
~Poste le rapport final qui sera dans c:\infosat.txt

réinstalle ton antivirus
3 Novembre 2007 10:18:50

Rebonjour
Merci de tes indications, voici le post donne par Elibagla...
J'avais bien le virus Bagle, j'ai remis Antivir plutot que Avast
mais la mise a jour est super lente depuis la Chine...


Sat Nov 03 16:39:13 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Sat Nov 03 16:39:35 2007
EliBagle v10.66 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Picasa2\PICASAMEDIADETECTOR.EXE --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\exefld\46408171.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\exefld\60824843.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\system32\WINTEMS.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\HIDR.EXE.VIR --> Eliminado Bagle
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\SROSA.SYS.VIR --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 7566
Nº Total de Ficheros: 68141
Nº de Ficheros Analizados: 9158
Nº de Ficheros Infectados: 6
Nº de Ficheros Limpiados: 6

Dis moi si je dois faire quelque chose encore ou si c 'est bon et bien repare...
Je te remercie en tout cas de ta promptitude et de ta disponibilite: on n'irait pas bien loin sans des mecs comme toi!!!
Xei xei ni!
3 Novembre 2007 18:14:15

bonsoir

Citation :
Xei xei ni!

tu peux me traduire stp ;) 

ça me semble curieux que tu ait accès aux forums français depuis la chine, je pensait qu'il y avait un black out.
tu as accès à tous les sites fançais?
+++++++++

fais un scan avec antivir et poste le rapport
4 Novembre 2007 16:17:38

Salut
ca veut dire merci a toi en chinois...
En fait depuis la chine tu as acces a pas mal de site francais normaux, ils bloquent surtout les blogs et les sites genre dailymotion...
mais sinon pr le moment j accede a presque tout.
Je te poste 2 rapports d'antivir ( ca a l'air tres bien ce logiciel)
Le 1er juste apres l'installation



AntiVir PersonalEdition Classic
Report file date: Saturday, November 03, 2007 18:09

Scanning for 913479 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC-GUILHEM

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 06:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 05:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 08:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 05:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 09:28:49
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 09:28:49
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 10/26/2007 09:28:49
ANTIVIR3.VDF : 7.0.0.165 129536 Bytes 11/2/2007 09:28:49
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 11/3/2007 09:28:49
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 03:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 00:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 06:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 01:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 00:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 05:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 00:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 04:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 05:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 05:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 02:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, November 03, 2007 18:09

Starting search for hidden objects.
'42725' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\' <ROOT BOX>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP71\A0011249.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0011942.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0011953.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4de4.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0011969.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '425f90cd.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0012029.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4de5.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0012062.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4de6.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0012159.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4de8.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0012196.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4de9.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0013172.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '425f90c2.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0013235.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4deb.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0013336.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4ded.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0013373.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4dee.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0013397.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4def.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0013453.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4df0.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP74\A0013512.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4df2.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP75\A0013538.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4df4.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP75\A0013547.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4df5.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP75\A0013655.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4df7.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP75\A0013662.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4df8.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP75\A0013676.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '425f90d1.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP75\A0013704.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4df9.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP75\A0013742.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4dfa.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP76\A0014742.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4dfc.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP76\A0014849.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4dfe.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP76\A0014893.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4e00.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP76\A0015042.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4e36.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP77\A0015055.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.STG
[INFO] The file was moved to '475c4e37.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP77\A0015056.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.STG
[INFO] The file was moved to '425f9310.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP77\A0015059.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '475c4e38.qua'!
C:\System Volume Information\_restore{227120EA-0650-4221-A845-E014551D05FA}\RP77\A0015060.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.STG
[INFO] The file was moved to '425f9311.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <STOCK BOX>
Begin scan in 'F:\' <DATA BOX>


End of the scan: Saturday, November 03, 2007 18:51
Used time: 42:06 min

The scan has been done completely.

10662 Scanning directories
281272 Files were scanned
30 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
28 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
281242 Files not concerned
3586 Archives were scanned
2 Warnings
42 Notes
42725 Objects were scanned with rootkit scan
0 Hidden objects were found


Le deuxieme quelques heures apres pour tere sur que tout ait ete degage



AntiVir PersonalEdition Classic
Report file date: Saturday, November 03, 2007 19:02

Scanning for 913479 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC-GUILHEM

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 06:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 05:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 08:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 05:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 09:28:49
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 09:28:49
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 10/26/2007 09:28:49
ANTIVIR3.VDF : 7.0.0.165 129536 Bytes 11/2/2007 09:28:49
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 11/3/2007 09:28:49
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 03:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 00:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 06:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 01:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 00:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 05:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 00:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 04:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 05:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 05:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 02:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, November 03, 2007 19:02

Starting search for hidden objects.
'42615' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\' <ROOT BOX>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <STOCK BOX>
Begin scan in 'F:\' <DATA BOX>


End of the scan: Saturday, November 03, 2007 19:44
Used time: 41:45 min

The scan has been done completely.

10664 Scanning directories
281130 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
281130 Files not concerned
3577 Archives were scanned
2 Warnings
42 Notes
42615 Objects were scanned with rootkit scan
0 Hidden objects were found

Je te remercie encore de t'etre penche sur mon pb...

4 Novembre 2007 17:49:06

bonsoir

c'est ok,
on répare le boot par précaution:
Télécharge et double-clique sur : http://www.malekal.com/download/SafeBoot.reg

puis

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré en C:\rapport_clean.txt.

5 Novembre 2007 06:15:28

Bonjour
J ai suivi ce que tu disais, mais impossibl d'uploader le fichier sur le site ca prend plus d'une demi heure et ca plante...
Tout fonctionne nickel sinon, le boot a l'air de tourner
Merci de ton aide
5 Novembre 2007 13:24:24

bonjour

comme c'est vraiment compliqué pour toi, je pense qu'on va arrêter là les scans.
bagle a été supprimé, c'est le principal.
maintenant, tu as un bon antivirus, donc ça devrait aller.

~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.


zài jiàn ;) 
6 Novembre 2007 12:46:56

Bonjour,
Ca y est , post mis a jour...
Derniere petite question , est ce que je peux me passer de firewall?
J'ai desactive celui de windows parce que la mule passe mal sinon...
Est ce que j'ai besoin de mettre d'autres logiciels "indispensables" a ton avis?

je vois que tu fais des progres en chinois ;) 
zài jiàn péng you
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS