Virus/ver Win32:VB-EFO [Wrm] dans C:boot.exe

sylvain59 -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

avast me signale tous les 1/2 heure une alerte disant: C/boot.exe est infecté par virus/ver Win32 : VB-EFO [Wrm].
je ne trouve pas ce fichier dans on ordi (même dans les fichiers cachés).
mon ordinateur marche correctement mais c'est très énervant et si je ne fais rien, ça risque peut-être de coincer un jour!
merci pour votre aide.
Configuration: Windows XP pro version 2002
Internet Explorer 6.0

16 réponses

  1. ADYsoft@ Messages postés 107 Date d'inscription   Statut Membre Dernière intervention   14
     
    installer kaspersky 7
    0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci :

    Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tuto : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
  3. sylvain59
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:23:41, on 26/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\CardReader2.0\CRBroadCasting.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CardReader2.0\OTiReader.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\HDeck.exe
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\sylvain\Application Data\WinButler\WinButler.exe
    O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\sylvain\Application Data\Microsoft\Windows\rayio.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sylvain59
     
    comment faire pour démarrer en mode sans échec?
    0
  7. sylvain59
     
    ComboFix 08-08-25.01 - sylvain 2008-08-26 21:07:18.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.631 [GMT 2:00]
    Endroit: C:\Documents and Settings\sylvain\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\sylvain\Application Data\inst.exe
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com\v\swf\qplayer.swf\youku.sol
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
    C:\Documents and Settings\sylvain\Local Settings\TempNER55595772.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER56247049.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER579B4A80.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER596016C5.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER5C3F5DB2.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER5E330D66.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER60A42FFF.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER7402301C.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER75615772.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER77067049.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER78DB4A80.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER7B3D16C5.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER7EE65DB2.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER82AF0D66.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER84072FFF.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNERF1D9301C.EXE

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-26 20:22 . 2008-08-26 20:22 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-26 18:55 . 2008-08-26 18:55 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-08-23 01:22 . 2008-08-23 01:22 <REP> d-------- C:\Program Files\Fichiers communs\Ankiro
    2008-08-23 01:21 . 2008-08-23 01:21 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-08-23 01:20 . 2008-08-26 21:04 <REP> d-------- C:\Program Files\SPAMfighter
    2008-08-19 07:49 . 2008-08-19 08:18 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-09 18:50 . 2008-08-10 18:35 <REP> d-------- C:\Program Files\EA Games
    2008-08-03 21:57 . 2008-08-03 21:57 <REP> d-------- C:\Documents and Settings\sylvain\Application Data\dvdcss
    2008-07-29 01:34 . 2008-07-29 01:43 <REP> d-------- C:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-26 18:31 --------- d-----w C:\Program Files\Nikon
    2008-08-26 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-26 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-26 13:41 --------- d-----w C:\Program Files\BearShare
    2008-08-25 20:14 561 ----a-w C:\Program Files\PhotoFiltre.ini
    2008-08-01 13:12 --------- d-----w C:\Program Files\eMule
    2008-07-16 19:45 --------- d-----w C:\Program Files\Sun
    2008-07-16 19:44 --------- d-----w C:\Program Files\Java
    2008-07-09 16:49 --------- d-----w C:\Program Files\CardReader Win2000 Driver
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-04 13:53 --------- d-----w C:\Program Files\ParadisePoker
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 09:02 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
    2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-04-09 15:05 5,831,160 -c--a-w C:\Program Files\rminstall.exe
    2008-02-11 13:32 117,248 -csha-w C:\Program Files\Thumbs.db
    2007-08-21 20:50 47,360 -c--a-w C:\Documents and Settings\sylvain\Application Data\pcouffin.sys
    2007-04-25 18:37 674 -c--a-w C:\Program Files\DDE.INI
    2007-04-25 18:37 329 -c--a-w C:\Program Files\FERRI.REG
    2007-04-25 18:37 24,172 -c--a-w C:\Program Files\Uninst.isu
    2007-04-25 18:37 2,907 -c--a-w C:\Program Files\Telepat.ini
    2007-01-08 12:44 3,578,880 -c--a-w C:\Program Files\LOGICIEL-BARCLAYS.exe
    2006-10-03 21:10 2,719,232 ----a-w C:\Program Files\PhotoFiltre.exe
    2005-08-29 08:43 8,073 -c--a-w C:\Program Files\PhotoMasque.htm
    2005-08-18 08:21 33,369 -c--a-w C:\Program Files\PhotoFiltre.htm
    2004-04-13 09:17 2,592,768 -c--a-w C:\Program Files\Telepat.exe
    2004-03-03 15:35 64,980 -c--a-w C:\Program Files\SCREEN0.TXT
    2004-01-20 17:01 8,516 -c--a-w C:\Program Files\TRANSAC0.TXT
    2004-01-07 12:34 1,170 -c--a-w C:\Program Files\Licence.txt
    2003-12-11 09:43 163,840 -c--a-w C:\Program Files\MyPrintDll.dll
    2003-12-10 18:22 17,178 -c--a-w C:\Program Files\TRANSAC.INI
    2003-07-02 14:31 97,148 -c--a-w C:\Program Files\REPORT0.TXT
    2003-06-30 09:04 12,062 -c--a-w C:\Program Files\REPORT.INI
    2003-06-20 10:00 79,146 -c--a-w C:\Program Files\Ferrilog.bmp
    2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Ferri.bmp
    2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect2.bmp
    2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect.bmp
    2003-06-18 16:37 237,334 -c--a-w C:\Program Files\GuideING6.pdf
    2003-06-18 09:16 21,640 -c--a-w C:\Program Files\MSG_ERR0.TXT
    2003-06-04 09:04 41,035 -c--a-w C:\Program Files\ResourceIcone.dll
    2003-05-07 15:59 17,371 -c--a-w C:\Program Files\MENU0.TXT
    2003-05-01 11:05 1,869,312 -c--a-w C:\Program Files\BOURSOP.exe
    2003-04-12 12:44 2,638 -c--a-w C:\Program Files\WARNING.BMP
    2003-04-11 15:41 1,719 -c--a-w C:\Program Files\MENU.INI
    2003-04-11 15:40 2,248 -c--a-w C:\Program Files\GRAPHIC.INI
    2003-03-11 08:34 2,446 -c--a-w C:\Program Files\bvalo.bmp
    2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bsynth.bmp
    2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bhisto.bmp
    2003-03-11 08:32 1,910 -c--a-w C:\Program Files\border.bmp
    2003-03-10 17:01 1,174 -c--a-w C:\Program Files\bmove.bmp
    2003-03-10 11:27 6,294 -c--a-w C:\Program Files\badd.bmp
    2003-01-07 10:33 6,294 -c--a-w C:\Program Files\bexit.bmp
    2003-01-07 10:24 6,294 -c--a-w C:\Program Files\bcut.bmp
    2003-01-07 10:22 6,294 -c--a-w C:\Program Files\bsaveas.bmp
    2003-01-07 10:19 6,294 -c--a-w C:\Program Files\bsave.bmp
    2003-01-07 10:17 6,294 -c--a-w C:\Program Files\bload.bmp
    2003-01-07 10:15 6,294 -c--a-w C:\Program Files\bbook.bmp
    2002-11-28 10:42 188 -c--a-w C:\Program Files\ascii0.txt
    2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mwarrant.bmp
    2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mipo.bmp
    2002-07-12 08:28 6,294 -c--a-w C:\Program Files\bclose.bmp
    2002-07-08 13:41 4,734 -c--a-w C:\Program Files\config_s.bmp
    2002-07-08 10:36 2,638 -c--a-w C:\Program Files\carno_s.bmp
    2002-06-24 12:32 1,814 -c--a-w C:\Program Files\book_s.bmp
    2002-05-29 14:19 11,912 -c--a-w C:\Program Files\Mmailbox.bmp
    2002-03-15 10:44 5,134 -c--a-w C:\Program Files\mthsord.bmp
    2002-03-05 09:56 5,134 -c--a-w C:\Program Files\mjdf.bmp
    2002-03-05 09:54 5,134 -c--a-w C:\Program Files\mdevises.bmp
    2002-03-05 09:53 5,134 -c--a-w C:\Program Files\mindices.bmp
    2001-12-11 15:11 2,638 -c--a-w C:\Program Files\Prev_s.bmp
    2001-12-11 13:58 4,736 -c--a-w C:\Program Files\Valeur_s.bmp
    2001-12-11 13:51 4,736 -c--a-w C:\Program Files\Fresh_s.bmp
    2001-12-11 13:49 4,736 -c--a-w C:\Program Files\Tri_s.bmp
    2001-12-11 13:46 11,912 -c--a-w C:\Program Files\Mpertrn.bmp
    2001-12-11 13:34 11,912 -c--a-w C:\Program Files\mfiscal.bmp
    2001-12-11 13:31 11,912 -c--a-w C:\Program Files\Detail.bmp
    2001-12-11 13:30 11,912 -c--a-w C:\Program Files\Mreplst.bmp
    2001-12-11 13:21 11,912 -c--a-w C:\Program Files\Para_l.bmp
    2001-12-11 13:11 11,912 -c--a-w C:\Program Files\open_L.BMP
    2001-12-11 13:09 11,912 -c--a-w C:\Program Files\Proc_l.bmp
    2001-12-11 13:07 11,912 -c--a-w C:\Program Files\Minvreal.bmp
    2001-12-11 13:06 11,912 -c--a-w C:\Program Files\Mconglo.bmp
    2001-12-11 13:05 11,912 -c--a-w C:\Program Files\Minvsel.bmp
    2001-12-11 13:02 11,912 -c--a-w C:\Program Files\Cut_l.bmp
    2001-12-11 13:00 11,912 -c--a-w C:\Program Files\Mconfig.bmp
    2001-12-11 12:59 11,912 -c--a-w C:\Program Files\Mopcvm.bmp
    2001-12-11 12:58 11,912 -c--a-w C:\Program Files\Ok_l.bmp
    2001-12-11 12:56 11,912 -c--a-w C:\Program Files\Report.bmp
    2001-12-11 12:54 11,912 -c--a-w C:\Program Files\Porlst_l.bmp
    2001-12-11 12:49 11,912 -c--a-w C:\Program Files\Asslst_l.bmp
    2001-12-11 12:48 11,912 -c--a-w C:\Program Files\Addpor_l.bmp
    2001-12-06 16:33 4,736 -c--a-w C:\Program Files\Zoom_s.bmp
    2001-12-06 16:28 4,736 -c--a-w C:\Program Files\Print_s.bmp
    2001-12-06 16:27 4,736 -c--a-w C:\Program Files\Tool_s.bmp
    2001-12-06 16:26 4,736 -c--a-w C:\Program Files\Trash_s.bmp
    2001-12-06 16:22 4,736 -c--a-w C:\Program Files\Font_s.bmp
    2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Export_s.bmp
    2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Add_s.bmp
    2001-12-06 16:20 4,736 -c--a-w C:\Program Files\Find_s.bmp
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
    "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-05 15:46 679936]
    "CRBroadCasting"="C:\Program Files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 12:46 24576]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 06:35 429568]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-24 18:24 1155122]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-29 14:54 321672]
    "VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe [2007-04-25 22:03:16 180224]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-08-21 22:40:07 118784]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="C:\\WINDOWS\\Explorer.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=

    R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
    R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-29 14:56]
    S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05ddb1cf-f368-11db-91af-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - K:\Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0771b3c0-74bf-11dc-91ea-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cd38ab5-9621-11dc-91f3-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8946909e-9e57-11dc-91fa-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17287d9-b95f-11dc-9200-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    HKCU-Run-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
    HKCU-Run-WinButler - C:\Documents and Settings\sylvain\Application Data\WinButler\WinButler.exe
    HKCU-Run-SfKg6wIPu - C:\Documents and Settings\sylvain\Application Data\Microsoft\Windows\rayio.exe
    HKLM-Run-AudioDeck - C:\Program Files\VIAudioi\SBADeck\HDeck.exe

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.fr/
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
    C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-26 21:09:08
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-26 21:10:22
    ComboFix-quarantined-files.txt 2008-08-26 19:10:08

    Pre-Run: 60,994,260,992 octets libres
    Post-Run: 60,905,254,912 octets libres

    243 --- E O F --- 2008-08-15 01:01:22
    0
  8. sylvain59
     
    ComboFix 08-08-25.01 - sylvain 2008-08-26 21:07:18.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.631 [GMT 2:00]
    Endroit: C:\Documents and Settings\sylvain\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\sylvain\Application Data\inst.exe
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com\v\swf\qplayer.swf\youku.sol
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
    C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
    C:\Documents and Settings\sylvain\Local Settings\TempNER55595772.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER56247049.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER579B4A80.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER596016C5.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER5C3F5DB2.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER5E330D66.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER60A42FFF.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER7402301C.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER75615772.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER77067049.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER78DB4A80.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER7B3D16C5.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER7EE65DB2.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER82AF0D66.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNER84072FFF.EXE
    C:\Documents and Settings\sylvain\Local Settings\TempNERF1D9301C.EXE

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-26 20:22 . 2008-08-26 20:22 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-26 18:55 . 2008-08-26 18:55 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-08-23 01:22 . 2008-08-23 01:22 <REP> d-------- C:\Program Files\Fichiers communs\Ankiro
    2008-08-23 01:21 . 2008-08-23 01:21 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-08-23 01:20 . 2008-08-26 21:04 <REP> d-------- C:\Program Files\SPAMfighter
    2008-08-19 07:49 . 2008-08-19 08:18 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-09 18:50 . 2008-08-10 18:35 <REP> d-------- C:\Program Files\EA Games
    2008-08-03 21:57 . 2008-08-03 21:57 <REP> d-------- C:\Documents and Settings\sylvain\Application Data\dvdcss
    2008-07-29 01:34 . 2008-07-29 01:43 <REP> d-------- C:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-26 18:31 --------- d-----w C:\Program Files\Nikon
    2008-08-26 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-26 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-26 13:41 --------- d-----w C:\Program Files\BearShare
    2008-08-25 20:14 561 ----a-w C:\Program Files\PhotoFiltre.ini
    2008-08-01 13:12 --------- d-----w C:\Program Files\eMule
    2008-07-16 19:45 --------- d-----w C:\Program Files\Sun
    2008-07-16 19:44 --------- d-----w C:\Program Files\Java
    2008-07-09 16:49 --------- d-----w C:\Program Files\CardReader Win2000 Driver
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-04 13:53 --------- d-----w C:\Program Files\ParadisePoker
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 09:02 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
    2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-04-09 15:05 5,831,160 -c--a-w C:\Program Files\rminstall.exe
    2008-02-11 13:32 117,248 -csha-w C:\Program Files\Thumbs.db
    2007-08-21 20:50 47,360 -c--a-w C:\Documents and Settings\sylvain\Application Data\pcouffin.sys
    2007-04-25 18:37 674 -c--a-w C:\Program Files\DDE.INI
    2007-04-25 18:37 329 -c--a-w C:\Program Files\FERRI.REG
    2007-04-25 18:37 24,172 -c--a-w C:\Program Files\Uninst.isu
    2007-04-25 18:37 2,907 -c--a-w C:\Program Files\Telepat.ini
    2007-01-08 12:44 3,578,880 -c--a-w C:\Program Files\LOGICIEL-BARCLAYS.exe
    2006-10-03 21:10 2,719,232 ----a-w C:\Program Files\PhotoFiltre.exe
    2005-08-29 08:43 8,073 -c--a-w C:\Program Files\PhotoMasque.htm
    2005-08-18 08:21 33,369 -c--a-w C:\Program Files\PhotoFiltre.htm
    2004-04-13 09:17 2,592,768 -c--a-w C:\Program Files\Telepat.exe
    2004-03-03 15:35 64,980 -c--a-w C:\Program Files\SCREEN0.TXT
    2004-01-20 17:01 8,516 -c--a-w C:\Program Files\TRANSAC0.TXT
    2004-01-07 12:34 1,170 -c--a-w C:\Program Files\Licence.txt
    2003-12-11 09:43 163,840 -c--a-w C:\Program Files\MyPrintDll.dll
    2003-12-10 18:22 17,178 -c--a-w C:\Program Files\TRANSAC.INI
    2003-07-02 14:31 97,148 -c--a-w C:\Program Files\REPORT0.TXT
    2003-06-30 09:04 12,062 -c--a-w C:\Program Files\REPORT.INI
    2003-06-20 10:00 79,146 -c--a-w C:\Program Files\Ferrilog.bmp
    2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Ferri.bmp
    2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect2.bmp
    2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect.bmp
    2003-06-18 16:37 237,334 -c--a-w C:\Program Files\GuideING6.pdf
    2003-06-18 09:16 21,640 -c--a-w C:\Program Files\MSG_ERR0.TXT
    2003-06-04 09:04 41,035 -c--a-w C:\Program Files\ResourceIcone.dll
    2003-05-07 15:59 17,371 -c--a-w C:\Program Files\MENU0.TXT
    2003-05-01 11:05 1,869,312 -c--a-w C:\Program Files\BOURSOP.exe
    2003-04-12 12:44 2,638 -c--a-w C:\Program Files\WARNING.BMP
    2003-04-11 15:41 1,719 -c--a-w C:\Program Files\MENU.INI
    2003-04-11 15:40 2,248 -c--a-w C:\Program Files\GRAPHIC.INI
    2003-03-11 08:34 2,446 -c--a-w C:\Program Files\bvalo.bmp
    2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bsynth.bmp
    2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bhisto.bmp
    2003-03-11 08:32 1,910 -c--a-w C:\Program Files\border.bmp
    2003-03-10 17:01 1,174 -c--a-w C:\Program Files\bmove.bmp
    2003-03-10 11:27 6,294 -c--a-w C:\Program Files\badd.bmp
    2003-01-07 10:33 6,294 -c--a-w C:\Program Files\bexit.bmp
    2003-01-07 10:24 6,294 -c--a-w C:\Program Files\bcut.bmp
    2003-01-07 10:22 6,294 -c--a-w C:\Program Files\bsaveas.bmp
    2003-01-07 10:19 6,294 -c--a-w C:\Program Files\bsave.bmp
    2003-01-07 10:17 6,294 -c--a-w C:\Program Files\bload.bmp
    2003-01-07 10:15 6,294 -c--a-w C:\Program Files\bbook.bmp
    2002-11-28 10:42 188 -c--a-w C:\Program Files\ascii0.txt
    2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mwarrant.bmp
    2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mipo.bmp
    2002-07-12 08:28 6,294 -c--a-w C:\Program Files\bclose.bmp
    2002-07-08 13:41 4,734 -c--a-w C:\Program Files\config_s.bmp
    2002-07-08 10:36 2,638 -c--a-w C:\Program Files\carno_s.bmp
    2002-06-24 12:32 1,814 -c--a-w C:\Program Files\book_s.bmp
    2002-05-29 14:19 11,912 -c--a-w C:\Program Files\Mmailbox.bmp
    2002-03-15 10:44 5,134 -c--a-w C:\Program Files\mthsord.bmp
    2002-03-05 09:56 5,134 -c--a-w C:\Program Files\mjdf.bmp
    2002-03-05 09:54 5,134 -c--a-w C:\Program Files\mdevises.bmp
    2002-03-05 09:53 5,134 -c--a-w C:\Program Files\mindices.bmp
    2001-12-11 15:11 2,638 -c--a-w C:\Program Files\Prev_s.bmp
    2001-12-11 13:58 4,736 -c--a-w C:\Program Files\Valeur_s.bmp
    2001-12-11 13:51 4,736 -c--a-w C:\Program Files\Fresh_s.bmp
    2001-12-11 13:49 4,736 -c--a-w C:\Program Files\Tri_s.bmp
    2001-12-11 13:46 11,912 -c--a-w C:\Program Files\Mpertrn.bmp
    2001-12-11 13:34 11,912 -c--a-w C:\Program Files\mfiscal.bmp
    2001-12-11 13:31 11,912 -c--a-w C:\Program Files\Detail.bmp
    2001-12-11 13:30 11,912 -c--a-w C:\Program Files\Mreplst.bmp
    2001-12-11 13:21 11,912 -c--a-w C:\Program Files\Para_l.bmp
    2001-12-11 13:11 11,912 -c--a-w C:\Program Files\open_L.BMP
    2001-12-11 13:09 11,912 -c--a-w C:\Program Files\Proc_l.bmp
    2001-12-11 13:07 11,912 -c--a-w C:\Program Files\Minvreal.bmp
    2001-12-11 13:06 11,912 -c--a-w C:\Program Files\Mconglo.bmp
    2001-12-11 13:05 11,912 -c--a-w C:\Program Files\Minvsel.bmp
    2001-12-11 13:02 11,912 -c--a-w C:\Program Files\Cut_l.bmp
    2001-12-11 13:00 11,912 -c--a-w C:\Program Files\Mconfig.bmp
    2001-12-11 12:59 11,912 -c--a-w C:\Program Files\Mopcvm.bmp
    2001-12-11 12:58 11,912 -c--a-w C:\Program Files\Ok_l.bmp
    2001-12-11 12:56 11,912 -c--a-w C:\Program Files\Report.bmp
    2001-12-11 12:54 11,912 -c--a-w C:\Program Files\Porlst_l.bmp
    2001-12-11 12:49 11,912 -c--a-w C:\Program Files\Asslst_l.bmp
    2001-12-11 12:48 11,912 -c--a-w C:\Program Files\Addpor_l.bmp
    2001-12-06 16:33 4,736 -c--a-w C:\Program Files\Zoom_s.bmp
    2001-12-06 16:28 4,736 -c--a-w C:\Program Files\Print_s.bmp
    2001-12-06 16:27 4,736 -c--a-w C:\Program Files\Tool_s.bmp
    2001-12-06 16:26 4,736 -c--a-w C:\Program Files\Trash_s.bmp
    2001-12-06 16:22 4,736 -c--a-w C:\Program Files\Font_s.bmp
    2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Export_s.bmp
    2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Add_s.bmp
    2001-12-06 16:20 4,736 -c--a-w C:\Program Files\Find_s.bmp
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
    "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-05 15:46 679936]
    "CRBroadCasting"="C:\Program Files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 12:46 24576]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 06:35 429568]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-24 18:24 1155122]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-29 14:54 321672]
    "VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe [2007-04-25 22:03:16 180224]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-08-21 22:40:07 118784]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="C:\\WINDOWS\\Explorer.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=

    R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
    R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-29 14:56]
    S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05ddb1cf-f368-11db-91af-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - K:\Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0771b3c0-74bf-11dc-91ea-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cd38ab5-9621-11dc-91f3-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8946909e-9e57-11dc-91fa-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17287d9-b95f-11dc-9200-001617df6297}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    HKCU-Run-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
    HKCU-Run-WinButler - C:\Documents and Settings\sylvain\Application Data\WinButler\WinButler.exe
    HKCU-Run-SfKg6wIPu - C:\Documents and Settings\sylvain\Application Data\Microsoft\Windows\rayio.exe
    HKLM-Run-AudioDeck - C:\Program Files\VIAudioi\SBADeck\HDeck.exe

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.fr/
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
    C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-26 21:09:08
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-26 21:10:22
    ComboFix-quarantined-files.txt 2008-08-26 19:10:08

    Pre-Run: 60,994,260,992 octets libres
    Post-Run: 60,905,254,912 octets libres

    243 --- E O F --- 2008-08-15 01:01:22
    0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    C'est pas triste !

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    ++
    0
  10. sylvain59
     
    voilà le report sdfix :

    [b]SDFix: Version 1.219 [/b]
    Run by sylvain on 26/08/2008 at 23:14

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Folder C:\Documents and Settings\sylvain\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-26 23:27:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
    "C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Thu 10 Jan 2008 24 ..SH. --- "C:\WINDOWS\S8676012B.tmp"
    Tue 15 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Sat 24 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 30 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 19 Jan 2008 23,552 A..H. --- "C:\Documents and Settings\All Users\Documents\Tanguy\Chine\~WRL3555.tmp"
    Mon 22 Jan 2007 88,064 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Cousin Biotech\~WRL1196.tmp"
    Fri 19 Jan 2007 48,128 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Cousin Biotech\~WRL2465.tmp"
    Mon 24 Oct 2005 53,248 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Nortland\~WRL0132.tmp"
    Mon 16 Jan 2006 150,528 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Socograins\~WRL1962.tmp"
    Fri 10 Jun 2005 54,272 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Unitedlabels\~WRL0003.tmp"
    Fri 15 Dec 2006 19,968 A..H. --- "C:\Documents and Settings\All Users\Documents\Tanguy\a Garder\Cours ESPEME2\‚valuation de l'entreprise\~WRL0001.tmp"
    Fri 15 Dec 2006 19,968 A..H. --- "C:\Documents and Settings\All Users\Documents\Tanguy\a Garder\Cours ESPEME2\‚valuation de l'entreprise\~WRL0003.tmp"
    Fri 21 Jan 2005 45,056 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Lesaffre International\alimenta\~WRL0003.tmp"
    Fri 21 Jan 2005 45,056 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Lesaffre International\Can 325 alimenta\~WRL0003.tmp"
    Fri 21 Jan 2005 47,104 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Lesaffre International\viva pizza\~WRL2104.tmp"

    [b]Finished![/b]
    0
  11. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Up
    Just for see
    Coucou GreenDay
    Al.
    0
  12. sylvain59
     
    labête est toujours présente ds mon ordi!
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut Afi !

    Sylvain, poste un nouveau rapport hijackthis stp !

    ++
    0
  14. sylvain59
     
    voici un rapport de hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:50:34, on 26/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CardReader2.0\OTiReader.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\CardReader2.0\CRBroadCasting.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    télécharge ceci :http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
    * Installez le programme sur le bureau :
    o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
    * Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)
    * Démarrez en mode sans échec
    * Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
    * Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !)
    * Un rapport sera généré, enregistrez le de manière à le retrouver

    ==> poste le stp !

    ++
    0
  16. sylvain59
     
    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1088
    Windows 5.1.2600 Service Pack 3

    09:03:11 27/08/2008
    mbam-log-08-27-2008 (09-03-11).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 106568
    Temps écoulé: 1 hour(s), 21 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    reposte un nouveau rapport combo stp

    @+
    0