pino
-
Compteur de contenus
20 -
Inscription
-
Dernière visite
pino's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Salut Merci pour ton aide Charles Ingals, jolie boulot Je me charge de raporter l'infection sur Malware-Complaints dans la journée Mille fois merci
-
Bonjour Charles Ingals Voici le rapport demandé: -->- Recherche: C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\Documents and Settings\Owner\Local Settings\Temp\QZTEMP\HijackThis.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\Owner\Local Settings\Temp\QZTEMP\HijackThis.exe: supprimé ! C:\Combofix: supprimé ! C:\Qoobox: supprimé ! Pour antivir je pensse que vous avez raison , je vais surement mis mettre ! Merci pour les liens des pares feu et vraiment merci de ton aide, sans toi j'étais bon pour un formatage dans les régles de l'art Bonne continuation sur ce merveilleux forum
-
Oui a premiére vus plus rien au démarrage !! Enfin débarassé de se fichu machin Je t'ai envoyé le lien en MP Pino
-
Ce n'est pas grave Charles, tu as surement autre chose à faire Voici le rapport combofix, je croise les doigts !!! ComboFix 08-01-23.2 - Owner 2008-01-26 17:08:38.7 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.276 [GMT 1:00] Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\nkv2.sys C:\WINDOWS\system32\Drivers\Vyd60.sys . ---- Previous Run ------- . C:\bhij.exe C:\Documents and Settings\Owner\err.log C:\Documents and Settings\Owner\ravmonlog C:\install.dat C:\WINDOWS\system32\2_exception.nls C:\WINDOWS\system32\socketa.dll C:\WINDOWS\system32\socksys.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv -------\smtpdrv -------\LEGACY_RUNTIME -------\LEGACY_SMTPDRV -------\runtime -------\smtpdrv -------\LEGACY_USB2_04 -------\LEGACY_VYD60 -------\smtpdrv -------\USB2_04 -------\Vyd60 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))))))) . 2008-01-25 19:47 . 2008-01-25 19:47 235,620 --a------ C:\QooBox.zip 2008-01-25 07:07 . 2008-01-25 07:08 <REP> d-------- C:\Program Files\Panda Security 2008-01-24 12:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-23 14:13 . 2008-01-23 14:13 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-23 06:09 . 2008-01-23 06:09 <REP> d-------- C:\backreg 2008-01-23 06:08 . 2008-01-23 13:40 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys 2008-01-23 06:06 . 2008-01-23 06:06 <REP> d-------- C:\Program Files\Greatis 2008-01-23 05:54 . 2008-01-23 05:54 <REP> d-------- C:\Program Files\Enigma Software Group 2008-01-22 22:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat 2008-01-22 21:52 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-22 21:52 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-22 21:51 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-22 21:51 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-22 21:51 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-22 21:51 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-22 21:51 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-22 21:51 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-22 13:13 . 2008-01-22 13:13 244 --ah----- C:\sqmnoopt04.sqm 2008-01-22 13:13 . 2008-01-22 13:13 232 --ah----- C:\sqmdata04.sqm 2008-01-22 10:55 . 2008-01-22 10:55 244 --ah----- C:\sqmnoopt03.sqm 2008-01-22 10:55 . 2008-01-22 10:55 232 --ah----- C:\sqmdata03.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt01.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata01.sqm 2008-01-22 06:05 . 2008-01-22 06:05 244 --ah----- C:\sqmnoopt00.sqm 2008-01-22 06:05 . 2008-01-22 06:05 232 --ah----- C:\sqmdata00.sqm 2008-01-21 13:18 . 2008-01-21 13:19 <REP> d-------- C:\Program Files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 11:51 --------- d-----w C:\Program Files\Wanadoo 2007-12-13 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-13 16:39 --------- d-----w C:\Program Files\Samsung 2007-12-13 16:37 --------- d-----w C:\Program Files\eMule 2007-11-30 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar 2006-04-21 10:43 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-24_13.05.50.95 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-21 13:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll + 2007-07-18 13:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll - 2008-01-24 11:57:37 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000001\NTUSER.DAT + 2008-01-26 16:08:15 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000001\NTUSER.DAT - 2008-01-24 11:57:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000002\UsrClass.dat + 2008-01-26 16:08:16 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000002\UsrClass.dat - 2008-01-24 11:57:37 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000003\NTUSER.DAT + 2008-01-26 16:08:18 7,962,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000003\NTUSER.DAT - 2008-01-24 11:57:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000004\UsrClass.dat + 2008-01-26 16:08:19 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000004\UsrClass.dat - 2008-01-23 20:34:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-01-25 14:48:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-01-23 20:34:02 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-01-25 14:48:30 196,608 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-01-25 14:48:33 81,920 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008012520080126\index.dat - 2008-01-23 20:34:02 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-25 14:48:30 344,064 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-26 16:12:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-06-09 14:37 40960 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2006-08-06 10:52 360448 C:\Program Files\Browser Mouse\mouse32a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 08:30 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2005-05-11 13:48 127118 c:\Apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-01-15 19:41 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --------- 2008-01-10 03:37 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-01-27 12:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2004-01-15 19:39 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 13:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [] S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-23 13:40] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eea1172-c9b4-11dc-8ef4-00038a000015}] \shell\Setup\command - setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-25 21:28:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
-
J'ai refait le test mais quasiment pareil Voici le rapport Fichier nkv2.sys reçu le 2008.01.25 21:12:05 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/32 (0%) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.1.26.10 2008.01.25 - AntiVir 7.6.0.53 2008.01.25 - Authentium 4.93.8 2008.01.25 - Avast 4.7.1098.0 2008.01.25 - AVG 7.5.0.516 2008.01.25 - BitDefender 7.2 2008.01.25 - CAT-QuickHeal 9.00 2008.01.24 - ClamAV 0.91.2 2008.01.25 - DrWeb 4.44.0.09170 2008.01.25 - eSafe 7.0.15.0 2008.01.16 - eTrust-Vet 31.3.5484 2008.01.25 - Ewido 4.0 2008.01.25 - FileAdvisor 1 2008.01.25 - Fortinet 3.14.0.0 2008.01.25 - F-Prot 4.4.2.54 2008.01.25 - F-Secure 6.70.13260.0 2008.01.25 - Ikarus T3.1.1.20 2008.01.25 - Kaspersky 7.0.0.125 2008.01.25 - McAfee 5215 2008.01.24 - Microsoft 1.3109 2008.01.25 - NOD32v2 2823 2008.01.25 - Norman 5.80.02 2008.01.24 - Panda 9.0.0.4 2008.01.25 - Prevx1 V2 2008.01.25 - Rising 20.28.41.00 2008.01.25 - Sophos 4.25.0 2008.01.25 - Sunbelt 2.2.907.0 2008.01.25 - Symantec 10 2008.01.25 - TheHacker 6.2.9.197 2008.01.25 - VBA32 3.12.2.5 2008.01.21 - VirusBuster 4.3.26:9 2008.01.25 - Webwasher-Gateway 6.6.2 2008.01.25 - Information additionnelle File size: 51968 bytes MD5: a4bd49332caa193fd07c5c1bfc4dc530 SHA1: 197b3b88822b91d6fd802da016e29fc3adef3f4f PEiD: -
-
Voici ce que me dit virustotal: Je t'envoi le fichier demandé en MP Fichier nkv2.sys reçu le 2008.01.25 19:13:23 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/30 (0%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 20. L'heure estimée de démarrage est entre 98 et 140 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.1.26.10 2008.01.25 - AntiVir 7.6.0.53 2008.01.25 - Authentium 4.93.8 2008.01.25 - Avast 4.7.1098.0 2008.01.25 - AVG 7.5.0.516 2008.01.25 - BitDefender 7.2 2008.01.25 - CAT-QuickHeal 9.00 2008.01.24 - ClamAV 0.91.2 2008.01.25 - DrWeb 4.44.0.09170 2008.01.25 - eSafe 7.0.15.0 2008.01.16 - eTrust-Vet 31.3.5484 2008.01.25 - Ewido 4.0 2008.01.25 - FileAdvisor 1 2008.01.25 - Fortinet 3.14.0.0 2008.01.25 - F-Prot 4.4.2.54 2008.01.24 - F-Secure 6.70.13260.0 2008.01.25 - Ikarus T3.1.1.20 2008.01.25 - Kaspersky 7.0.0.125 2008.01.25 - McAfee 5215 2008.01.24 - Microsoft 1.3109 2008.01.25 - NOD32v2 2822 2008.01.25 - Norman 5.80.02 2008.01.24 - Panda 9.0.0.4 2008.01.24 - Prevx1 V2 2008.01.25 - Rising 20.28.41.00 2008.01.25 - Sophos 4.25.0 2008.01.25 - Sunbelt 2.2.907.0 2008.01.25 - TheHacker 6.2.9.197 2008.01.25 - VBA32 3.12.2.5 2008.01.21 - VirusBuster 4.3.26:9 2008.01.25 - Information additionnelle File size: 51968 bytes MD5: a4bd49332caa193fd07c5c1bfc4dc530 SHA1: 197b3b88822b91d6fd802da016e29fc3adef3f4f PEiD: -
-
Malheureusement avast me siganle toujours C:\windows\system32\drivers\smtpdrv.sys contient le logiciel malveillant Win32:Agent-LNK [Wrm]
-
Voici le rapport combofix: ComboFix 08-01-23.2 - Owner 2008-01-25 13:37:19.6 - NTFSx86 Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\2_exception.nls . ---- Previous Run ------- . C:\bhij.exe C:\Documents and Settings\Owner\err.log C:\Documents and Settings\Owner\ravmonlog C:\install.dat C:\WINDOWS\system32\socketa.dll C:\WINDOWS\system32\socksys.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv -------\smtpdrv -------\LEGACY_RUNTIME -------\LEGACY_SMTPDRV -------\runtime -------\smtpdrv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))))))) . 2008-01-25 07:07 . 2008-01-25 07:08 <REP> d-------- C:\Program Files\Panda Security 2008-01-24 12:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-23 14:13 . 2008-01-23 14:13 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-23 06:09 . 2008-01-23 06:09 <REP> d-------- C:\backreg 2008-01-23 06:08 . 2008-01-23 13:40 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys 2008-01-23 06:06 . 2008-01-23 06:06 <REP> d-------- C:\Program Files\Greatis 2008-01-23 05:54 . 2008-01-23 05:54 <REP> d-------- C:\Program Files\Enigma Software Group 2008-01-22 22:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat 2008-01-22 21:52 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-22 21:52 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-22 21:51 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-22 21:51 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-22 21:51 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-22 21:51 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-22 21:51 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-22 21:51 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-22 13:13 . 2008-01-22 13:13 244 --ah----- C:\sqmnoopt04.sqm 2008-01-22 13:13 . 2008-01-22 13:13 232 --ah----- C:\sqmdata04.sqm 2008-01-22 10:55 . 2008-01-22 10:55 244 --ah----- C:\sqmnoopt03.sqm 2008-01-22 10:55 . 2008-01-22 10:55 232 --ah----- C:\sqmdata03.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt01.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata01.sqm 2008-01-22 06:05 . 2008-01-22 06:05 244 --ah----- C:\sqmnoopt00.sqm 2008-01-22 06:05 . 2008-01-22 06:05 232 --ah----- C:\sqmdata00.sqm 2008-01-22 05:48 . 2008-01-25 06:48 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys 2008-01-21 18:30 . 2008-01-25 13:41 25,984 --a------ C:\WINDOWS\system32\drivers\Vyd60.sys 2008-01-21 15:48 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-21 15:47 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-21 13:18 . 2008-01-21 13:19 <REP> d-------- C:\Program Files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 11:51 --------- d-----w C:\Program Files\Wanadoo 2007-12-13 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-13 16:39 --------- d-----w C:\Program Files\Samsung 2007-12-13 16:37 --------- d-----w C:\Program Files\eMule 2007-11-30 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar 2006-04-21 10:43 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-24_13.05.50.95 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-21 13:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll + 2007-07-18 13:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll - 2008-01-24 11:57:37 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000001\NTUSER.DAT + 2008-01-25 12:37:02 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000001\NTUSER.DAT - 2008-01-24 11:57:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000002\UsrClass.dat + 2008-01-25 12:37:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000002\UsrClass.dat - 2008-01-24 11:57:37 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000003\NTUSER.DAT + 2008-01-25 12:37:03 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000003\NTUSER.DAT - 2008-01-24 11:57:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000004\UsrClass.dat + 2008-01-25 12:37:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000004\UsrClass.dat - 2008-01-24 11:57:38 7,962,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000005\NTUSER.DAT + 2008-01-25 12:37:03 7,962,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000005\NTUSER.DAT - 2008-01-24 11:57:38 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000006\UsrClass.dat + 2008-01-25 12:37:03 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000006\UsrClass.dat - 2008-01-23 20:34:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-01-25 12:36:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-01-23 20:34:02 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-01-25 12:36:56 163,840 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-01-25 08:31:47 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008012520080126\index.dat - 2008-01-23 20:34:02 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-25 12:36:56 311,296 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-25 12:42:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vyd60.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-06-09 14:37 40960 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2006-08-06 10:52 360448 C:\Program Files\Browser Mouse\mouse32a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 08:30 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2005-05-11 13:48 127118 c:\Apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-01-15 19:41 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --------- 2008-01-10 03:37 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-01-27 12:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2004-01-15 19:39 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 13:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe R0 Vyd60;Vyd60;C:\WINDOWS\system32\Drivers\Vyd60.sys [2008-01-25 13:41] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [] S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-23 13:40] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12] S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-01-25 06:48] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eea1172-c9b4-11dc-8ef4-00038a000015}] \shell\Setup\command - D:\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-25 12:28:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
-
Et voici le rapport panda: ;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-01-25 08:01:02 PROTECTIONS: 1 MALWARE: 12 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== avast! antivirus 4.7.1098 [VPS 080125-0] 4.7.1098 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt 00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP584\A0101386.exe 00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Owner\Bureau\SDFix.exe[sDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP584\A0101397.exe 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@weborama[2].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adviva[1].txt 01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Owner\Bureau\ComboFix.exe[nircmd.cfexe] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP597\A0103983.com 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP596\A0103957.exe 01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Owner\Bureau\ComboFix.exe[nircmd.com] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP596\A0103944.com 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.com 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.cfexe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP596\A0103913.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP597\A0103995.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP596\A0103899.com 01842419 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP595\A0103805.sys 01842419 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP586\A0101523.sys 01842419 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP594\A0101707.sys 02861976 Trj/Agent.HEH Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP584\A0101385.exe 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP598\A0104025.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP594\A0101714.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP595\A0102732.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP595\A0102796.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP594\A0101594.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP595\A0103807.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP595\A0103847.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP590\A0101548.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP586\A0101522.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP592\A0101571.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP594\A0101697.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\catchme2008-01-25_ 65753.95.zip[Vyd60.sys] 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP591\A0101558.sys 02893791 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\WINDOWS\system32\drivers\Vyd60.sys 02894953 Trj/Downloader.SFC Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\socksys.dll.vir 02894953 Trj/Downloader.SFC Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\socketa.dll.vir 02894953 Trj/Downloader.SFC Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP598\A0104007.dll 02894953 Trj/Downloader.SFC Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP598\A0104006.dll ;=================================================================================================================================================================================== SUSPECTS Location ;=================================================================================================================================================================================== ;===================================================================================================================================================================================
-
Bonjour Charles Ingals J'ai toujours le meme virus qui apparait a chaque démarrage, que je le supprime ou qu'il soit mis en quarantaine ! C:\windows\system32\drivers\smtpdrv.sys contient le logiciel malveillant Win32:Agent-LNK [Wrm] Voici le rapport combofix, le rapport panda arrive dans un moment ComboFix 08-01-23.2 - Owner 2008-01-25 6:48:20.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.130 [GMT 1:00] Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\bhij.exe C:\documents and settings\owner\application data\errorsafefrenchnewreleaseinstall[1].exe C:\install.dat C:\WINDOWS\system32\socketa.dll C:\WINDOWS\system32\socksys.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\bhij.exe C:\install.dat C:\WINDOWS\system32\socketa.dll C:\WINDOWS\system32\socksys.dll . ---- Previous Run ------- . C:\Documents and Settings\Owner\err.log C:\Documents and Settings\Owner\ravmonlog . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv -------\smtpdrv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))))))) . 2008-01-24 12:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-23 14:13 . 2008-01-23 14:13 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-23 06:09 . 2008-01-23 06:09 <REP> d-------- C:\backreg 2008-01-23 06:08 . 2008-01-23 13:40 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys 2008-01-23 06:06 . 2008-01-23 06:06 <REP> d-------- C:\Program Files\Greatis 2008-01-23 05:54 . 2008-01-23 05:54 <REP> d-------- C:\Program Files\Enigma Software Group 2008-01-22 22:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat 2008-01-22 21:52 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-22 21:52 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-22 21:51 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-22 21:51 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-22 21:51 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-22 21:51 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-22 21:51 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-22 21:51 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-22 13:13 . 2008-01-22 13:13 244 --ah----- C:\sqmnoopt04.sqm 2008-01-22 13:13 . 2008-01-22 13:13 232 --ah----- C:\sqmdata04.sqm 2008-01-22 10:55 . 2008-01-22 10:55 244 --ah----- C:\sqmnoopt03.sqm 2008-01-22 10:55 . 2008-01-22 10:55 232 --ah----- C:\sqmdata03.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt01.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata01.sqm 2008-01-22 06:05 . 2008-01-22 06:05 244 --ah----- C:\sqmnoopt00.sqm 2008-01-22 06:05 . 2008-01-22 06:05 232 --ah----- C:\sqmdata00.sqm 2008-01-22 05:48 . 2008-01-25 06:48 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys 2008-01-21 18:30 . 2008-01-25 06:56 25,984 --a------ C:\WINDOWS\system32\drivers\Vyd60.sys 2008-01-21 15:48 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-21 15:47 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-21 13:18 . 2008-01-21 13:19 <REP> d-------- C:\Program Files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 11:51 --------- d-----w C:\Program Files\Wanadoo 2007-12-13 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-13 16:39 --------- d-----w C:\Program Files\Samsung 2007-12-13 16:37 --------- d-----w C:\Program Files\eMule 2007-11-30 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar 2006-04-21 10:43 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-24_13.05.50.95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-24 11:57:37 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000001\NTUSER.DAT + 2008-01-25 05:48:12 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000001\NTUSER.DAT - 2008-01-24 11:57:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000002\UsrClass.dat + 2008-01-25 05:48:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000002\UsrClass.dat - 2008-01-24 11:57:37 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000003\NTUSER.DAT + 2008-01-25 05:48:12 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000003\NTUSER.DAT - 2008-01-24 11:57:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000004\UsrClass.dat + 2008-01-25 05:48:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000004\UsrClass.dat - 2008-01-24 11:57:38 7,962,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000005\NTUSER.DAT + 2008-01-25 05:48:13 7,962,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000005\NTUSER.DAT - 2008-01-24 11:57:38 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000006\UsrClass.dat + 2008-01-25 05:48:13 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users000006\UsrClass.dat - 2008-01-23 20:34:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-01-25 05:49:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-01-23 20:34:02 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-01-25 05:49:29 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-01-25 05:49:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008012520080126\index.dat - 2008-01-23 20:34:02 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-25 05:49:29 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-25 05:59:36 18,176 ----a-w C:\WINDOWS\system32\drivers\smtpdrv.sys + 2008-01-25 05:57:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vyd60.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-06-09 14:37 40960 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2006-08-06 10:52 360448 C:\Program Files\Browser Mouse\mouse32a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 08:30 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2005-05-11 13:48 127118 c:\Apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-01-15 19:41 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --------- 2008-01-10 03:37 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-01-27 12:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2004-01-15 19:39 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 13:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe R0 Vyd60;Vyd60;C:\WINDOWS\system32\Drivers\Vyd60.sys [2008-01-25 06:56] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [] S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-23 13:40] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12] S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-01-25 06:48] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-24 12:28:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
-
Bonjour charles ingals C'est un grand plaisir pour moi de voir ta réponse, je commence a etre désespéré ! Voici le rapport combofix: ComboFix 08-01-23.2 - Owner 2008-01-24 13:19:48.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.144 [GMT 1:00] Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Owner\err.log C:\Documents and Settings\Owner\ravmonlog . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv ((((((((((((((((((((((((((((( Fichiers créés 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))))))) . 2008-01-24 12:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-23 14:13 . 2008-01-23 14:13 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-23 06:09 . 2008-01-23 06:09 <REP> d-------- C:\backreg 2008-01-23 06:08 . 2008-01-23 13:40 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys 2008-01-23 06:06 . 2008-01-23 06:06 <REP> d-------- C:\Program Files\Greatis 2008-01-23 05:54 . 2008-01-23 05:54 <REP> d-------- C:\Program Files\Enigma Software Group 2008-01-22 22:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat 2008-01-22 21:52 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-22 21:52 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-22 21:51 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-22 21:51 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-22 21:51 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-22 21:51 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-22 21:51 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-22 21:51 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-22 13:13 . 2008-01-22 13:13 244 --ah----- C:\sqmnoopt04.sqm 2008-01-22 13:13 . 2008-01-22 13:13 232 --ah----- C:\sqmdata04.sqm 2008-01-22 10:55 . 2008-01-22 10:55 244 --ah----- C:\sqmnoopt03.sqm 2008-01-22 10:55 . 2008-01-22 10:55 232 --ah----- C:\sqmdata03.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 244 --ah----- C:\sqmnoopt01.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata02.sqm 2008-01-22 10:35 . 2008-01-22 10:35 232 --ah----- C:\sqmdata01.sqm 2008-01-22 06:05 . 2008-01-22 06:05 244 --ah----- C:\sqmnoopt00.sqm 2008-01-22 06:05 . 2008-01-22 06:05 232 --ah----- C:\sqmdata00.sqm 2008-01-22 05:48 . 2008-01-22 05:52 48,512 --a------ C:\WINDOWS\system32\drivers\nkv2.sys 2008-01-21 20:05 . 2008-01-21 20:05 10,752 --a------ C:\bhij.exe 2008-01-21 18:30 . 2008-01-23 22:22 25,984 --a------ C:\WINDOWS\system32\drivers\Vyd60.sys 2008-01-21 15:53 . 2008-01-21 17:23 25,600 --a------ C:\WINDOWS\system32\socketa.dll 2008-01-21 15:48 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-21 15:47 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-21 15:43 . 2008-01-21 16:47 25,600 --a------ C:\WINDOWS\system32\socksys.dll 2008-01-21 13:18 . 2008-01-21 13:19 <REP> d-------- C:\Program Files\CCleaner 2008-01-20 12:10 . 2008-01-20 12:10 164 --a------ C:\install.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 11:51 --------- d-----w C:\Program Files\Wanadoo 2008-01-21 19:05 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-01-21 19:05 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe 2007-12-13 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-13 16:39 --------- d-----w C:\Program Files\Samsung 2007-12-13 16:37 --------- d-----w C:\Program Files\eMule 2007-11-30 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2006-04-21 10:43 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qtx26.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Twa25.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vyd60.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-23 19:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-06-09 14:37 40960 C:\WINDOWS\VM_STI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2006-08-06 10:52 360448 C:\Program Files\Browser Mouse\mouse32a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERSV_9999_N91S1912] C:\documents and settings\owner\application data\errorsafefrenchnewreleaseinstall [1].exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 08:30 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2005-05-11 13:48 127118 c:\Apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-01-15 19:41 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --------- 2008-01-10 03:37 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-01-27 12:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2004-01-15 19:39 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate] --a------ 2008-01-21 20:05 10752 c:\bhij.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 13:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe R0 Vyd60;Vyd60;C:\WINDOWS\system32\Drivers\Vyd60.sys [2008-01-23 22:22] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [] S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe [] S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-23 13:40] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-23 20:28:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-24 13:21:06 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI] "ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe" .
-
Je crois qu'un formatage s'inpose !!!
-
Oui pour le moment, antivir est en anglais j'ai une petite préférence pour avast, le temps de mieux comprendre le fonctionnement d'antivir J'attend avec impatience l'analyse de charles ingals pour qu'il me trouve un reméde à tout ca !!
-
Bonjour charles ingals Voici les rapports demandé: SDFix: Version 1.130 Run by Owner on 23/01/2008 at 14:14 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: msupdate smtpdrv Path: c:\windows\system32\msvcrtd.exe System32\DRIVERS\smtpdrv.sys msupdate - Deleted smtpdrv - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\6222159 - Deleted C:\WINDOWS\system32\adult.txt - Deleted C:\WINDOWS\system32\finance.txt - Deleted C:\WINDOWS\system32\lt.res - Deleted C:\WINDOWS\system32\other.txt - Deleted C:\WINDOWS\system32\pharma.txt - Deleted C:\WINDOWS\system32\sft.res - Deleted Folder C:\Program Files\Helper - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 14:20:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] "EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll" "CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000009c scanning hidden files ... C:\WINDOWS\system32\config\systemprofile\Cookies\system@live[1].txt C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CTU749IZ\login[2].htm scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 7 Remaining Services: ------------------ smtpdrv Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:PowerCinema" "C:\\Apps\\Powercinema\\PowerCinema.exe"="C:\\Apps\\Powercinema\\PowerCinema.exe:*:Enabled:PowerCinema" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Enabled:Livecom Player" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe"="C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe:*:Enabled:Orange Link Player" "C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe"="C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe:*:Enabled:Orange Link" "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link" "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media" "C:\\Documents and Settings\\Owner\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\Owner\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\WINDOWS\\AdobeR.exe"="C:\\WINDOWS\\AdobeR.exe:*:Disabled:AdobeR" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media" "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link" "C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe" Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe" Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe" Sun 3 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll" Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT2.tmp" Sun 3 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Fri 1 Dec 2006 20 A..H. --- "C:\Documents and Settings\Owner\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Mon 8 May 2006 312 A.SH. --- "C:\Documents and Settings\Owner\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:42:21, on 23/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe c:\Apps\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe D:\setup.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\QZTEMP\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Canon IJ Status Monitor Canon MP150 Series Printer (Copie 1).lnk = ? O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephie4269.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://stephie4269.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
-
Bonjour A force de faire des analyses il ne me reste qu'un seul probléme apparament, un virus détecté à chaque démarrage de l'ordinateur et qui revient a chaque fois malgré que l'antivirus le suprime ou le place en quarantaine, il s'agit de "smtpdrv.sys" Comment faire pour le supprimer définitivement ?!?