Sujet Précédent Sujet Suivant

Virus. Win32.Trats.d

Résolu
Serge -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,

J’utilise depuis plusieurs années les services de NORTON pour protéger mon PC.
Depuis quelques temps ma machine fonctionnait d’une manière erratique et semblait particulièrement lente.
J’ai donc décidé d’utiliser l’AV ORANGE .
Dès le premier redémarrage après l’installation de l’AV ORANGE, le message suivant est apparu sur l’écran :

Code dangereux détecté dans le fichier E:\WINDOWS\SYSTEM32\JKHFD.DLL
Infection : Virus.win32.Trats.d
Action : échec

depuis ce message ne me quitte plus et le PC est de plus en plus lent.

J’ai lu et appliqué votre procédure « méthode préliminaire de désinfection » .
Voici les log(s) dans l’ordre demandé.

Le log de bitdefender est en format HTML ou ASCII, le scan a duré 9h et 22 minutes vu la lenteur de ma machine, ce log est inexploitable. Je ne peux donc pas l'envoyer

Merci d’avance pour l’aide que vous pourrez m’apporter

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 12:51:40 01/11/08

+ Résultat de l'analyse:

C:\Program Files\wanadoo_toolbar\wanadoo_toolbar.dll_0_ -> Adware.BHO : Nettoyé.
C:\System Volume Information\_restore{4C68D5CE-67AE-493E-8E98-1AE14F92723B}\RP269\A0041423.dll -> Adware.BHO : Nettoyé.
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé.
C:\System Volume Information\_restore{4C68D5CE-67AE-493E-8E98-1AE14F92723B}\RP240\A0033211.exe -> Adware.NewDotNet : Nettoyé.
C:\System Volume Information\_restore{4C68D5CE-67AE-493E-8E98-1AE14F92723B}\RP243\A0034966.exe -> Adware.NewDotNet : Nettoyé.
C:\System Volume Information\_restore{4C68D5CE-67AE-493E-8E98-1AE14F92723B}\RP263\A0040187.dll -> Adware.NewDotNet : Nettoyé.
E:\Program Files\AntivirusFirewall\Common\FSM32.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\Program Files\AntivirusFirewall\FSGUI\FSSW.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\Program Files\AntivirusFirewall\FSGUI\ISPNEWS.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\AVGAS.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\Program Files\Wanadoo\SHELL.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP1\A0000022.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP1\A0000038.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP1\A0000092.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP1\A0000150.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP1\A0000187.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP1\A0000220.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP3\A0000251.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP3\A0000272.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP3\A0000288.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP3\A0000346.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP4\A0000395.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP4\A0000413.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP4\A0000423.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP4\A0000432.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP4\A0000721.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP4\A0001436.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP4\A0001468.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP5\A0001484.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP5\A0001725.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP6\A0001929.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP6\A0001930.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\System Volume Information\_restore{6E2C8730-69E6-4F19-9E38-48DB4C3BF63E}\RP6\A0001931.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSCONFIG.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\WINDOWS\system32\CTFMON.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\WINDOWS\system32\JKHFD.0XE -> Dropper.Agent.dgo : Nettoyé.
E:\WINDOWS\system32\ctfmon.exe.tmp -> Dropper.Agent.dgo : Nettoyé.
E:\Documents and Settings\SERGE\Shared\rednex.zip/Setup.exe -> Not-A-Virus.Adware.Agent : Nettoyé.
:mozilla.84:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Serge\Cookies\serge@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.118:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.121:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.61:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.22:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.23:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.24:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.25:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.57:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.71:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.92:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.115:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.116:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.117:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.29:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.53:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.70:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.59:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.60:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.93:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@search.msn[3].txt -> TrackingCookie.Msn : Nettoyé.
D:\WINDOWS\Bureau\transfert\Windows1\Cookies\serge@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Nettoyé.
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Cookies\serge@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Nettoyé.
:mozilla.29:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.30:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.31:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.32:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.33:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.34:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.48:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.119:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.120:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.10:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.6:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.73:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.7:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.8:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.113:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.12:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.13:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.7:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.8:E:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\pt4a3h0l.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\GISELE\Cookies\gisele@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Invité\Cookies\invité@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Serge\Cookies\serge@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
E:\Documents and Settings\Gisèle\Cookies\gisèle@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.34:E:\Documents and Settings\SERGE\Application Data\Mozilla\Firefox\Profiles\2842twqj.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.

Fin du rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:35, on 01/12/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
E:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
E:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
E:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
E:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
E:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
E:\WINDOWS\System32\FTRTSVC.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\Program Files\AntivirusFirewall\Common\FCH32.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Inventel\Gateway\wlancfg.exe
E:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
E:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\SERGE\LOCALS~1\Temp\Rar$EX00.281\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {a6c8b2b1-5bda-14e8-e094-cbe7007e5ef0} - {0fe5e700-7ebc-490e-8e41-adb51b2b8c6a} - E:\WINDOWS\system32\gyqutclm.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C0B93C9-8F8B-4C67-8D1A-A864967C5D0E} - E:\WINDOWS\system32\jkhfd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = E:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - E:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://E:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Recherche sur eBay - res://E:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ddccyxv - ddccyxv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\wlsnnyus.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - E:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - E:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - E:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - E:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
clic double sur VundoFix.exe afin de le lancer
clic sur le bouton Scan for Vundo
Lorsque le scan est complété, clic sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clic YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer;
clic OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci haut, à partir de "clic sur le bouton Scan for Vundo".
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

0
Réponse 2 / 21
serge
 
Bonjour;

Tout d'abord un grand ,merci pour la réponse très rapide.
J'ai toujours le message m'indiquant la présence du virus.
J'ai suivi la nouvelle procédure et voici les log(s).

Encore merci pour votre aide.

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 21:36:23 01/12/08

Listing files found while scanning....

E:\WINDOWS\system32\gyqutclm.dll

Beginning removal...

Attempting to delete E:\WINDOWS\system32\gyqutclm.dll
E:\WINDOWS\system32\gyqutclm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 22:42:50 01/12/08

Listing files found while scanning....

No infected files were found.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:32, on 01/13/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
E:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
E:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
E:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
E:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
E:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
E:\WINDOWS\System32\FTRTSVC.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\Program Files\AntivirusFirewall\Common\FCH32.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Inventel\Gateway\wlancfg.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
E:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
E:\Program Files\Wanadoo\EspaceWanadoo.exe
E:\Program Files\Wanadoo\ComComp.exe
E:\PROGRA~1\Wanadoo\Toaster.exe
E:\PROGRA~1\Wanadoo\Inactivity.exe
E:\PROGRA~1\Wanadoo\PollingModule.exe
E:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
E:\Program Files\Wanadoo\Watch.exe
E:\Program Files\Outlook Express\msimn.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\SERGE\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {a6c8b2b1-5bda-14e8-e094-cbe7007e5ef0} - {0fe5e700-7ebc-490e-8e41-adb51b2b8c6a} - E:\WINDOWS\system32\gyqutclm.dll (file missing)
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - (no file)
O2 - BHO: (no name) - {2CC3F7DE-C9C3-4EE5-A97F-D7FF9F2A2230} - E:\WINDOWS\system32\jkhfd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = E:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - E:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://E:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Recherche sur eBay - res://E:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ddccyxv - ddccyxv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\wlsnnyus.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - E:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - E:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - E:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - E:\Program Files\Inventel\Gateway\wlancfg.exe
0
Réponse 3 / 21
serge
 
Bonjour;

Tout d'abord un grand ,merci pour la réponse très rapide.
J'ai toujours le message m'indiquant la présence du virus.
J'ai suivi la nouvelle procédure et voici les log(s).

Encore merci pour votre aide.

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 21:36:23 01/12/08

Listing files found while scanning....

E:\WINDOWS\system32\gyqutclm.dll

Beginning removal...

Attempting to delete E:\WINDOWS\system32\gyqutclm.dll
E:\WINDOWS\system32\gyqutclm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 22:42:50 01/12/08

Listing files found while scanning....

No infected files were found.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:32, on 01/13/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
E:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
E:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
E:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
E:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
E:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
E:\WINDOWS\System32\FTRTSVC.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\Program Files\AntivirusFirewall\Common\FCH32.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Inventel\Gateway\wlancfg.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
E:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
E:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
E:\Program Files\Wanadoo\EspaceWanadoo.exe
E:\Program Files\Wanadoo\ComComp.exe
E:\PROGRA~1\Wanadoo\Toaster.exe
E:\PROGRA~1\Wanadoo\Inactivity.exe
E:\PROGRA~1\Wanadoo\PollingModule.exe
E:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
E:\Program Files\Wanadoo\Watch.exe
E:\Program Files\Outlook Express\msimn.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\SERGE\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {a6c8b2b1-5bda-14e8-e094-cbe7007e5ef0} - {0fe5e700-7ebc-490e-8e41-adb51b2b8c6a} - E:\WINDOWS\system32\gyqutclm.dll (file missing)
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - (no file)
O2 - BHO: (no name) - {2CC3F7DE-C9C3-4EE5-A97F-D7FF9F2A2230} - E:\WINDOWS\system32\jkhfd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = E:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - E:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://E:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Recherche sur eBay - res://E:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ddccyxv - ddccyxv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\wlsnnyus.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - E:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - E:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - E:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - E:\Program Files\Inventel\Gateway\wlancfg.exe
0
Réponse 4 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Serge
 
Bonjour,
Le problème, n'est pas résolu, j'ai toujours le message m'indiquant la présence du virus.
Je ne peux plus me connecter à internet, la lenteur du PC va croissante...
J'ai suivi la procédure que vous m'avez envoyé, voici le log

Merci encore pour votre aide

Serge

ComboFix 08-01-15.4 - SERGE 2008-01-15 21:40:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.155 [GMT 1:00]Running from: L:\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Program Files\Fichiers communs\Symantec Shared\CfgWiz .exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
E:\Program Files\IncrediMail\bin\IncMail .exe
E:\Program Files\iTunes\iTunesHelper .exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480 .exe
E:\Program Files\Logitech\iTouch\iTouch .exe
E:\Program Files\Microsoft Money\System\reminder .exe
E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe
E:\Program Files\QuickTime\qttask .exe
E:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
E:\Program Files\SymNetDrv\SNDMon .exe
E:\Program Files\Temporary
E:\Program Files\Wanadoo\GestMaj .exe
E:\Program Files\Wanadoo\Watch .exe
E:\Program Files\WinAble
E:\WINDOWS\b128.exe.bin
E:\WINDOWS\b138.exe.bin
E:\WINDOWS\cookies.ini
E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
E:\WINDOWS\system32\ctfmon .exe
E:\WINDOWS\system32\dfhkj.ini
E:\WINDOWS\system32\dfhkj.ini2
E:\WINDOWS\system32\jkhfd.dll
E:\WINDOWS\system32\jkhfd.exe
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\pac.txt
E:\WINDOWS\system32\PSDrvCheck .exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE .EXE
E:\x.dat
E:\z.dat
E:\WINDOWS\Fonts\-

[code] <pre>
E:\Program Files\Fichiers communs\Symantec Shared\CfgWiz .exe ---> QooBox
E:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe ---> QooBox
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> QooBox
E:\Program Files\IncrediMail\bin\IncMail .exe ---> QooBox
E:\Program Files\iTunes\iTunesHelper .exe ---> QooBox
E:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> QooBox
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480 .exe ---> QooBox
E:\Program Files\Logitech\iTouch\iTouch .exe ---> QooBox
E:\Program Files\Microsoft Money\System\reminder .exe ---> QooBox
E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe ---> QooBox
E:\Program Files\QuickTime\qttask .exe ---> QooBox
E:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe ---> QooBox
E:\Program Files\SymNetDrv\SNDMon .exe ---> QooBox
E:\Program Files\Wanadoo\GestMaj .exe ---> QooBox
E:\Program Files\Wanadoo\Watch .exe ---> QooBox
E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe ---> QooBox
E:\WINDOWS\system32\ctfmon .exe ---> QooBox
E:\WINDOWS\system32\PSDrvCheck .exe ---> QooBox
E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE .EXE ---> QooBox
</pre> [/code]
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 21:36 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-12 21:36 . 2008-01-12 22:41 <REP> d-------- E:\VundoFix Backups
2008-01-12 21:08 . 2008-01-12 22:34 326,656 --a------ E:\WINDOWS\system32\JKHFD.0XE
2008-01-12 16:34 . 2008-01-12 16:34 8 --a------ E:\WINDOWS\system32\581f73cf
2008-01-11 13:18 . 2008-01-12 17:32 <REP> d-------- E:\WINDOWS\BDOSCAN8
2008-01-10 21:07 . 2008-01-10 21:07 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Grisoft
2008-01-10 21:06 . 2008-01-10 21:06 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 21:06 . 2007-05-30 13:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 21:30 . 2008-01-09 21:30 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\F-Secure
2008-01-09 20:46 . 2008-01-09 20:46 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\ispnews
2008-01-09 20:34 . 2008-01-09 20:34 <REP> d-------- E:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-09 20:34 . 2005-11-18 16:04 70,896 --a------ E:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-09 20:34 . 2005-11-18 16:04 33,584 --a------ E:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-09 20:30 . 2008-01-09 20:34 <REP> d-------- E:\Program Files\AntivirusFirewall
2008-01-09 20:30 . 2008-01-09 20:30 118,842 -r------- E:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-01-07 22:34 . 2008-01-07 22:34 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\McAfee
2008-01-07 12:47 . 2008-01-08 18:55 1,044,311 ---hs---- E:\WINDOWS\system32\sawkfwgu.ini
2008-01-06 21:13 . 2008-01-06 21:45 <REP> d-------- E:\Program Files\INFORAD2
2008-01-06 21:13 . 2004-06-09 15:59 939,224 --a------ E:\WINDOWS\system32\Flash.ocx
2007-12-28 22:19 . 2008-01-08 18:17 <REP> d-------- E:\Program Files\McAfee
2007-12-28 22:18 . 2008-01-08 18:17 <REP> d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 21:05 . 2007-12-26 21:05 5,248 --a------ E:\WINDOWS\system32\giveio.sys
2007-12-26 20:59 . 2007-12-26 21:00 <REP> d-------- E:\Program Files\LimeWire
2007-12-26 16:00 . 2008-01-09 20:09 <REP> d-------- E:\Program Files\Norton SystemWorks
2007-12-26 14:58 . 2007-12-26 14:58 <REP> d-------- E:\WINDOWS\Google Toolbar
2007-12-26 12:18 . 2007-12-26 12:18 0 --a------ E:\WINDOWS\Irremote.ini
2007-12-24 16:02 . 2007-12-24 16:02 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Uniblue
2007-12-24 16:01 . 2007-12-24 16:01 <REP> d-------- E:\Program Files\Uniblue
2007-12-24 15:23 . 2007-12-24 15:23 <REP> d-------- E:\Garmin
2007-12-23 23:50 . 2007-12-23 23:50 147,456 --a------ E:\WINDOWS\system32\vbzip10.dll
2007-12-23 23:47 . 2007-12-23 23:47 134 --a------ E:\n.bat
2007-12-23 23:46 . 2007-12-23 23:46 <REP> d-------- E:\WINDOWS\system32\ardCo18
2007-12-23 22:46 . 2007-12-23 22:54 98,304 --a------ E:\WINDOWS\DUMP6438.tmp
2007-12-23 19:40 . 2007-12-23 19:40 30,544 --a------ E:\WINDOWS\dirdib.drv
2007-12-23 19:40 . 2007-12-23 19:40 30,464 --a------ E:\WINDOWS\macromix.dll
2007-12-23 02:19 . 2007-12-23 02:19 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\dvdcss
2007-12-23 02:14 . 2007-12-23 02:14 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Nero
2007-12-23 02:13 . 2007-12-24 09:58 69 --a------ E:\WINDOWS\NeroDigital.ini
2007-12-23 02:09 . 2007-12-23 02:09 <REP> d-------- E:\Program Files\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Program Files\Fichiers communs\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero
2007-12-23 01:58 . 2007-12-24 19:57 <REP> d-------- E:\Program Files\AskTBar
2007-12-22 17:00 . 2007-12-24 18:49 <REP> d-------- E:\Program Files\Yahoo!
2007-12-22 17:00 . 2007-12-24 10:48 <REP> d-------- E:\Program Files\CCleaner
2007-12-22 16:16 . 2007-12-22 16:16 <REP> d-------- E:\WINDOWS\OPTIONS
2007-12-22 15:05 . 2007-12-22 15:05 <REP> d-------- E:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-22 14:48 . 2007-12-22 14:48 <REP> d-------- E:\Program Files\Intel
2007-12-22 13:08 . 1999-05-31 15:04 220,672 --a------ E:\WINDOWS\system32\MPEGAVMM.DLL
2007-12-22 13:08 . 1999-05-31 15:04 219,136 --a------ E:\WINDOWS\system32\MPEGAV32.DLL
2007-12-22 13:08 . 1999-05-31 15:04 68,608 --a------ E:\WINDOWS\system32\ILMPEG32.DRV
2007-12-22 13:08 . 1997-04-10 13:56 25,904 --a------ E:\WINDOWS\system32\CDROM16.DLL
2007-12-22 13:08 . 1997-04-10 13:56 22,016 --a------ E:\WINDOWS\system32\CDROM32.DLL
2007-12-22 13:06 . 2007-12-22 13:06 <REP> d-------- E:\Documents and Settings\SERGE\WINDOWS
2007-12-22 13:06 . 1996-11-05 16:13 299,008 --a------ E:\WINDOWS\uninst.exe
2007-12-22 10:48 . 2007-12-22 10:48 <REP> d-------- E:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-19 21:43 . 2007-12-19 21:43 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\EPSON
2007-12-19 21:06 . 2007-12-19 21:06 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\vlc
2007-12-19 21:03 . 2007-12-19 21:03 <REP> d-------- E:\Program Files\VideoLAN
2007-12-19 19:01 . 2007-12-19 19:03 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Smart Panel
2007-12-19 19:01 . 2007-12-19 19:01 29 --a------ E:\WINDOWS\DEBUGSM.INI
2007-12-19 18:18 . 2007-12-26 21:45 16,574 --a------ E:\WINDOWS\EPISMF00.SWB
2007-12-19 17:58 . 2007-12-19 17:58 <REP> d-------- E:\WINDOWS\EPSON CardMonitor Essential
2007-12-19 17:57 . 2007-12-19 17:57 <REP> d-------- E:\WINDOWS\EPSON PhotoStarter Essential
2007-12-19 17:57 . 2007-12-19 17:57 <REP> d-------- E:\Documents and Settings\All Users\Application Data\UDL
2007-12-19 17:55 . 2003-07-02 01:00 131,072 --a------ E:\WINDOWS\system32\Epcmlib.dll
2007-12-19 17:48 . 1999-06-15 11:31 96,768 --a------ E:\WINDOWS\SlantAdj.dll
2007-12-19 17:48 . 1999-12-07 02:03 73,216 --a------ E:\WINDOWS\ADE.DLL
2007-12-19 17:48 . 1999-04-27 00:17 3,136 --a------ E:\WINDOWS\Ade001.bin
2007-12-19 17:48 . 1999-08-09 23:50 72 --------- E:\WINDOWS\system32\epDPE.ini
2007-12-19 17:47 . 2007-12-19 17:53 <REP> d-------- E:\Program Files\Smart Panel
2007-12-19 17:44 . 2004-02-27 06:01 79,654 --a------ E:\WINDOWS\system32\E_FLM9BE.DLL
2007-12-19 17:44 . 2003-05-21 03:27 64,000 --a------ E:\WINDOWS\system32\E_FBCB9BE.DLL
2007-12-19 17:44 . 2000-06-07 02:01 34,304 --a------ E:\WINDOWS\system32\E_FBCH9BE.DLL
2007-12-19 17:44 . 2003-04-10 06:40 31,744 --a------ E:\WINDOWS\system32\E_DCINST.DLL
2007-12-19 17:35 . 2007-12-26 15:16 <REP> d-------- E:\Program Files\epson
2007-12-19 17:35 . 2003-07-01 00:00 46,080 --a------ E:\WINDOWS\system32\escimgd.dll
2007-12-19 17:35 . 2003-08-06 00:00 29,184 --a------ E:\WINDOWS\system32\escwiadn.dll
2007-12-19 17:35 . 2003-07-01 00:00 22,528 --a------ E:\WINDOWS\system32\esccmd.dll
2007-12-19 17:35 . 2007-12-19 17:35 25 --a------ E:\WINDOWS\CDE CX3600FGD.ini
2007-12-16 17:09 . 2007-12-16 17:09 <REP> d-------- E:\Program Files\AML Products
2007-12-16 17:09 . 2005-02-21 14:01 2,535,424 --a------ E:\WINDOWS\system32\agsaamj.dll
2007-12-16 17:09 . 2005-03-02 13:50 610,304 --a------ E:\WINDOWS\system32\agsaamg.dll
2007-12-16 17:09 . 2005-01-31 13:25 372,736 --a------ E:\WINDOWS\system32\agsaamc.dll
2007-12-16 17:09 . 2005-02-15 14:28 339,968 --a------ E:\WINDOWS\system32\NCTAudioArrayProcessing3.dll
2007-12-16 17:09 . 2005-02-01 15:23 90,112 --a------ E:\WINDOWS\system32\agsaami.dll
2007-12-16 17:09 . 2005-01-31 13:27 81,920 --a------ E:\WINDOWS\system32\NCTAudioSource.ax
2007-12-16 17:09 . 2005-06-21 17:48 1 --a------ E:\WINDOWS\audi20.dat
2007-12-16 15:49 . 2006-11-30 15:12 18,704 -ra------ E:\WINDOWS\system32\drivers\se57nd5.sys
2007-12-16 15:46 . 2007-12-16 15:46 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Teleca
2007-12-16 15:43 . 2007-12-16 15:43 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Sony Ericsson
2007-12-16 15:35 . 2007-12-16 15:35 <REP> d-------- E:\Program Files\Sony Ericsson
2007-12-16 15:35 . 2007-12-24 19:14 <REP> d-------- E:\Program Files\Fichiers communs\Teleca Shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 20:53 --------- d-----w E:\Program Files\Wanadoo
2008-01-15 20:53 --------- d-----w E:\Program Files\SymNetDrv
2008-01-15 20:53 --------- d-----w E:\Program Files\QuickTime
2008-01-15 20:53 --------- d-----w E:\Program Files\iTunes
2008-01-15 20:53 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-01-14 23:15 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-12 17:03 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Canon
2008-01-09 20:49 --------- d-----w E:\Program Files\Capturino 1.4
2008-01-09 19:33 --------- d-----w E:\Program Files\Lavasoft
2008-01-09 19:33 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Lavasoft
2008-01-09 19:15 --------- d-----w E:\Program Files\Symantec
2008-01-08 18:56 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-01-07 20:14 --------- d-----w E:\Program Files\INFORAD_DRIVERS
2007-12-27 23:14 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe.tmp
2007-12-27 18:45 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2007-12-27 07:15 22 ----a-w E:\WINDOWS\Fonts\x.zip
2007-12-26 14:25 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 14:24 --------- d-----w E:\Program Files\Sonic
2007-12-26 14:17 --------- d-----w E:\Program Files\ArcSoft
2007-12-26 14:16 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-12-26 13:54 --------- d-----w E:\Program Files\Panasonic
2007-12-26 13:53 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Panasonic
2007-12-26 11:02 --------- d-----w E:\Program Files\IncrediMail
2007-12-24 18:04 --------- d-----w E:\Program Files\eBay
2007-12-24 18:03 --------- d-----w E:\Program Files\Canon
2007-12-24 17:54 --------- d-----w E:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-24 17:50 --------- d-----w E:\Program Files\Windows Defender
2007-11-28 20:21 --------- d-----w E:\Program Files\Microsoft Money
2007-11-25 16:25 --------- d-----w E:\Program Files\iPod
2007-10-25 09:26 53,248 ----a-w E:\WINDOWS\bdoscandel.exe
2006-10-12 22:49 278,528 ----a-w E:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
[code]<pre>
----a-w 483,328 2007-12-24 10:06:06 E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w 57,344 2007-12-24 10:05:45 E:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
----a-w 122,929 2008-01-09 19:45:52 E:\Program Files\AntivirusFirewall\Common\FSM32 .EXE
----a-w 372,736 2008-01-09 19:45:59 E:\Program Files\AntivirusFirewall\FSGUI\FSSW .EXE
----a-w 356,352 2008-01-09 19:46:00 E:\Program Files\AntivirusFirewall\FSGUI\ispnews .exe
----a-w 700,416 2008-01-09 19:52:47 E:\Program Files\AntivirusFirewall\TNB\TNBUtil .exe
----a-w 153,136 2007-12-24 10:40:03 E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck .exe
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 11:21:57 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 155,648 2007-12-24 10:39:30 E:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray .exe
----a-w 72,536 2007-12-28 06:50:48 E:\Program Files\Fichiers communs\Symantec Shared\ccApp .exe
----a-w 310,272 2007-12-24 10:00:08 E:\Program Files\Goto Software\Vade Retro\Vaderetro_oe .exe
----a-w 1,694,208 2007-12-26 17:20:44 E:\Program Files\Messenger\msmsgs .exe
----a-w 2,213,160 2007-12-24 10:40:13 E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
----a-w 487,424 2007-12-24 10:00:39 E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w 1,885,464 2007-12-26 19:32:46 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w 122,880 2008-01-08 16:40:22 E:\Program Files\Wanadoo\Shell .exe
----a-w 866,584 2007-12-24 10:00:10 E:\Program Files\Windows Defender\MSASCui .exe
----a-w 114,741 2007-12-26 14:18:06 E:\WINDOWS\system32\dla\tfswctrl .exe
</pre>[/code]

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-01-08 19:55 15360]
"ALUAlert"="E:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccyxv]
ddccyxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
path=E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
backup=E:\WINDOWS\pss\Antivirus Firewall.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\581f6141]
E:\WINDOWS\system32\ugwfkwas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-08 19:55 15360 E:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
E:\Program Files\AntivirusFirewall\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
E:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
E:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
E:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
E:\WINDOWS\system32\jkhfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
E:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 E:\WINDOWS\system32\NvCpl.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" /background

R0 FSFW;F-Secure Firewall Driver;E:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-01-09 20:30]
R2 F-Secure Filter;F-Secure File System Filter;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-01-09 20:51]
R2 F-Secure Recognizer;F-Secure File System Recognizer;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 LCcfltr;Logitech USB Filter Driver;E:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 10:50]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;E:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
R3 usbstor;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S1 PinnacleMicroTV;Pinnacle Systems MicroTV Device;E:\WINDOWS\system32\DRIVERS\MicroTV.sys [2005-07-12 12:51]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);E:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);E:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);E:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe462140-b0cf-11dc-89e5-806d6172696f}]
\shell\play\Command - "E:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 08:52:57 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:15:01 E:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- E:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 19:00:03 E:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- E:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:59:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: E:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> E:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Completion time: 2008-01-15 22:03:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 21:03:18
.
2008-01-09 11:45:25 --- E O F ---
0
Réponse 6 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Télécharge RenV (de sUBs) sur ton Bureau,
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Double-clique sur RenV pour le lancer,
Le bloc-note s'ouvre à la fin de l'analyse et contient le rapport log.txt

Poste ce rapport log.txt
0
Réponse 7 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
tu en es où?
0
Réponse 8 / 21
Serge
 
Bonjour,

Toujours le message m'indiquant la présence du virus.

Voici le log demandé.

Merci encore

Serge

[code]
Ran on 01/16/08 - 12:48:21.25

----a-w 483,328 2007-12-24 10:06:06 E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w 57,344 2007-12-24 10:05:45 E:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
----a-w 122,929 2008-01-09 19:45:52 E:\Program Files\AntivirusFirewall\Common\FSM32 .EXE
----a-w 372,736 2008-01-09 19:45:59 E:\Program Files\AntivirusFirewall\FSGUI\FSSW .EXE
----a-w 356,352 2008-01-09 19:46:00 E:\Program Files\AntivirusFirewall\FSGUI\ispnews .exe
----a-w 700,416 2008-01-09 19:52:47 E:\Program Files\AntivirusFirewall\TNB\TNBUtil .exe
----a-w 153,136 2007-12-24 10:40:03 E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck .exe
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 11:21:57 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 155,648 2007-12-24 10:39:30 E:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray .exe
----a-w 72,536 2007-12-28 06:50:48 E:\Program Files\Fichiers communs\Symantec Shared\ccApp .exe
----a-w 310,272 2007-12-24 10:00:08 E:\Program Files\Goto Software\Vade Retro\Vaderetro_oe .exe
----a-w 1,694,208 2007-12-26 17:20:44 E:\Program Files\Messenger\msmsgs .exe
----a-w 2,213,160 2007-12-24 10:40:13 E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
----a-w 487,424 2007-12-24 10:00:39 E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w 1,885,464 2007-12-26 19:32:46 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w 122,880 2008-01-08 16:40:22 E:\Program Files\Wanadoo\Shell .exe
----a-w 866,584 2007-12-24 10:00:10 E:\Program Files\Windows Defender\MSASCui .exe
----a-w 114,741 2007-12-26 14:18:06 E:\WINDOWS\system32\dla\tfswctrl .exe

Entries: 23 (23)
Directories: 0 Files: 23
Bytes: 20,498,982 Blocks: 40,044
[/code]
0
Réponse 9 / 21
Serge
 
Bonjour,

Toujours le message m'indiquant la présence du virus.

Voici le log demandé.

Merci encore

Serge

[code]
Ran on 01/16/08 - 12:48:21.25

----a-w 483,328 2007-12-24 10:06:06 E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w 57,344 2007-12-24 10:05:45 E:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
----a-w 122,929 2008-01-09 19:45:52 E:\Program Files\AntivirusFirewall\Common\FSM32 .EXE
----a-w 372,736 2008-01-09 19:45:59 E:\Program Files\AntivirusFirewall\FSGUI\FSSW .EXE
----a-w 356,352 2008-01-09 19:46:00 E:\Program Files\AntivirusFirewall\FSGUI\ispnews .exe
----a-w 700,416 2008-01-09 19:52:47 E:\Program Files\AntivirusFirewall\TNB\TNBUtil .exe
----a-w 153,136 2007-12-24 10:40:03 E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck .exe
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 11:21:57 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 155,648 2007-12-24 10:39:30 E:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray .exe
----a-w 72,536 2007-12-28 06:50:48 E:\Program Files\Fichiers communs\Symantec Shared\ccApp .exe
----a-w 310,272 2007-12-24 10:00:08 E:\Program Files\Goto Software\Vade Retro\Vaderetro_oe .exe
----a-w 1,694,208 2007-12-26 17:20:44 E:\Program Files\Messenger\msmsgs .exe
----a-w 2,213,160 2007-12-24 10:40:13 E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
----a-w 487,424 2007-12-24 10:00:39 E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w 1,885,464 2007-12-26 19:32:46 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w 122,880 2008-01-08 16:40:22 E:\Program Files\Wanadoo\Shell .exe
----a-w 866,584 2007-12-24 10:00:10 E:\Program Files\Windows Defender\MSASCui .exe
----a-w 114,741 2007-12-26 14:18:06 E:\WINDOWS\system32\dla\tfswctrl .exe

Entries: 23 (23)
Directories: 0 Files: 23
Bytes: 20,498,982 Blocks: 40,044
[/code]
0
Réponse 10 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
normal on a encore rien fait
on commence
Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte en citation : 
RENV::
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
E:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
E:\Program Files\AntivirusFirewall\Common\FSM32 .EXE
E:\Program Files\AntivirusFirewall\FSGUI\FSSW .EXE
E:\Program Files\AntivirusFirewall\FSGUI\ispnews .exe
E:\Program Files\AntivirusFirewall\TNB\TNBUtil .exe
E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray .exe
E:\Program Files\Fichiers communs\Symantec Shared\ccApp .exe
E:\Program Files\Goto Software\Vade Retro\Vaderetro_oe .exe
E:\Program Files\Messenger\msmsgs .exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
E:\Program Files\Wanadoo\Shell .exe
E:\Program Files\Windows Defender\MSASCui .exe
E:\WINDOWS\system32\dla\tfswctrl .exe


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

0
Réponse 11 / 21
Serge
 
Bonjour,

voici le log,

Merci pour votre aide

Serge

ComboFix 08-01-15.4 - SERGE 2008-01-16 21:09:58.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.151 [GMT 1:00]
Running from: L:\ComboFix.exe
Command switches used :: L:\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\system32\sawkfwgu.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 21:36 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-12 21:36 . 2008-01-12 22:41 <REP> d-------- E:\VundoFix Backups
2008-01-12 21:08 . 2008-01-12 22:34 326,656 --a------ E:\WINDOWS\system32\JKHFD.0XE
2008-01-12 16:34 . 2008-01-12 16:34 8 --a------ E:\WINDOWS\system32\581f73cf
2008-01-11 13:18 . 2008-01-12 17:32 <REP> d-------- E:\WINDOWS\BDOSCAN8
2008-01-10 21:07 . 2008-01-10 21:07 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Grisoft
2008-01-10 21:06 . 2008-01-10 21:06 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 21:06 . 2007-05-30 13:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 21:30 . 2008-01-09 21:30 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\F-Secure
2008-01-09 20:46 . 2008-01-09 20:46 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\ispnews
2008-01-09 20:34 . 2008-01-09 20:34 <REP> d-------- E:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-09 20:34 . 2005-11-18 16:04 70,896 --a------ E:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-09 20:34 . 2005-11-18 16:04 33,584 --a------ E:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-09 20:30 . 2008-01-09 20:34 <REP> d-------- E:\Program Files\AntivirusFirewall
2008-01-09 20:30 . 2008-01-09 20:30 118,842 -r------- E:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-01-07 22:34 . 2008-01-07 22:34 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\McAfee
2008-01-06 21:13 . 2008-01-06 21:45 <REP> d-------- E:\Program Files\INFORAD2
2008-01-06 21:13 . 2004-06-09 15:59 939,224 --a------ E:\WINDOWS\system32\Flash.ocx
2008-01-06 18:16 . 2008-01-06 18:16 <REP> d-------- E:\Documents and Settings\Gisèle\Application Data\ArcSoft
2007-12-28 22:19 . 2008-01-08 18:17 <REP> d-------- E:\Program Files\McAfee
2007-12-28 22:18 . 2008-01-08 18:17 <REP> d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 21:05 . 2007-12-26 21:05 5,248 --a------ E:\WINDOWS\system32\giveio.sys
2007-12-26 20:59 . 2007-12-26 21:00 <REP> d-------- E:\Program Files\LimeWire
2007-12-26 16:00 . 2008-01-09 20:09 <REP> d-------- E:\Program Files\Norton SystemWorks
2007-12-26 14:58 . 2007-12-26 14:58 <REP> d-------- E:\WINDOWS\Google Toolbar
2007-12-26 12:18 . 2007-12-26 12:18 0 --a------ E:\WINDOWS\Irremote.ini
2007-12-25 05:06 . 2007-12-25 05:06 <REP> d-------- E:\Documents and Settings\Invité\Application Data\LimeWire
2007-12-25 05:00 . 2007-12-25 05:00 <REP> d-------- E:\Documents and Settings\Invité\Application Data\Symantec
2007-12-24 16:02 . 2007-12-24 16:02 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Uniblue
2007-12-24 16:01 . 2007-12-24 16:01 <REP> d-------- E:\Program Files\Uniblue
2007-12-24 15:23 . 2007-12-24 15:23 <REP> d-------- E:\Garmin
2007-12-23 23:50 . 2007-12-23 23:50 147,456 --a------ E:\WINDOWS\system32\vbzip10.dll
2007-12-23 23:47 . 2007-12-23 23:47 134 --a------ E:\n.bat
2007-12-23 23:46 . 2007-12-23 23:46 <REP> d-------- E:\WINDOWS\system32\ardCo18
2007-12-23 22:46 . 2007-12-23 22:54 98,304 --a------ E:\WINDOWS\DUMP6438.tmp
2007-12-23 19:40 . 2007-12-23 19:40 30,544 --a------ E:\WINDOWS\dirdib.drv
2007-12-23 19:40 . 2007-12-23 19:40 30,464 --a------ E:\WINDOWS\macromix.dll
2007-12-23 02:19 . 2007-12-23 02:19 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\dvdcss
2007-12-23 02:14 . 2007-12-23 02:14 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Nero
2007-12-23 02:13 . 2007-12-24 09:58 69 --a------ E:\WINDOWS\NeroDigital.ini
2007-12-23 02:09 . 2007-12-23 02:09 <REP> d-------- E:\Program Files\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Program Files\Fichiers communs\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero
2007-12-23 01:58 . 2007-12-24 19:57 <REP> d-------- E:\Program Files\AskTBar
2007-12-22 17:00 . 2007-12-24 18:49 <REP> d-------- E:\Program Files\Yahoo!
2007-12-22 17:00 . 2007-12-24 10:48 <REP> d-------- E:\Program Files\CCleaner
2007-12-22 16:16 . 2007-12-22 16:16 <REP> d-------- E:\WINDOWS\OPTIONS
2007-12-22 15:05 . 2007-12-22 15:05 <REP> d-------- E:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-22 14:48 . 2007-12-22 14:48 <REP> d-------- E:\Program Files\Intel
2007-12-22 13:08 . 1999-05-31 15:04 220,672 --a------ E:\WINDOWS\system32\MPEGAVMM.DLL
2007-12-22 13:08 . 1999-05-31 15:04 219,136 --a------ E:\WINDOWS\system32\MPEGAV32.DLL
2007-12-22 13:08 . 1999-05-31 15:04 68,608 --a------ E:\WINDOWS\system32\ILMPEG32.DRV
2007-12-22 13:08 . 1997-04-10 13:56 25,904 --a------ E:\WINDOWS\system32\CDROM16.DLL
2007-12-22 13:08 . 1997-04-10 13:56 22,016 --a------ E:\WINDOWS\system32\CDROM32.DLL
2007-12-22 13:06 . 2007-12-22 13:06 <REP> d-------- E:\Documents and Settings\SERGE\WINDOWS
2007-12-22 13:06 . 1996-11-05 16:13 299,008 --a------ E:\WINDOWS\uninst.exe
2007-12-22 10:48 . 2007-12-22 10:48 <REP> d-------- E:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-21 20:09 . 2007-12-21 20:09 <REP> d-------- E:\Documents and Settings\Gisèle\Application Data\Teleca
2007-12-21 20:05 . 2007-12-21 20:05 <REP> d-------- E:\Documents and Settings\Gisèle\Application Data\Sony Ericsson
2007-12-19 21:43 . 2007-12-19 21:43 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\EPSON
2007-12-19 21:06 . 2007-12-19 21:06 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\vlc
2007-12-19 21:03 . 2007-12-19 21:03 <REP> d-------- E:\Program Files\VideoLAN
2007-12-19 19:01 . 2007-12-19 19:03 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Smart Panel
2007-12-19 19:01 . 2007-12-19 19:01 29 --a------ E:\WINDOWS\DEBUGSM.INI
2007-12-19 18:18 . 2007-12-26 21:45 16,574 --a------ E:\WINDOWS\EPISMF00.SWB
2007-12-19 17:58 . 2007-12-19 17:58 <REP> d-------- E:\WINDOWS\EPSON CardMonitor Essential
2007-12-19 17:57 . 2007-12-19 17:57 <REP> d-------- E:\WINDOWS\EPSON PhotoStarter Essential
2007-12-19 17:57 . 2007-12-19 17:57 <REP> d-------- E:\Documents and Settings\All Users\Application Data\UDL
2007-12-19 17:55 . 2003-07-02 01:00 131,072 --a------ E:\WINDOWS\system32\Epcmlib.dll
2007-12-19 17:48 . 1999-06-15 11:31 96,768 --a------ E:\WINDOWS\SlantAdj.dll
2007-12-19 17:48 . 1999-12-07 02:03 73,216 --a------ E:\WINDOWS\ADE.DLL
2007-12-19 17:48 . 1999-04-27 00:17 3,136 --a------ E:\WINDOWS\Ade001.bin
2007-12-19 17:48 . 1999-08-09 23:50 72 --------- E:\WINDOWS\system32\epDPE.ini
2007-12-19 17:47 . 2007-12-19 17:53 <REP> d-------- E:\Program Files\Smart Panel
2007-12-19 17:44 . 2004-02-27 06:01 79,654 --a------ E:\WINDOWS\system32\E_FLM9BE.DLL
2007-12-19 17:44 . 2003-05-21 03:27 64,000 --a------ E:\WINDOWS\system32\E_FBCB9BE.DLL
2007-12-19 17:44 . 2000-06-07 02:01 34,304 --a------ E:\WINDOWS\system32\E_FBCH9BE.DLL
2007-12-19 17:44 . 2003-04-10 06:40 31,744 --a------ E:\WINDOWS\system32\E_DCINST.DLL
2007-12-19 17:35 . 2007-12-26 15:16 <REP> d-------- E:\Program Files\epson
2007-12-19 17:35 . 2003-07-01 00:00 46,080 --a------ E:\WINDOWS\system32\escimgd.dll
2007-12-19 17:35 . 2003-08-06 00:00 29,184 --a------ E:\WINDOWS\system32\escwiadn.dll
2007-12-19 17:35 . 2003-07-01 00:00 22,528 --a------ E:\WINDOWS\system32\esccmd.dll
2007-12-19 17:35 . 2007-12-19 17:35 25 --a------ E:\WINDOWS\CDE CX3600FGD.ini
2007-12-16 17:09 . 2007-12-16 17:09 <REP> d-------- E:\Program Files\AML Products
2007-12-16 17:09 . 2005-02-21 14:01 2,535,424 --a------ E:\WINDOWS\system32\agsaamj.dll
2007-12-16 17:09 . 2005-03-02 13:50 610,304 --a------ E:\WINDOWS\system32\agsaamg.dll
2007-12-16 17:09 . 2005-01-31 13:25 372,736 --a------ E:\WINDOWS\system32\agsaamc.dll
2007-12-16 17:09 . 2005-02-15 14:28 339,968 --a------ E:\WINDOWS\system32\NCTAudioArrayProcessing3.dll
2007-12-16 17:09 . 2005-02-01 15:23 90,112 --a------ E:\WINDOWS\system32\agsaami.dll
2007-12-16 17:09 . 2005-01-31 13:27 81,920 --a------ E:\WINDOWS\system32\NCTAudioSource.ax
2007-12-16 17:09 . 2005-06-21 17:48 1 --a------ E:\WINDOWS\audi20.dat
2007-12-16 15:49 . 2006-11-30 15:12 18,704 -ra------ E:\WINDOWS\system32\drivers\se57nd5.sys
2007-12-16 15:46 . 2007-12-16 15:46 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Teleca
2007-12-16 15:43 . 2007-12-16 15:43 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Sony Ericsson
2007-12-16 15:35 . 2007-12-16 15:35 <REP> d-------- E:\Program Files\Sony Ericsson
2007-12-16 15:35 . 2007-12-24 19:14 <REP> d-------- E:\Program Files\Fichiers communs\Teleca Shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 20:09 --------- d-----w E:\Program Files\Windows Defender
2008-01-16 20:09 --------- d-----w E:\Program Files\Wanadoo
2008-01-16 20:09 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-01-16 11:49 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-15 20:53 --------- d-----w E:\Program Files\SymNetDrv
2008-01-15 20:53 --------- d-----w E:\Program Files\QuickTime
2008-01-15 20:53 --------- d-----w E:\Program Files\iTunes
2008-01-12 17:03 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Canon
2008-01-09 20:49 --------- d-----w E:\Program Files\Capturino 1.4
2008-01-09 19:33 --------- d-----w E:\Program Files\Lavasoft
2008-01-09 19:33 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Lavasoft
2008-01-09 19:15 --------- d-----w E:\Program Files\Symantec
2008-01-08 18:56 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-01-08 18:55 15,360 ----a-w E:\WINDOWS\system32\ctfmon.exe
2008-01-07 20:14 --------- d-----w E:\Program Files\INFORAD_DRIVERS
2008-01-06 17:37 --------- d-----w E:\Documents and Settings\Gisèle\Application Data\Canon
2007-12-27 23:14 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe.tmp
2007-12-27 18:45 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2007-12-27 07:15 22 ----a-w E:\WINDOWS\Fonts\x.zip
2007-12-27 00:09 406,016 ----a-w E:\WINDOWS\system32\PSDrvCheck.exe
2007-12-26 14:25 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 14:24 --------- d-----w E:\Program Files\Sonic
2007-12-26 14:17 --------- d-----w E:\Program Files\ArcSoft
2007-12-26 14:16 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-12-26 13:54 --------- d-----w E:\Program Files\Panasonic
2007-12-26 13:53 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Panasonic
2007-12-26 11:02 --------- d-----w E:\Program Files\IncrediMail
2007-12-24 18:04 --------- d-----w E:\Program Files\eBay
2007-12-24 18:03 --------- d-----w E:\Program Files\Canon
2007-12-24 17:54 --------- d-----w E:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-01 20:44 --------- d-----w E:\Documents and Settings\Gisèle\Application Data\eBay
2007-11-28 20:21 --------- d-----w E:\Program Files\Microsoft Money
2007-11-25 16:25 --------- d-----w E:\Program Files\iPod
2007-11-07 09:28 728,576 ----a-w E:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w E:\WINDOWS\system32\quartz.dll
2007-10-25 09:26 53,248 ----a-w E:\WINDOWS\bdoscandel.exe
2007-10-25 08:28 222,720 ----a-w E:\WINDOWS\system32\wmasf.dll
2006-10-12 22:49 278,528 ----a-w E:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
[code]<pre>
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
</pre>[/code]

((((((((((((((((((((((((((((( snapshot@2008-01-15_22.02.53.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 20:37:20 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-16 20:08:11 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-16 20:08:11 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-15 20:37:21 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
+ 2008-01-16 20:08:11 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-16 20:08:11 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-15 20:37:21 6,127,616 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-16 20:08:12 6,127,616 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-15 20:37:22 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-16 20:08:12 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2007-12-26 14:18:06 114,741 ----a-w E:\WINDOWS\system32\dla\tfswctrl.exe
+ 2008-01-16 20:04:36 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_254.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-01-08 19:55 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-01-08 19:55 15360]
"ALUAlert"="E:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccyxv]
ddccyxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
path=E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
backup=E:\WINDOWS\pss\Antivirus Firewall.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\581f6141]
E:\WINDOWS\system32\ugwfkwas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-08 19:55 15360 E:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2008-01-09 20:45 122929 E:\Program Files\AntivirusFirewall\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
--a------ 2008-01-09 20:45 372736 E:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2008-01-09 20:52 700416 E:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
E:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
E:\WINDOWS\system32\jkhfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
--a------ 2008-01-09 20:46 356352 E:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 E:\WINDOWS\system32\NvCpl.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" /background

R0 FSFW;F-Secure Firewall Driver;E:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-01-09 20:30]
R2 F-Secure Filter;F-Secure File System Filter;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-01-09 20:51]
R2 F-Secure Recognizer;F-Secure File System Recognizer;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 LCcfltr;Logitech USB Filter Driver;E:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 10:50]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;E:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
R3 usbstor;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S1 PinnacleMicroTV;Pinnacle Systems MicroTV Device;E:\WINDOWS\system32\DRIVERS\MicroTV.sys [2005-07-12 12:51]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);E:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);E:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);E:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe462140-b0cf-11dc-89e5-806d6172696f}]
\shell\play\Command - "E:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 08:52:57 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:15:01 E:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- E:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 19:00:03 E:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- E:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 21:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 21:18:50
ComboFix-quarantined-files.txt 2008-01-16 20:18:42
ComboFix2.txt 2008-01-15 21:03:27
.
2008-01-09 11:45:25 --- E O F ---
0
Réponse 12 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
on recommence
Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte en citation : 

RENV::

E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 13 / 21
serge
 
Bonjour,

Toujours des soucis, toujours le message m'indiquant la présence du virus

Voici le log demandé,

Merci encore,

Cordialement,

Serge

ComboFix 08-01-15.4 - SERGE 2008-01-17 22:15:18.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.236 [GMT 1:00]
Running from: L:\ComboFix.exe
Command switches used :: L:\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 21:36 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-12 21:36 . 2008-01-12 22:41 <REP> d-------- E:\VundoFix Backups
2008-01-12 21:08 . 2008-01-12 22:34 326,656 --a------ E:\WINDOWS\system32\JKHFD.0XE
2008-01-12 16:34 . 2008-01-12 16:34 8 --a------ E:\WINDOWS\system32\581f73cf
2008-01-11 13:18 . 2008-01-12 17:32 <REP> d-------- E:\WINDOWS\BDOSCAN8
2008-01-10 21:07 . 2008-01-10 21:07 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Grisoft
2008-01-10 21:06 . 2008-01-10 21:06 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 21:06 . 2007-05-30 13:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 21:30 . 2008-01-09 21:30 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\F-Secure
2008-01-09 20:46 . 2008-01-09 20:46 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\ispnews
2008-01-09 20:34 . 2008-01-09 20:34 <REP> d-------- E:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-09 20:34 . 2005-11-18 16:04 70,896 --a------ E:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-09 20:34 . 2005-11-18 16:04 33,584 --a------ E:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-09 20:30 . 2008-01-09 20:34 <REP> d-------- E:\Program Files\AntivirusFirewall
2008-01-09 20:30 . 2008-01-09 20:30 118,842 -r------- E:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-01-07 22:34 . 2008-01-07 22:34 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\McAfee
2008-01-06 21:13 . 2008-01-06 21:45 <REP> d-------- E:\Program Files\INFORAD2
2008-01-06 21:13 . 2004-06-09 15:59 939,224 --a------ E:\WINDOWS\system32\Flash.ocx
2008-01-06 18:16 . 2008-01-06 18:16 <REP> d-------- E:\Documents and Settings\Gisèle\Application Data\ArcSoft
2007-12-28 22:19 . 2008-01-08 18:17 <REP> d-------- E:\Program Files\McAfee
2007-12-28 22:18 . 2008-01-08 18:17 <REP> d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 21:05 . 2007-12-26 21:05 5,248 --a------ E:\WINDOWS\system32\giveio.sys
2007-12-26 20:59 . 2007-12-26 21:00 <REP> d-------- E:\Program Files\LimeWire
2007-12-26 16:00 . 2008-01-09 20:09 <REP> d-------- E:\Program Files\Norton SystemWorks
2007-12-26 14:58 . 2007-12-26 14:58 <REP> d-------- E:\WINDOWS\Google Toolbar
2007-12-26 12:18 . 2007-12-26 12:18 0 --a------ E:\WINDOWS\Irremote.ini
2007-12-25 05:06 . 2007-12-25 05:06 <REP> d-------- E:\Documents and Settings\Invité\Application Data\LimeWire
2007-12-25 05:00 . 2007-12-25 05:00 <REP> d-------- E:\Documents and Settings\Invité\Application Data\Symantec
2007-12-24 16:02 . 2007-12-24 16:02 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Uniblue
2007-12-24 16:01 . 2007-12-24 16:01 <REP> d-------- E:\Program Files\Uniblue
2007-12-24 15:23 . 2007-12-24 15:23 <REP> d-------- E:\Garmin
2007-12-23 23:50 . 2007-12-23 23:50 147,456 --a------ E:\WINDOWS\system32\vbzip10.dll
2007-12-23 23:47 . 2007-12-23 23:47 134 --a------ E:\n.bat
2007-12-23 23:46 . 2007-12-23 23:46 <REP> d-------- E:\WINDOWS\system32\ardCo18
2007-12-23 22:46 . 2007-12-23 22:54 98,304 --a------ E:\WINDOWS\DUMP6438.tmp
2007-12-23 19:40 . 2007-12-23 19:40 30,544 --a------ E:\WINDOWS\dirdib.drv
2007-12-23 19:40 . 2007-12-23 19:40 30,464 --a------ E:\WINDOWS\macromix.dll
2007-12-23 02:19 . 2007-12-23 02:19 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\dvdcss
2007-12-23 02:14 . 2007-12-23 02:14 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Nero
2007-12-23 02:13 . 2007-12-24 09:58 69 --a------ E:\WINDOWS\NeroDigital.ini
2007-12-23 02:09 . 2007-12-23 02:09 <REP> d-------- E:\Program Files\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Program Files\Fichiers communs\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero
2007-12-23 01:58 . 2007-12-24 19:57 <REP> d-------- E:\Program Files\AskTBar
2007-12-22 17:00 . 2007-12-24 18:49 <REP> d-------- E:\Program Files\Yahoo!
2007-12-22 17:00 . 2007-12-24 10:48 <REP> d-------- E:\Program Files\CCleaner
2007-12-22 16:16 . 2007-12-22 16:16 <REP> d-------- E:\WINDOWS\OPTIONS
2007-12-22 15:05 . 2007-12-22 15:05 <REP> d-------- E:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-22 14:48 . 2007-12-22 14:48 <REP> d-------- E:\Program Files\Intel
2007-12-22 13:08 . 1999-05-31 15:04 220,672 --a------ E:\WINDOWS\system32\MPEGAVMM.DLL
2007-12-22 13:08 . 1999-05-31 15:04 219,136 --a------ E:\WINDOWS\system32\MPEGAV32.DLL
2007-12-22 13:08 . 1999-05-31 15:04 68,608 --a------ E:\WINDOWS\system32\ILMPEG32.DRV
2007-12-22 13:08 . 1997-04-10 13:56 25,904 --a------ E:\WINDOWS\system32\CDROM16.DLL
2007-12-22 13:08 . 1997-04-10 13:56 22,016 --a------ E:\WINDOWS\system32\CDROM32.DLL
2007-12-22 13:06 . 2007-12-22 13:06 <REP> d-------- E:\Documents and Settings\SERGE\WINDOWS
2007-12-22 13:06 . 1996-11-05 16:13 299,008 --a------ E:\WINDOWS\uninst.exe
2007-12-22 10:48 . 2007-12-22 10:48 <REP> d-------- E:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-21 20:09 . 2007-12-21 20:09 <REP> d-------- E:\Documents and Settings\Gisèle\Application Data\Teleca
2007-12-21 20:05 . 2007-12-21 20:05 <REP> d-------- E:\Documents and Settings\Gisèle\Application Data\Sony Ericsson
2007-12-19 21:43 . 2007-12-19 21:43 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\EPSON
2007-12-19 21:06 . 2007-12-19 21:06 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\vlc
2007-12-19 21:03 . 2007-12-19 21:03 <REP> d-------- E:\Program Files\VideoLAN
2007-12-19 19:01 . 2007-12-19 19:03 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Smart Panel
2007-12-19 19:01 . 2007-12-19 19:01 29 --a------ E:\WINDOWS\DEBUGSM.INI
2007-12-19 18:18 . 2007-12-26 21:45 16,574 --a------ E:\WINDOWS\EPISMF00.SWB
2007-12-19 17:58 . 2007-12-19 17:58 <REP> d-------- E:\WINDOWS\EPSON CardMonitor Essential
2007-12-19 17:57 . 2007-12-19 17:57 <REP> d-------- E:\WINDOWS\EPSON PhotoStarter Essential
2007-12-19 17:57 . 2007-12-19 17:57 <REP> d-------- E:\Documents and Settings\All Users\Application Data\UDL
2007-12-19 17:55 . 2003-07-02 01:00 131,072 --a------ E:\WINDOWS\system32\Epcmlib.dll
2007-12-19 17:48 . 1999-06-15 11:31 96,768 --a------ E:\WINDOWS\SlantAdj.dll
2007-12-19 17:48 . 1999-12-07 02:03 73,216 --a------ E:\WINDOWS\ADE.DLL
2007-12-19 17:48 . 1999-04-27 00:17 3,136 --a------ E:\WINDOWS\Ade001.bin
2007-12-19 17:48 . 1999-08-09 23:50 72 --------- E:\WINDOWS\system32\epDPE.ini
2007-12-19 17:47 . 2007-12-19 17:53 <REP> d-------- E:\Program Files\Smart Panel
2007-12-19 17:44 . 2004-02-27 06:01 79,654 --a------ E:\WINDOWS\system32\E_FLM9BE.DLL
2007-12-19 17:44 . 2003-05-21 03:27 64,000 --a------ E:\WINDOWS\system32\E_FBCB9BE.DLL
2007-12-19 17:44 . 2000-06-07 02:01 34,304 --a------ E:\WINDOWS\system32\E_FBCH9BE.DLL
2007-12-19 17:44 . 2003-04-10 06:40 31,744 --a------ E:\WINDOWS\system32\E_DCINST.DLL
2007-12-19 17:35 . 2007-12-26 15:16 <REP> d-------- E:\Program Files\epson
2007-12-19 17:35 . 2003-07-01 00:00 46,080 --a------ E:\WINDOWS\system32\escimgd.dll
2007-12-19 17:35 . 2003-08-06 00:00 29,184 --a------ E:\WINDOWS\system32\escwiadn.dll
2007-12-19 17:35 . 2003-07-01 00:00 22,528 --a------ E:\WINDOWS\system32\esccmd.dll
2007-12-19 17:35 . 2007-12-19 17:35 25 --a------ E:\WINDOWS\CDE CX3600FGD.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 17:33 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-16 20:35 --------- d-----w E:\Program Files\Wanadoo
2008-01-16 20:09 --------- d-----w E:\Program Files\Windows Defender
2008-01-16 20:09 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-01-15 20:53 --------- d-----w E:\Program Files\SymNetDrv
2008-01-15 20:53 --------- d-----w E:\Program Files\QuickTime
2008-01-15 20:53 --------- d-----w E:\Program Files\iTunes
2008-01-12 17:03 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Canon
2008-01-09 20:49 --------- d-----w E:\Program Files\Capturino 1.4
2008-01-09 19:33 --------- d-----w E:\Program Files\Lavasoft
2008-01-09 19:33 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Lavasoft
2008-01-09 19:15 --------- d-----w E:\Program Files\Symantec
2008-01-08 18:56 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-01-08 18:55 15,360 ----a-w E:\WINDOWS\system32\ctfmon.exe
2008-01-07 20:14 --------- d-----w E:\Program Files\INFORAD_DRIVERS
2008-01-06 17:37 --------- d-----w E:\Documents and Settings\Gisèle\Application Data\Canon
2007-12-27 23:14 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe.tmp
2007-12-27 18:45 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2007-12-27 07:15 22 ----a-w E:\WINDOWS\Fonts\x.zip
2007-12-27 00:09 406,016 ----a-w E:\WINDOWS\system32\PSDrvCheck.exe
2007-12-26 14:25 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 14:24 --------- d-----w E:\Program Files\Sonic
2007-12-26 14:17 --------- d-----w E:\Program Files\ArcSoft
2007-12-26 14:16 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-12-26 13:54 --------- d-----w E:\Program Files\Panasonic
2007-12-26 13:53 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Panasonic
2007-12-26 11:02 --------- d-----w E:\Program Files\IncrediMail
2007-12-24 18:14 --------- d-----w E:\Program Files\Fichiers communs\Teleca Shared
2007-12-24 18:04 --------- d-----w E:\Program Files\eBay
2007-12-24 18:03 --------- d-----w E:\Program Files\Canon
2007-12-24 17:54 --------- d-----w E:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-16 16:09 --------- d-----w E:\Program Files\AML Products
2007-12-16 14:46 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Teleca
2007-12-16 14:43 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Sony Ericsson
2007-12-16 14:35 --------- d-----w E:\Program Files\Sony Ericsson
2007-12-01 20:44 --------- d-----w E:\Documents and Settings\Gisèle\Application Data\eBay
2007-11-28 20:21 --------- d-----w E:\Program Files\Microsoft Money
2007-11-25 16:25 --------- d-----w E:\Program Files\iPod
2007-11-07 09:28 728,576 ----a-w E:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w E:\WINDOWS\system32\quartz.dll
2007-10-25 09:26 53,248 ----a-w E:\WINDOWS\bdoscandel.exe
2007-10-25 08:28 222,720 ----a-w E:\WINDOWS\system32\wmasf.dll
2006-10-12 22:49 278,528 ----a-w E:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
[code]<pre>
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
</pre>[/code]

((((((((((((((((((((((((((((( snapshot@2008-01-15_22.02.53.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 20:37:20 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 21:14:59 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 21:14:59 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 20:37:21 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-17 21:14:59 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 21:14:59 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 20:37:21 6,127,616 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-17 21:14:59 6,135,808 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-15 20:37:22 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 21:14:59 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-12-26 14:18:06 114,741 ----a-w E:\WINDOWS\system32\dla\tfswctrl.exe
+ 2008-01-17 21:10:25 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_f8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-01-08 19:55 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-01-08 19:55 15360]
"ALUAlert"="E:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccyxv]
ddccyxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
path=E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
backup=E:\WINDOWS\pss\Antivirus Firewall.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\581f6141]
E:\WINDOWS\system32\ugwfkwas.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-08 19:55 15360 E:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2008-01-09 20:45 122929 E:\Program Files\AntivirusFirewall\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
--a------ 2008-01-09 20:45 372736 E:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2008-01-09 20:52 700416 E:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
E:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
E:\WINDOWS\system32\jkhfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
--a------ 2008-01-09 20:46 356352 E:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 E:\WINDOWS\system32\NvCpl.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" /background

R0 FSFW;F-Secure Firewall Driver;E:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-01-09 20:30]
R2 F-Secure Filter;F-Secure File System Filter;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-01-09 20:51]
R2 F-Secure Recognizer;F-Secure File System Recognizer;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 LCcfltr;Logitech USB Filter Driver;E:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 10:50]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;E:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
R3 usbstor;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S1 PinnacleMicroTV;Pinnacle Systems MicroTV Device;E:\WINDOWS\system32\DRIVERS\MicroTV.sys [2005-07-12 12:51]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);E:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);E:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);E:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe462140-b0cf-11dc-89e5-806d6172696f}]
\shell\play\Command - "E:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 08:52:57 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:15:01 E:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- E:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 19:00:03 E:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- E:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
0
Réponse 14 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
on continue
Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte en citation : 

RENV::
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccyxv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\581f6141]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
Folder::
E:\Program Files\AskTBar
E:\WINDOWS\system32\ardCo18
File::
E:\WINDOWS\system32\JKHFD.0XE 
E:\WINDOWS\system32\581f73cf 
E:\n.bat
E:\WINDOWS\DUMP6438.tmp 
E:\WINDOWS\Fonts\x.zip 
E:\WINDOWS\system32\ugwfkwas.dll
E:\WINDOWS\system32\jkhfd.exe


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

PUIS

Rends toi sur ESET Online Scanner Link
https://www.eset.com/int/home/online-scanner/
Coche la case YES, I accept the Terms Of Use
Clicque sur le bouton Start
Clique maintenat sur Install button
Clique a nouveau sur Start

Les mises a jours du scan en ligne vont se faire.
Ne coche pas Remove found threats
Clique sur Scan button

Le scan va démarrer, sois patient.

Quand le scan sera terminé, clique sur Details tab

Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back

0
Réponse 15 / 21
Serge
 
Bonjour,

J'étais absent pour raisons professionnelles !
Voici les log(s) demandés !
Merci encore pour votre aide

Serge

ComboFix 08-01-20.1 - SERGE 2008-01-21 22:03:58.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00]
Running from: E:\Documents and Settings\SERGE\Bureau\ComboFix.exe
Command switches used :: E:\Documents and Settings\SERGE\Bureau\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . Echec de suppression
E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . Echec de suppression

----- Unknown downloads made by BITS: ----
http://gpdl.google.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 21:36 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-12 21:36 . 2008-01-12 22:41 <REP> d-------- E:\VundoFix Backups
2008-01-11 13:18 . 2008-01-12 17:32 <REP> d-------- E:\WINDOWS\BDOSCAN8
2008-01-10 21:07 . 2008-01-10 21:07 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Grisoft
2008-01-10 21:06 . 2008-01-10 21:06 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 21:06 . 2007-05-30 13:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 21:30 . 2008-01-09 21:30 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\F-Secure
2008-01-09 20:46 . 2008-01-09 20:46 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\ispnews
2008-01-09 20:34 . 2008-01-09 20:34 <REP> d-------- E:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-09 20:34 . 2005-11-18 16:04 70,896 --a------ E:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-09 20:34 . 2005-11-18 16:04 33,584 --a------ E:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-09 20:30 . 2008-01-09 20:34 <REP> d-------- E:\Program Files\AntivirusFirewall
2008-01-09 20:30 . 2008-01-09 20:30 118,842 -r------- E:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-01-07 22:34 . 2008-01-07 22:34 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\McAfee
2008-01-06 21:13 . 2008-01-06 21:45 <REP> d-------- E:\Program Files\INFORAD2
2008-01-06 21:13 . 2004-06-09 15:59 939,224 --a------ E:\WINDOWS\system32\Flash.ocx
2007-12-28 22:19 . 2008-01-08 18:17 <REP> d-------- E:\Program Files\McAfee
2007-12-28 22:18 . 2008-01-08 18:17 <REP> d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 21:05 . 2007-12-26 21:05 5,248 --a------ E:\WINDOWS\system32\giveio.sys
2007-12-26 20:59 . 2007-12-26 21:00 <REP> d-------- E:\Program Files\LimeWire
2007-12-26 16:00 . 2008-01-09 20:09 <REP> d-------- E:\Program Files\Norton SystemWorks
2007-12-26 14:58 . 2007-12-26 14:58 <REP> d-------- E:\WINDOWS\Google Toolbar
2007-12-26 12:18 . 2007-12-26 12:18 0 --a------ E:\WINDOWS\Irremote.ini
2007-12-24 16:02 . 2007-12-24 16:02 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Uniblue
2007-12-24 16:01 . 2007-12-24 16:01 <REP> d-------- E:\Program Files\Uniblue
2007-12-24 15:23 . 2007-12-24 15:23 <REP> d-------- E:\Garmin
2007-12-23 23:50 . 2007-12-23 23:50 147,456 --a------ E:\WINDOWS\system32\vbzip10.dll
2007-12-23 19:40 . 2007-12-23 19:40 30,544 --a------ E:\WINDOWS\dirdib.drv
2007-12-23 19:40 . 2007-12-23 19:40 30,464 --a------ E:\WINDOWS\macromix.dll
2007-12-23 02:19 . 2007-12-23 02:19 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\dvdcss
2007-12-23 02:14 . 2007-12-23 02:14 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Nero
2007-12-23 02:13 . 2007-12-24 09:58 69 --a------ E:\WINDOWS\NeroDigital.ini
2007-12-23 02:09 . 2007-12-23 02:09 <REP> d-------- E:\Program Files\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Program Files\Fichiers communs\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero
2007-12-22 17:00 . 2007-12-24 18:49 <REP> d-------- E:\Program Files\Yahoo!
2007-12-22 17:00 . 2007-12-24 10:48 <REP> d-------- E:\Program Files\CCleaner
2007-12-22 16:16 . 2007-12-22 16:16 <REP> d-------- E:\WINDOWS\OPTIONS
2007-12-22 15:05 . 2007-12-22 15:05 <REP> d-------- E:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-22 14:48 . 2007-12-22 14:48 <REP> d-------- E:\Program Files\Intel
2007-12-22 13:08 . 1999-05-31 15:04 220,672 --a------ E:\WINDOWS\system32\MPEGAVMM.DLL
2007-12-22 13:08 . 1999-05-31 15:04 219,136 --a------ E:\WINDOWS\system32\MPEGAV32.DLL
2007-12-22 13:08 . 1999-05-31 15:04 68,608 --a------ E:\WINDOWS\system32\ILMPEG32.DRV
2007-12-22 13:08 . 1997-04-10 13:56 25,904 --a------ E:\WINDOWS\system32\CDROM16.DLL
2007-12-22 13:08 . 1997-04-10 13:56 22,016 --a------ E:\WINDOWS\system32\CDROM32.DLL
2007-12-22 13:06 . 2007-12-22 13:06 <REP> d-------- E:\Documents and Settings\SERGE\WINDOWS
2007-12-22 13:06 . 1996-11-05 16:13 299,008 --a------ E:\WINDOWS\uninst.exe
2007-12-22 10:48 . 2007-12-22 10:48 <REP> d-------- E:\Documents and Settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 20:41 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-18 17:12 --------- d-----w E:\Program Files\Wanadoo
2008-01-16 20:09 --------- d-----w E:\Program Files\Windows Defender
2008-01-16 20:09 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-01-15 20:53 --------- d-----w E:\Program Files\SymNetDrv
2008-01-15 20:53 --------- d-----w E:\Program Files\QuickTime
2008-01-15 20:53 --------- d-----w E:\Program Files\iTunes
2008-01-12 17:03 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Canon
2008-01-09 20:49 --------- d-----w E:\Program Files\Capturino 1.4
2008-01-09 19:33 --------- d-----w E:\Program Files\Lavasoft
2008-01-09 19:33 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Lavasoft
2008-01-09 19:15 --------- d-----w E:\Program Files\Symantec
2008-01-08 18:56 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-01-07 20:14 --------- d-----w E:\Program Files\INFORAD_DRIVERS
2007-12-27 23:14 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe.tmp
2007-12-27 18:45 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2007-12-26 14:25 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 14:24 --------- d-----w E:\Program Files\Sonic
2007-12-26 14:17 --------- d-----w E:\Program Files\ArcSoft
2007-12-26 14:16 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-12-26 14:16 --------- d-----w E:\Program Files\epson
2007-12-26 13:54 --------- d-----w E:\Program Files\Panasonic
2007-12-26 13:53 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Panasonic
2007-12-26 11:02 --------- d-----w E:\Program Files\IncrediMail
2007-12-24 18:14 --------- d-----w E:\Program Files\Fichiers communs\Teleca Shared
2007-12-24 18:04 --------- d-----w E:\Program Files\eBay
2007-12-24 18:03 --------- d-----w E:\Program Files\Canon
2007-12-24 17:54 --------- d-----w E:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-19 20:43 --------- d-----w E:\Documents and Settings\SERGE\Application Data\EPSON
2007-12-19 20:06 --------- d-----w E:\Documents and Settings\SERGE\Application Data\vlc
2007-12-19 20:03 --------- d-----w E:\Program Files\VideoLAN
2007-12-19 18:03 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Smart Panel
2007-12-19 16:57 --------- d-----w E:\Documents and Settings\All Users\Application Data\UDL
2007-12-19 16:53 --------- d-----w E:\Program Files\Smart Panel
2007-12-16 16:09 --------- d-----w E:\Program Files\AML Products
2007-12-16 14:46 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Teleca
2007-12-16 14:43 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Sony Ericsson
2007-12-16 14:35 --------- d-----w E:\Program Files\Sony Ericsson
2007-11-28 20:21 --------- d-----w E:\Program Files\Microsoft Money
2007-11-25 16:25 --------- d-----w E:\Program Files\iPod
2007-10-25 09:26 53,248 ----a-w E:\WINDOWS\bdoscandel.exe
2006-10-12 22:49 278,528 ----a-w E:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
[code]<pre>
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
</pre>[/code]

((((((((((((((((((((((((((((( snapshot@2008-01-15_22.02.53.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 20:37:20 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-21 21:03:50 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-21 21:03:50 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-15 20:37:21 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
+ 2008-01-21 21:03:50 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-21 21:03:51 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-15 20:37:21 6,127,616 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-21 21:03:51 6,135,808 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-15 20:37:22 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-21 21:03:52 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2007-12-26 14:18:06 114,741 ----a-w E:\WINDOWS\system32\dla\tfswctrl.exe
- 2006-10-12 22:48:39 17,134 ----a-w E:\WINDOWS\system32\PCANDIS5.sys
+ 2008-01-18 17:37:35 17,134 ----a-w E:\WINDOWS\system32\PCANDIS5.sys
+ 2008-01-21 21:08:34 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-01-08 19:55 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-01-08 19:55 15360]
"ALUAlert"="E:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
path=E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
backup=E:\WINDOWS\pss\Antivirus Firewall.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-08 19:55 15360 E:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2008-01-09 20:45 122929 E:\Program Files\AntivirusFirewall\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
--a------ 2008-01-09 20:45 372736 E:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2008-01-09 20:52 700416 E:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
E:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
--a------ 2008-01-09 20:46 356352 E:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 E:\WINDOWS\system32\NvCpl.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" /background

R0 FSFW;F-Secure Firewall Driver;E:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-01-09 20:30]
R2 F-Secure Filter;F-Secure File System Filter;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-01-09 20:51]
R2 F-Secure Recognizer;F-Secure File System Recognizer;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 ATMELFVNETusb(AR)(R);ATMEL FVNETusb(AR)(R) Service for ATMEL USB FastVNET (AR);E:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2003-12-05 13:39]
R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
R3 usbstor;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S1 PinnacleMicroTV;Pinnacle Systems MicroTV Device;E:\WINDOWS\system32\DRIVERS\MicroTV.sys [2005-07-12 12:51]
S3 LCcfltr;Logitech USB Filter Driver;E:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 10:50]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);E:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);E:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);E:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;E:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe462140-b0cf-11dc-89e5-806d6172696f}]
\shell\play\Command - "E:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 08:52:57 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 16:15:01 E:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- E:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 19:00:03 E:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- E:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 22:11:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 22:14:39 - machine was rebooted [SERGE]
ComboFix-quarantined-files.txt 2008-01-21 21:14:31
ComboFix2.txt 2008-01-18 16:25:28
ComboFix3.txt 2008-01-16 20:18:53
ComboFix4.txt 2008-01-15 21:03:27
.
2008-01-09 11:45:25 --- E O F ---

Voici le scan !

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2811 (20080121)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=327524366ac83e41a886cc0dadd1f97a
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-21 10:19:10
# local_time=2008-01-21 11:19:10 (+0100, Paris, Madrid)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=515293
# found=56
# scan_time=3452
E:\ancien hdd\WINDOWS\Bureau\serge\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\serge\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\Documents and Settings\SERGE\Mes documents\Serge divers\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\Documents and Settings\SERGE\Mes documents\Serge divers\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\Documents and Settings\SERGE\Mes documents\Serge divers\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\AVGAS.0XE Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
E:\QooBox\Quarantine\catchme2008-01-15_215832.84.zip Win32/Adware.Virtumonde.FP application 15CAAA0710C735A8446ECB54A368A75B
E:\QooBox\Quarantine\catchme2008-01-15_215832.84.zip »ZIP »jkhfd.dll Win32/Adware.Virtumonde.FP application 00000000000000000000000000000000
E:\QooBox\Quarantine\E\WINDOWS\system32\JKHFD.0XE.0IR Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
E:\QooBox\Quarantine\E\WINDOWS\system32\jkhfd.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
0
Réponse 16 / 21
Serge
 
Bonjour,

J'étais absent pour raisons professionnelles !
Voici les log(s) demandés !
Merci encore pour votre aide

Serge

ComboFix 08-01-20.1 - SERGE 2008-01-21 22:03:58.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00]
Running from: E:\Documents and Settings\SERGE\Bureau\ComboFix.exe
Command switches used :: E:\Documents and Settings\SERGE\Bureau\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . Echec de suppression
E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . Echec de suppression

----- Unknown downloads made by BITS: ----
http://gpdl.google.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 21:36 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-12 21:36 . 2008-01-12 22:41 <REP> d-------- E:\VundoFix Backups
2008-01-11 13:18 . 2008-01-12 17:32 <REP> d-------- E:\WINDOWS\BDOSCAN8
2008-01-10 21:07 . 2008-01-10 21:07 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Grisoft
2008-01-10 21:06 . 2008-01-10 21:06 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 21:06 . 2007-05-30 13:10 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 21:30 . 2008-01-09 21:30 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\F-Secure
2008-01-09 20:46 . 2008-01-09 20:46 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\ispnews
2008-01-09 20:34 . 2008-01-09 20:34 <REP> d-------- E:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-09 20:34 . 2005-11-18 16:04 70,896 --a------ E:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-09 20:34 . 2005-11-18 16:04 33,584 --a------ E:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-09 20:30 . 2008-01-09 20:34 <REP> d-------- E:\Program Files\AntivirusFirewall
2008-01-09 20:30 . 2008-01-09 20:30 118,842 -r------- E:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-01-07 22:34 . 2008-01-07 22:34 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\McAfee
2008-01-06 21:13 . 2008-01-06 21:45 <REP> d-------- E:\Program Files\INFORAD2
2008-01-06 21:13 . 2004-06-09 15:59 939,224 --a------ E:\WINDOWS\system32\Flash.ocx
2007-12-28 22:19 . 2008-01-08 18:17 <REP> d-------- E:\Program Files\McAfee
2007-12-28 22:18 . 2008-01-08 18:17 <REP> d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-12-26 21:05 . 2007-12-26 21:05 5,248 --a------ E:\WINDOWS\system32\giveio.sys
2007-12-26 20:59 . 2007-12-26 21:00 <REP> d-------- E:\Program Files\LimeWire
2007-12-26 16:00 . 2008-01-09 20:09 <REP> d-------- E:\Program Files\Norton SystemWorks
2007-12-26 14:58 . 2007-12-26 14:58 <REP> d-------- E:\WINDOWS\Google Toolbar
2007-12-26 12:18 . 2007-12-26 12:18 0 --a------ E:\WINDOWS\Irremote.ini
2007-12-24 16:02 . 2007-12-24 16:02 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Uniblue
2007-12-24 16:01 . 2007-12-24 16:01 <REP> d-------- E:\Program Files\Uniblue
2007-12-24 15:23 . 2007-12-24 15:23 <REP> d-------- E:\Garmin
2007-12-23 23:50 . 2007-12-23 23:50 147,456 --a------ E:\WINDOWS\system32\vbzip10.dll
2007-12-23 19:40 . 2007-12-23 19:40 30,544 --a------ E:\WINDOWS\dirdib.drv
2007-12-23 19:40 . 2007-12-23 19:40 30,464 --a------ E:\WINDOWS\macromix.dll
2007-12-23 02:19 . 2007-12-23 02:19 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\dvdcss
2007-12-23 02:14 . 2007-12-23 02:14 <REP> d-------- E:\Documents and Settings\SERGE\Application Data\Nero
2007-12-23 02:13 . 2007-12-24 09:58 69 --a------ E:\WINDOWS\NeroDigital.ini
2007-12-23 02:09 . 2007-12-23 02:09 <REP> d-------- E:\Program Files\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Program Files\Fichiers communs\Nero
2007-12-23 02:09 . 2007-12-26 12:29 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero
2007-12-22 17:00 . 2007-12-24 18:49 <REP> d-------- E:\Program Files\Yahoo!
2007-12-22 17:00 . 2007-12-24 10:48 <REP> d-------- E:\Program Files\CCleaner
2007-12-22 16:16 . 2007-12-22 16:16 <REP> d-------- E:\WINDOWS\OPTIONS
2007-12-22 15:05 . 2007-12-22 15:05 <REP> d-------- E:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-22 14:48 . 2007-12-22 14:48 <REP> d-------- E:\Program Files\Intel
2007-12-22 13:08 . 1999-05-31 15:04 220,672 --a------ E:\WINDOWS\system32\MPEGAVMM.DLL
2007-12-22 13:08 . 1999-05-31 15:04 219,136 --a------ E:\WINDOWS\system32\MPEGAV32.DLL
2007-12-22 13:08 . 1999-05-31 15:04 68,608 --a------ E:\WINDOWS\system32\ILMPEG32.DRV
2007-12-22 13:08 . 1997-04-10 13:56 25,904 --a------ E:\WINDOWS\system32\CDROM16.DLL
2007-12-22 13:08 . 1997-04-10 13:56 22,016 --a------ E:\WINDOWS\system32\CDROM32.DLL
2007-12-22 13:06 . 2007-12-22 13:06 <REP> d-------- E:\Documents and Settings\SERGE\WINDOWS
2007-12-22 13:06 . 1996-11-05 16:13 299,008 --a------ E:\WINDOWS\uninst.exe
2007-12-22 10:48 . 2007-12-22 10:48 <REP> d-------- E:\Documents and Settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 20:41 --------- d-----w E:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-18 17:12 --------- d-----w E:\Program Files\Wanadoo
2008-01-16 20:09 --------- d-----w E:\Program Files\Windows Defender
2008-01-16 20:09 --------- d-----w E:\Program Files\Fichiers communs\Symantec Shared
2008-01-15 20:53 --------- d-----w E:\Program Files\SymNetDrv
2008-01-15 20:53 --------- d-----w E:\Program Files\QuickTime
2008-01-15 20:53 --------- d-----w E:\Program Files\iTunes
2008-01-12 17:03 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Canon
2008-01-09 20:49 --------- d-----w E:\Program Files\Capturino 1.4
2008-01-09 19:33 --------- d-----w E:\Program Files\Lavasoft
2008-01-09 19:33 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Lavasoft
2008-01-09 19:15 --------- d-----w E:\Program Files\Symantec
2008-01-08 18:56 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-01-07 20:14 --------- d-----w E:\Program Files\INFORAD_DRIVERS
2007-12-27 23:14 160,768 ----a-w E:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe.tmp
2007-12-27 18:45 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
2007-12-26 14:25 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 14:24 --------- d-----w E:\Program Files\Sonic
2007-12-26 14:17 --------- d-----w E:\Program Files\ArcSoft
2007-12-26 14:16 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-12-26 14:16 --------- d-----w E:\Program Files\epson
2007-12-26 13:54 --------- d-----w E:\Program Files\Panasonic
2007-12-26 13:53 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Panasonic
2007-12-26 11:02 --------- d-----w E:\Program Files\IncrediMail
2007-12-24 18:14 --------- d-----w E:\Program Files\Fichiers communs\Teleca Shared
2007-12-24 18:04 --------- d-----w E:\Program Files\eBay
2007-12-24 18:03 --------- d-----w E:\Program Files\Canon
2007-12-24 17:54 --------- d-----w E:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-19 20:43 --------- d-----w E:\Documents and Settings\SERGE\Application Data\EPSON
2007-12-19 20:06 --------- d-----w E:\Documents and Settings\SERGE\Application Data\vlc
2007-12-19 20:03 --------- d-----w E:\Program Files\VideoLAN
2007-12-19 18:03 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Smart Panel
2007-12-19 16:57 --------- d-----w E:\Documents and Settings\All Users\Application Data\UDL
2007-12-19 16:53 --------- d-----w E:\Program Files\Smart Panel
2007-12-16 16:09 --------- d-----w E:\Program Files\AML Products
2007-12-16 14:46 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Teleca
2007-12-16 14:43 --------- d-----w E:\Documents and Settings\SERGE\Application Data\Sony Ericsson
2007-12-16 14:35 --------- d-----w E:\Program Files\Sony Ericsson
2007-11-28 20:21 --------- d-----w E:\Program Files\Microsoft Money
2007-11-25 16:25 --------- d-----w E:\Program Files\iPod
2007-10-25 09:26 53,248 ----a-w E:\WINDOWS\bdoscandel.exe
2006-10-12 22:49 278,528 ----a-w E:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
[code]<pre>
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
</pre>[/code]

((((((((((((((((((((((((((((( snapshot@2008-01-15_22.02.53.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 20:37:20 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-21 21:03:50 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-21 21:03:50 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-15 20:37:21 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
+ 2008-01-21 21:03:50 237,568 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat
- 2008-01-15 20:37:21 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-21 21:03:51 8,192 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-15 20:37:21 6,127,616 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-21 21:03:51 6,135,808 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-15 20:37:22 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-21 21:03:52 172,032 ----a-w E:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2007-12-26 14:18:06 114,741 ----a-w E:\WINDOWS\system32\dla\tfswctrl.exe
- 2006-10-12 22:48:39 17,134 ----a-w E:\WINDOWS\system32\PCANDIS5.sys
+ 2008-01-18 17:37:35 17,134 ----a-w E:\WINDOWS\system32\PCANDIS5.sys
+ 2008-01-21 21:08:34 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-01-08 19:55 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-01-08 19:55 15360]
"ALUAlert"="E:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Antivirus Firewall.lnk]
path=E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Antivirus Firewall.lnk
backup=E:\WINDOWS\pss\Antivirus Firewall.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-01-08 19:55 15360 E:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2008-01-09 20:45 122929 E:\Program Files\AntivirusFirewall\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
--a------ 2008-01-09 20:45 372736 E:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
--a------ 2008-01-09 20:52 700416 E:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
E:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
--a------ 2008-01-09 20:46 356352 E:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 E:\WINDOWS\system32\NvCpl.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" /background

R0 FSFW;F-Secure Firewall Driver;E:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;E:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-01-09 20:30]
R2 F-Secure Filter;F-Secure File System Filter;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-01-09 20:51]
R2 F-Secure Recognizer;F-Secure File System Recognizer;E:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
R3 ATMELFVNETusb(AR)(R);ATMEL FVNETusb(AR)(R) Service for ATMEL USB FastVNET (AR);E:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2003-12-05 13:39]
R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
R3 usbstor;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S1 PinnacleMicroTV;Pinnacle Systems MicroTV Device;E:\WINDOWS\system32\DRIVERS\MicroTV.sys [2005-07-12 12:51]
S3 LCcfltr;Logitech USB Filter Driver;E:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 10:50]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);E:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);E:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);E:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;E:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe462140-b0cf-11dc-89e5-806d6172696f}]
\shell\play\Command - "E:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 08:52:57 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 16:15:01 E:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- E:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 19:00:03 E:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- E:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 22:11:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 22:14:39 - machine was rebooted [SERGE]
ComboFix-quarantined-files.txt 2008-01-21 21:14:31
ComboFix2.txt 2008-01-18 16:25:28
ComboFix3.txt 2008-01-16 20:18:53
ComboFix4.txt 2008-01-15 21:03:27
.
2008-01-09 11:45:25 --- E O F ---

Voici le scan !

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2811 (20080121)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=327524366ac83e41a886cc0dadd1f97a
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-21 10:19:10
# local_time=2008-01-21 11:19:10 (+0100, Paris, Madrid)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=515293
# found=56
# scan_time=3452
E:\ancien hdd\WINDOWS\Bureau\serge\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\serge\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\serge\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\Serge\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe multiple infiltrations 8EC2F4AFA8BA08747B703CDDF24AD195
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »F1.dll Win32/Adbreak.E trojan 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »TTIL_imesh.exe a variant of Win32/Adware.Ezula application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »imesh_336.exe Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\download\iMeshV3.exe »WISE »FSG.exe Win32/Adware.Gator.Trickler.F application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\ancien hdd\WINDOWS\Bureau\transfert\Windows1\Desktop\transfert\transfert\Mes Documents\Mes Documents\transfert\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\Documents and Settings\SERGE\Mes documents\Serge divers\mes doc.zip a variant of Win32/Adware.NdotNet application 8FEF37346A8705A9B6A6A5627EDBF609
E:\Documents and Settings\SERGE\Mes documents\Serge divers\mes doc.zip »ZIP »iMeshV22.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\Documents and Settings\SERGE\Mes documents\Serge divers\mes doc.zip »ZIP »iMeshV22.exe »WISE »imesh2_78.exe a variant of Win32/Adware.NdotNet application 00000000000000000000000000000000
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\AVGAS.0XE Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
E:\QooBox\Quarantine\catchme2008-01-15_215832.84.zip Win32/Adware.Virtumonde.FP application 15CAAA0710C735A8446ECB54A368A75B
E:\QooBox\Quarantine\catchme2008-01-15_215832.84.zip »ZIP »jkhfd.dll Win32/Adware.Virtumonde.FP application 00000000000000000000000000000000
E:\QooBox\Quarantine\E\WINDOWS\system32\JKHFD.0XE.0IR Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
E:\QooBox\Quarantine\E\WINDOWS\system32\jkhfd.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
0
Réponse 17 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Combifix n'arrive pas à réparer ces fichiers , je ne comprends pas pourquoi
[code]<pre>
----a-w 1,688,872 2007-12-24 10:40:45 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:14 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:19 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,688,872 2007-12-26 19:23:23 E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
----a-w 1,885,464 2007-12-26 13:10:01 E:\Program Files\Uniblue\RegistryBooster2 \RegistryBooster .exe
</pre>[/code]

registrybooster tu l'as acheté?

2 solutions
1/ on tente un nouveau outil et on croise les doigts pour que cela fonctionne
2/ tu supprimes les logiciels infectés et tu les réinstalles, je pense que tu dois en avoir les CD ou le setup sur ton PC
dis moi ce que tu préfères...
0
Réponse 18 / 21
Serge
 
Bonjour,

On supprime les logiciels infectés.
Dis moi ce que je dois faire !

Merci,

Serge
0
Réponse 19 / 21
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
pour registrybooster, voici la méthode pour le supprimer
http://www.liutilities.com/support/faq/articles/39/

pour Nero tu le supprimes par ajout suppression de programmes
puis tu refais un scan avec Combofix et tu postes le rapport
0
Réponse 20 / 21
Serge
 
Bonjour,

J'ai réussi avec beaucoup de mal à désinstaller l'antivirus de chez Orange.
A partir de cet instant, le message m'indiquant la présence du virus à disparu.
Puis j'ai fait un scan avec AVGAS et j'ai détruit 54 virus et autres saloperies.
J'ai ensuite refait un scan avec AVGAS et norton sans retrouver le moindre problème.
J'ai ensuite réinstallé Norton après l'avoir updaté.
Pour résumer, je pense que l'antivirus Orange était "bloqué" par le virus et protégeait ce dernier.

Je tiens à vous remercier pour votre aide.
Sans vous je n'aurai pas abouti à cette conclusion et je n'aurai surement pas résolu ce problème.

Encore merci,

Serge
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses