Virus/ver Win32:VB-EFO [Wrm] dans C:boot.exe

sylvain59 -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

avast me signale tous les 1/2 heure une alerte disant: C/boot.exe est infecté par virus/ver Win32 : VB-EFO [Wrm].
je ne trouve pas ce fichier dans on ordi (même dans les fichiers cachés).
mon ordinateur marche correctement mais c'est très énervant et si je ne fais rien, ça risque peut-être de coincer un jour!
merci pour votre aide.
A voir également:

16 réponses

Réponse 1 / 16
ADYsoft@ Messages postés 107 Date d'inscription   Statut Membre Dernière intervention   14
 
installer kaspersky 7
0
Réponse 2 / 16
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge ceci :

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tuto : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++
0
Réponse 3 / 16
sylvain59
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:41, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\CardReader2.0\CRBroadCasting.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CardReader2.0\OTiReader.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\HDeck.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\sylvain\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\sylvain\Application Data\Microsoft\Windows\rayio.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
0
Réponse 4 / 16
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
sylvain59
 
comment faire pour démarrer en mode sans échec?
0
Réponse 6 / 16
sylvain59
 
ComboFix 08-08-25.01 - sylvain 2008-08-26 21:07:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.631 [GMT 2:00]
Endroit: C:\Documents and Settings\sylvain\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sylvain\Application Data\inst.exe
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\sylvain\Local Settings\TempNER55595772.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER56247049.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER579B4A80.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER596016C5.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER5C3F5DB2.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER5E330D66.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER60A42FFF.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER7402301C.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER75615772.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER77067049.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER78DB4A80.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER7B3D16C5.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER7EE65DB2.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER82AF0D66.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER84072FFF.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNERF1D9301C.EXE

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.

2008-08-26 20:22 . 2008-08-26 20:22 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 18:55 . 2008-08-26 18:55 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-08-23 01:22 . 2008-08-23 01:22 <REP> d-------- C:\Program Files\Fichiers communs\Ankiro
2008-08-23 01:21 . 2008-08-23 01:21 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-08-23 01:20 . 2008-08-26 21:04 <REP> d-------- C:\Program Files\SPAMfighter
2008-08-19 07:49 . 2008-08-19 08:18 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-09 18:50 . 2008-08-10 18:35 <REP> d-------- C:\Program Files\EA Games
2008-08-03 21:57 . 2008-08-03 21:57 <REP> d-------- C:\Documents and Settings\sylvain\Application Data\dvdcss
2008-07-29 01:34 . 2008-07-29 01:43 <REP> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 18:31 --------- d-----w C:\Program Files\Nikon
2008-08-26 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-26 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 13:41 --------- d-----w C:\Program Files\BearShare
2008-08-25 20:14 561 ----a-w C:\Program Files\PhotoFiltre.ini
2008-08-01 13:12 --------- d-----w C:\Program Files\eMule
2008-07-16 19:45 --------- d-----w C:\Program Files\Sun
2008-07-16 19:44 --------- d-----w C:\Program Files\Java
2008-07-09 16:49 --------- d-----w C:\Program Files\CardReader Win2000 Driver
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 13:53 --------- d-----w C:\Program Files\ParadisePoker
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 09:02 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-04-09 15:05 5,831,160 -c--a-w C:\Program Files\rminstall.exe
2008-02-11 13:32 117,248 -csha-w C:\Program Files\Thumbs.db
2007-08-21 20:50 47,360 -c--a-w C:\Documents and Settings\sylvain\Application Data\pcouffin.sys
2007-04-25 18:37 674 -c--a-w C:\Program Files\DDE.INI
2007-04-25 18:37 329 -c--a-w C:\Program Files\FERRI.REG
2007-04-25 18:37 24,172 -c--a-w C:\Program Files\Uninst.isu
2007-04-25 18:37 2,907 -c--a-w C:\Program Files\Telepat.ini
2007-01-08 12:44 3,578,880 -c--a-w C:\Program Files\LOGICIEL-BARCLAYS.exe
2006-10-03 21:10 2,719,232 ----a-w C:\Program Files\PhotoFiltre.exe
2005-08-29 08:43 8,073 -c--a-w C:\Program Files\PhotoMasque.htm
2005-08-18 08:21 33,369 -c--a-w C:\Program Files\PhotoFiltre.htm
2004-04-13 09:17 2,592,768 -c--a-w C:\Program Files\Telepat.exe
2004-03-03 15:35 64,980 -c--a-w C:\Program Files\SCREEN0.TXT
2004-01-20 17:01 8,516 -c--a-w C:\Program Files\TRANSAC0.TXT
2004-01-07 12:34 1,170 -c--a-w C:\Program Files\Licence.txt
2003-12-11 09:43 163,840 -c--a-w C:\Program Files\MyPrintDll.dll
2003-12-10 18:22 17,178 -c--a-w C:\Program Files\TRANSAC.INI
2003-07-02 14:31 97,148 -c--a-w C:\Program Files\REPORT0.TXT
2003-06-30 09:04 12,062 -c--a-w C:\Program Files\REPORT.INI
2003-06-20 10:00 79,146 -c--a-w C:\Program Files\Ferrilog.bmp
2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Ferri.bmp
2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect2.bmp
2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect.bmp
2003-06-18 16:37 237,334 -c--a-w C:\Program Files\GuideING6.pdf
2003-06-18 09:16 21,640 -c--a-w C:\Program Files\MSG_ERR0.TXT
2003-06-04 09:04 41,035 -c--a-w C:\Program Files\ResourceIcone.dll
2003-05-07 15:59 17,371 -c--a-w C:\Program Files\MENU0.TXT
2003-05-01 11:05 1,869,312 -c--a-w C:\Program Files\BOURSOP.exe
2003-04-12 12:44 2,638 -c--a-w C:\Program Files\WARNING.BMP
2003-04-11 15:41 1,719 -c--a-w C:\Program Files\MENU.INI
2003-04-11 15:40 2,248 -c--a-w C:\Program Files\GRAPHIC.INI
2003-03-11 08:34 2,446 -c--a-w C:\Program Files\bvalo.bmp
2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bsynth.bmp
2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bhisto.bmp
2003-03-11 08:32 1,910 -c--a-w C:\Program Files\border.bmp
2003-03-10 17:01 1,174 -c--a-w C:\Program Files\bmove.bmp
2003-03-10 11:27 6,294 -c--a-w C:\Program Files\badd.bmp
2003-01-07 10:33 6,294 -c--a-w C:\Program Files\bexit.bmp
2003-01-07 10:24 6,294 -c--a-w C:\Program Files\bcut.bmp
2003-01-07 10:22 6,294 -c--a-w C:\Program Files\bsaveas.bmp
2003-01-07 10:19 6,294 -c--a-w C:\Program Files\bsave.bmp
2003-01-07 10:17 6,294 -c--a-w C:\Program Files\bload.bmp
2003-01-07 10:15 6,294 -c--a-w C:\Program Files\bbook.bmp
2002-11-28 10:42 188 -c--a-w C:\Program Files\ascii0.txt
2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mwarrant.bmp
2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mipo.bmp
2002-07-12 08:28 6,294 -c--a-w C:\Program Files\bclose.bmp
2002-07-08 13:41 4,734 -c--a-w C:\Program Files\config_s.bmp
2002-07-08 10:36 2,638 -c--a-w C:\Program Files\carno_s.bmp
2002-06-24 12:32 1,814 -c--a-w C:\Program Files\book_s.bmp
2002-05-29 14:19 11,912 -c--a-w C:\Program Files\Mmailbox.bmp
2002-03-15 10:44 5,134 -c--a-w C:\Program Files\mthsord.bmp
2002-03-05 09:56 5,134 -c--a-w C:\Program Files\mjdf.bmp
2002-03-05 09:54 5,134 -c--a-w C:\Program Files\mdevises.bmp
2002-03-05 09:53 5,134 -c--a-w C:\Program Files\mindices.bmp
2001-12-11 15:11 2,638 -c--a-w C:\Program Files\Prev_s.bmp
2001-12-11 13:58 4,736 -c--a-w C:\Program Files\Valeur_s.bmp
2001-12-11 13:51 4,736 -c--a-w C:\Program Files\Fresh_s.bmp
2001-12-11 13:49 4,736 -c--a-w C:\Program Files\Tri_s.bmp
2001-12-11 13:46 11,912 -c--a-w C:\Program Files\Mpertrn.bmp
2001-12-11 13:34 11,912 -c--a-w C:\Program Files\mfiscal.bmp
2001-12-11 13:31 11,912 -c--a-w C:\Program Files\Detail.bmp
2001-12-11 13:30 11,912 -c--a-w C:\Program Files\Mreplst.bmp
2001-12-11 13:21 11,912 -c--a-w C:\Program Files\Para_l.bmp
2001-12-11 13:11 11,912 -c--a-w C:\Program Files\open_L.BMP
2001-12-11 13:09 11,912 -c--a-w C:\Program Files\Proc_l.bmp
2001-12-11 13:07 11,912 -c--a-w C:\Program Files\Minvreal.bmp
2001-12-11 13:06 11,912 -c--a-w C:\Program Files\Mconglo.bmp
2001-12-11 13:05 11,912 -c--a-w C:\Program Files\Minvsel.bmp
2001-12-11 13:02 11,912 -c--a-w C:\Program Files\Cut_l.bmp
2001-12-11 13:00 11,912 -c--a-w C:\Program Files\Mconfig.bmp
2001-12-11 12:59 11,912 -c--a-w C:\Program Files\Mopcvm.bmp
2001-12-11 12:58 11,912 -c--a-w C:\Program Files\Ok_l.bmp
2001-12-11 12:56 11,912 -c--a-w C:\Program Files\Report.bmp
2001-12-11 12:54 11,912 -c--a-w C:\Program Files\Porlst_l.bmp
2001-12-11 12:49 11,912 -c--a-w C:\Program Files\Asslst_l.bmp
2001-12-11 12:48 11,912 -c--a-w C:\Program Files\Addpor_l.bmp
2001-12-06 16:33 4,736 -c--a-w C:\Program Files\Zoom_s.bmp
2001-12-06 16:28 4,736 -c--a-w C:\Program Files\Print_s.bmp
2001-12-06 16:27 4,736 -c--a-w C:\Program Files\Tool_s.bmp
2001-12-06 16:26 4,736 -c--a-w C:\Program Files\Trash_s.bmp
2001-12-06 16:22 4,736 -c--a-w C:\Program Files\Font_s.bmp
2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Export_s.bmp
2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Add_s.bmp
2001-12-06 16:20 4,736 -c--a-w C:\Program Files\Find_s.bmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-05 15:46 679936]
"CRBroadCasting"="C:\Program Files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 12:46 24576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 06:35 429568]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-24 18:24 1155122]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-29 14:54 321672]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe [2007-04-25 22:03:16 180224]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-08-21 22:40:07 118784]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="C:\\WINDOWS\\Explorer.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-29 14:56]
S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05ddb1cf-f368-11db-91af-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - K:\Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0771b3c0-74bf-11dc-91ea-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cd38ab5-9621-11dc-91f3-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8946909e-9e57-11dc-91fa-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17287d9-b95f-11dc-9200-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
HKCU-Run-WinButler - C:\Documents and Settings\sylvain\Application Data\WinButler\WinButler.exe
HKCU-Run-SfKg6wIPu - C:\Documents and Settings\sylvain\Application Data\Microsoft\Windows\rayio.exe
HKLM-Run-AudioDeck - C:\Program Files\VIAudioi\SBADeck\HDeck.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.fr/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 21:09:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-26 21:10:22
ComboFix-quarantined-files.txt 2008-08-26 19:10:08

Pre-Run: 60,994,260,992 octets libres
Post-Run: 60,905,254,912 octets libres

243 --- E O F --- 2008-08-15 01:01:22
0
Réponse 7 / 16
sylvain59
 
ComboFix 08-08-25.01 - sylvain 2008-08-26 21:07:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.631 [GMT 2:00]
Endroit: C:\Documents and Settings\sylvain\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sylvain\Application Data\inst.exe
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\#SharedObjects\KYUUTR7L\static.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\sylvain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\sylvain\Local Settings\TempNER55595772.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER56247049.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER579B4A80.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER596016C5.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER5C3F5DB2.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER5E330D66.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER60A42FFF.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER7402301C.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER75615772.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER77067049.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER78DB4A80.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER7B3D16C5.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER7EE65DB2.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER82AF0D66.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNER84072FFF.EXE
C:\Documents and Settings\sylvain\Local Settings\TempNERF1D9301C.EXE

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.

2008-08-26 20:22 . 2008-08-26 20:22 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 18:55 . 2008-08-26 18:55 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-08-23 01:22 . 2008-08-23 01:22 <REP> d-------- C:\Program Files\Fichiers communs\Ankiro
2008-08-23 01:21 . 2008-08-23 01:21 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-08-23 01:20 . 2008-08-26 21:04 <REP> d-------- C:\Program Files\SPAMfighter
2008-08-19 07:49 . 2008-08-19 08:18 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-09 18:50 . 2008-08-10 18:35 <REP> d-------- C:\Program Files\EA Games
2008-08-03 21:57 . 2008-08-03 21:57 <REP> d-------- C:\Documents and Settings\sylvain\Application Data\dvdcss
2008-07-29 01:34 . 2008-07-29 01:43 <REP> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 18:31 --------- d-----w C:\Program Files\Nikon
2008-08-26 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-26 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 13:41 --------- d-----w C:\Program Files\BearShare
2008-08-25 20:14 561 ----a-w C:\Program Files\PhotoFiltre.ini
2008-08-01 13:12 --------- d-----w C:\Program Files\eMule
2008-07-16 19:45 --------- d-----w C:\Program Files\Sun
2008-07-16 19:44 --------- d-----w C:\Program Files\Java
2008-07-09 16:49 --------- d-----w C:\Program Files\CardReader Win2000 Driver
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 13:53 --------- d-----w C:\Program Files\ParadisePoker
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 09:02 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-04-09 15:05 5,831,160 -c--a-w C:\Program Files\rminstall.exe
2008-02-11 13:32 117,248 -csha-w C:\Program Files\Thumbs.db
2007-08-21 20:50 47,360 -c--a-w C:\Documents and Settings\sylvain\Application Data\pcouffin.sys
2007-04-25 18:37 674 -c--a-w C:\Program Files\DDE.INI
2007-04-25 18:37 329 -c--a-w C:\Program Files\FERRI.REG
2007-04-25 18:37 24,172 -c--a-w C:\Program Files\Uninst.isu
2007-04-25 18:37 2,907 -c--a-w C:\Program Files\Telepat.ini
2007-01-08 12:44 3,578,880 -c--a-w C:\Program Files\LOGICIEL-BARCLAYS.exe
2006-10-03 21:10 2,719,232 ----a-w C:\Program Files\PhotoFiltre.exe
2005-08-29 08:43 8,073 -c--a-w C:\Program Files\PhotoMasque.htm
2005-08-18 08:21 33,369 -c--a-w C:\Program Files\PhotoFiltre.htm
2004-04-13 09:17 2,592,768 -c--a-w C:\Program Files\Telepat.exe
2004-03-03 15:35 64,980 -c--a-w C:\Program Files\SCREEN0.TXT
2004-01-20 17:01 8,516 -c--a-w C:\Program Files\TRANSAC0.TXT
2004-01-07 12:34 1,170 -c--a-w C:\Program Files\Licence.txt
2003-12-11 09:43 163,840 -c--a-w C:\Program Files\MyPrintDll.dll
2003-12-10 18:22 17,178 -c--a-w C:\Program Files\TRANSAC.INI
2003-07-02 14:31 97,148 -c--a-w C:\Program Files\REPORT0.TXT
2003-06-30 09:04 12,062 -c--a-w C:\Program Files\REPORT.INI
2003-06-20 10:00 79,146 -c--a-w C:\Program Files\Ferrilog.bmp
2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Ferri.bmp
2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect2.bmp
2003-06-20 10:00 178,894 -c--a-w C:\Program Files\Connect.bmp
2003-06-18 16:37 237,334 -c--a-w C:\Program Files\GuideING6.pdf
2003-06-18 09:16 21,640 -c--a-w C:\Program Files\MSG_ERR0.TXT
2003-06-04 09:04 41,035 -c--a-w C:\Program Files\ResourceIcone.dll
2003-05-07 15:59 17,371 -c--a-w C:\Program Files\MENU0.TXT
2003-05-01 11:05 1,869,312 -c--a-w C:\Program Files\BOURSOP.exe
2003-04-12 12:44 2,638 -c--a-w C:\Program Files\WARNING.BMP
2003-04-11 15:41 1,719 -c--a-w C:\Program Files\MENU.INI
2003-04-11 15:40 2,248 -c--a-w C:\Program Files\GRAPHIC.INI
2003-03-11 08:34 2,446 -c--a-w C:\Program Files\bvalo.bmp
2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bsynth.bmp
2003-03-11 08:33 2,446 -c--a-w C:\Program Files\bhisto.bmp
2003-03-11 08:32 1,910 -c--a-w C:\Program Files\border.bmp
2003-03-10 17:01 1,174 -c--a-w C:\Program Files\bmove.bmp
2003-03-10 11:27 6,294 -c--a-w C:\Program Files\badd.bmp
2003-01-07 10:33 6,294 -c--a-w C:\Program Files\bexit.bmp
2003-01-07 10:24 6,294 -c--a-w C:\Program Files\bcut.bmp
2003-01-07 10:22 6,294 -c--a-w C:\Program Files\bsaveas.bmp
2003-01-07 10:19 6,294 -c--a-w C:\Program Files\bsave.bmp
2003-01-07 10:17 6,294 -c--a-w C:\Program Files\bload.bmp
2003-01-07 10:15 6,294 -c--a-w C:\Program Files\bbook.bmp
2002-11-28 10:42 188 -c--a-w C:\Program Files\ascii0.txt
2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mwarrant.bmp
2002-10-11 08:33 11,912 -c--a-w C:\Program Files\mipo.bmp
2002-07-12 08:28 6,294 -c--a-w C:\Program Files\bclose.bmp
2002-07-08 13:41 4,734 -c--a-w C:\Program Files\config_s.bmp
2002-07-08 10:36 2,638 -c--a-w C:\Program Files\carno_s.bmp
2002-06-24 12:32 1,814 -c--a-w C:\Program Files\book_s.bmp
2002-05-29 14:19 11,912 -c--a-w C:\Program Files\Mmailbox.bmp
2002-03-15 10:44 5,134 -c--a-w C:\Program Files\mthsord.bmp
2002-03-05 09:56 5,134 -c--a-w C:\Program Files\mjdf.bmp
2002-03-05 09:54 5,134 -c--a-w C:\Program Files\mdevises.bmp
2002-03-05 09:53 5,134 -c--a-w C:\Program Files\mindices.bmp
2001-12-11 15:11 2,638 -c--a-w C:\Program Files\Prev_s.bmp
2001-12-11 13:58 4,736 -c--a-w C:\Program Files\Valeur_s.bmp
2001-12-11 13:51 4,736 -c--a-w C:\Program Files\Fresh_s.bmp
2001-12-11 13:49 4,736 -c--a-w C:\Program Files\Tri_s.bmp
2001-12-11 13:46 11,912 -c--a-w C:\Program Files\Mpertrn.bmp
2001-12-11 13:34 11,912 -c--a-w C:\Program Files\mfiscal.bmp
2001-12-11 13:31 11,912 -c--a-w C:\Program Files\Detail.bmp
2001-12-11 13:30 11,912 -c--a-w C:\Program Files\Mreplst.bmp
2001-12-11 13:21 11,912 -c--a-w C:\Program Files\Para_l.bmp
2001-12-11 13:11 11,912 -c--a-w C:\Program Files\open_L.BMP
2001-12-11 13:09 11,912 -c--a-w C:\Program Files\Proc_l.bmp
2001-12-11 13:07 11,912 -c--a-w C:\Program Files\Minvreal.bmp
2001-12-11 13:06 11,912 -c--a-w C:\Program Files\Mconglo.bmp
2001-12-11 13:05 11,912 -c--a-w C:\Program Files\Minvsel.bmp
2001-12-11 13:02 11,912 -c--a-w C:\Program Files\Cut_l.bmp
2001-12-11 13:00 11,912 -c--a-w C:\Program Files\Mconfig.bmp
2001-12-11 12:59 11,912 -c--a-w C:\Program Files\Mopcvm.bmp
2001-12-11 12:58 11,912 -c--a-w C:\Program Files\Ok_l.bmp
2001-12-11 12:56 11,912 -c--a-w C:\Program Files\Report.bmp
2001-12-11 12:54 11,912 -c--a-w C:\Program Files\Porlst_l.bmp
2001-12-11 12:49 11,912 -c--a-w C:\Program Files\Asslst_l.bmp
2001-12-11 12:48 11,912 -c--a-w C:\Program Files\Addpor_l.bmp
2001-12-06 16:33 4,736 -c--a-w C:\Program Files\Zoom_s.bmp
2001-12-06 16:28 4,736 -c--a-w C:\Program Files\Print_s.bmp
2001-12-06 16:27 4,736 -c--a-w C:\Program Files\Tool_s.bmp
2001-12-06 16:26 4,736 -c--a-w C:\Program Files\Trash_s.bmp
2001-12-06 16:22 4,736 -c--a-w C:\Program Files\Font_s.bmp
2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Export_s.bmp
2001-12-06 16:21 4,736 -c--a-w C:\Program Files\Add_s.bmp
2001-12-06 16:20 4,736 -c--a-w C:\Program Files\Find_s.bmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-05 15:46 679936]
"CRBroadCasting"="C:\Program Files\CardReader2.0\CRBroadCasting.exe" [2004-02-26 12:46 24576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 06:35 429568]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-24 18:24 1155122]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-29 14:54 321672]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe [2007-04-25 22:03:16 180224]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-08-21 22:40:07 118784]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="C:\\WINDOWS\\Explorer.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-29 14:56]
S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05ddb1cf-f368-11db-91af-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - K:\Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0771b3c0-74bf-11dc-91ea-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cd38ab5-9621-11dc-91f3-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8946909e-9e57-11dc-91fa-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17287d9-b95f-11dc-9200-001617df6297}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
HKCU-Run-WinButler - C:\Documents and Settings\sylvain\Application Data\WinButler\WinButler.exe
HKCU-Run-SfKg6wIPu - C:\Documents and Settings\sylvain\Application Data\Microsoft\Windows\rayio.exe
HKLM-Run-AudioDeck - C:\Program Files\VIAudioi\SBADeck\HDeck.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.fr/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 21:09:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-26 21:10:22
ComboFix-quarantined-files.txt 2008-08-26 19:10:08

Pre-Run: 60,994,260,992 octets libres
Post-Run: 60,905,254,912 octets libres

243 --- E O F --- 2008-08-15 01:01:22
0
Réponse 8 / 16
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
C'est pas triste !

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !


++
0
Réponse 9 / 16
sylvain59
 
voilà le report sdfix :


[b]SDFix: Version 1.219 [/b]
Run by sylvain on 26/08/2008 at 23:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found




Folder C:\Documents and Settings\sylvain\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 23:27:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Thu 10 Jan 2008 24 ..SH. --- "C:\WINDOWS\S8676012B.tmp"
Tue 15 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 24 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 30 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 19 Jan 2008 23,552 A..H. --- "C:\Documents and Settings\All Users\Documents\Tanguy\Chine\~WRL3555.tmp"
Mon 22 Jan 2007 88,064 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Cousin Biotech\~WRL1196.tmp"
Fri 19 Jan 2007 48,128 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Cousin Biotech\~WRL2465.tmp"
Mon 24 Oct 2005 53,248 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Nortland\~WRL0132.tmp"
Mon 16 Jan 2006 150,528 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Socograins\~WRL1962.tmp"
Fri 10 Jun 2005 54,272 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Unitedlabels\~WRL0003.tmp"
Fri 15 Dec 2006 19,968 A..H. --- "C:\Documents and Settings\All Users\Documents\Tanguy\a Garder\Cours ESPEME2\‚valuation de l'entreprise\~WRL0001.tmp"
Fri 15 Dec 2006 19,968 A..H. --- "C:\Documents and Settings\All Users\Documents\Tanguy\a Garder\Cours ESPEME2\‚valuation de l'entreprise\~WRL0003.tmp"
Fri 21 Jan 2005 45,056 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Lesaffre International\alimenta\~WRL0003.tmp"
Fri 21 Jan 2005 45,056 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Lesaffre International\Can 325 alimenta\~WRL0003.tmp"
Fri 21 Jan 2005 47,104 A..H. --- "C:\Documents and Settings\sylvain\Bureau\ONDULYS\clients\Lesaffre International\viva pizza\~WRL2104.tmp"

[b]Finished![/b]
0
Réponse 10 / 16
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Up
Just for see
Coucou GreenDay
Al.
0
Réponse 11 / 16
sylvain59
 
labête est toujours présente ds mon ordi!
0
Réponse 12 / 16
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut Afi !

Sylvain, poste un nouveau rapport hijackthis stp !

++
0
Réponse 13 / 16
sylvain59
 
voici un rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:34, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CardReader2.0\OTiReader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CardReader2.0\CRBroadCasting.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
0
Réponse 14 / 16
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

télécharge ceci :http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
* Installez le programme sur le bureau :
o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
* Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)
* Démarrez en mode sans échec
* Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
* Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !)
* Un rapport sera généré, enregistrez le de manière à le retrouver

==> poste le stp !

++
0
Réponse 15 / 16
sylvain59
 
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1088
Windows 5.1.2600 Service Pack 3

09:03:11 27/08/2008
mbam-log-08-27-2008 (09-03-11).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 106568
Temps écoulé: 1 hour(s), 21 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 16 / 16
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

reposte un nouveau rapport combo stp

@+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses