Votre question

Infection VBS: Malware-gen

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Novembre 2008 20:40:57

Bonjour,

Je poste ici un nouveau message parce que j'ai rencontré un problème avec mon A.V Avast!

J'ai reçu ce virus, a priori, sur mon DD externe en faisant des transferts de données sur différents PC, et de retour chez moi, sur mon PC perso, Avast! s'est affolé.

J'ai déjà fait le rapport Hijackthis, que je colle a la fin de ce post.

En espérant que quelqu'un aura la patience de m'aider.

Cécile



------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:07, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Dell\MFP_DELL\deMntrService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscript.exe
C:\PROGRA~1\Avast4\ashQuick.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\PROGRA~1\Avast4\ashQuick.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ben\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=fr&l=f...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=fr&l=f...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=Pcdn3NpPoi0kEpeeQH0...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Gdooey Mae
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Zip] wscript.exe /E:vbs C:\autoexec.bat
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Crocpopup] C:\Program Files\crocpopup\crocpopup.exe
O4 - HKCU\..\Run: [pufgkcxur] c:\documents and settings\ben\local settings\application data\pufgkcxur.exe pufgkcxur
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e8e1e8f58aa8416f97b4e52769330cd5
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e8e1e8f58aa8416f97b4e52769330cd5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13679 bytes

Autres pages sur : infection vbs malware gen

11 Novembre 2008 08:57:48

Bonjour à tous,
j'ai besoin d'aide je suis novice en informatique et les messages d'avast m'empêche de travailler sur mon ordinateur.
Je vous remercie par avance.
11 Novembre 2008 09:43:45

Bonjour
attention a bien désactiver avast avant de faire ce que je te demande...


désactive le module self defense d'avast avant de faire ce qui suit:

Clic-droit sur l'icône d'Avast! près de l'horloge >> "Réglages du programme..."

- Option "Dépannage" (au bas à gauche)

- Cocher "Désactiver le module self-defense d'avast!" >> "Ok"


Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Contenus similaires
11 Novembre 2008 13:44:14

Bonjour et merci pour votre réponse.

Après plusieurs tentatives j'ai réussi à obtenir un log de la part de ComboFix.

Aussi je voudrais rappeler que mon infection est à l'origine sur un DD externe G:\, et qui s'est propagée sur mon C:\




__________________________________________________________

Voici le rapport :


ComboFix 08-11-10.01 - Ben 2008-11-11 13:27:02.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1586 [GMT 1:00]
Lancé depuis: c:\documents and settings\Ben\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf
.
---- Previous Run -------
.
C:\Autorun.inf
c:\documents and settings\Ben\Local Settings\Application Data\pufgkcxur.dat
c:\documents and settings\Ben\Local Settings\Application Data\pufgkcxur_nav.dat
c:\documents and settings\Ben\Local Settings\Application Data\pufgkcxur_navps.dat
c:\documents and settings\Ben\Menu Démarrer\Programmes\InternetGameBox
c:\documents and settings\Ben\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
c:\documents and settings\Ben\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
c:\documents and settings\Ben\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
c:\documents and settings\Ben\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
c:\windows\system32\nvs2.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
.

2008-11-10 19:52 . 2008-03-27 21:40 1,952 --ah----- C:\wa6.vbs
2008-11-10 19:52 . 2008-03-27 21:40 1,952 --ah----- C:\gdmae.bmp
2008-11-05 16:56 . 2008-11-05 16:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-05 16:56 . 2008-11-05 16:56 1,409 --a------ c:\windows\QTFont.for
2008-10-27 20:26 . 2004-02-03 17:00 237,568 -ra------ c:\windows\system32\SiSWPars.dll
2008-10-27 20:26 . 2004-09-16 17:00 162,304 -ra------ c:\windows\system32\drivers\sis163u.sys
2008-10-27 20:26 . 2004-02-03 17:00 155,648 -ra------ c:\windows\system32\SiSWInst.dll
2008-10-27 20:26 . 2003-11-12 17:00 49,152 -ra------ c:\windows\system32\SiSWBase.dll
2008-10-27 20:26 . 2004-06-01 17:00 36,864 -ra------ c:\windows\system32\unwlsdrv.exe
2008-10-27 20:26 . 2004-03-31 17:00 7,060 -ra------ c:\windows\system32\setparam.ini
2008-10-27 20:26 . 2004-03-31 17:00 7,060 -ra------ c:\windows\setparam.ini
2008-10-27 20:26 . 2008-10-27 20:26 33 --a------ c:\windows\system32\wunilog.ini
2008-10-24 07:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 18:57 . 2008-10-16 18:57 <REP> d-------- c:\windows\system32\ageia
2008-10-16 18:57 . 2008-10-16 18:57 <REP> d-------- c:\program files\AGEIA Technologies
2008-10-15 06:12 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 06:12 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 06:12 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 06:12 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 06:12 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 06:12 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-11 12:22 . 2008-10-11 12:22 <REP> d-------- C:\Powersim

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 12:23 --------- d-----w c:\documents and settings\Ben\Application Data\Skype
2008-11-10 13:54 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-10 13:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-07 21:21 183,120 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-07 21:21 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-07 14:00 --------- d-----w c:\program files\Norton Security Scan
2008-10-30 18:42 --------- d-----w c:\program files\Avast4
2008-10-30 12:16 --------- d-----w c:\program files\Google
2008-10-30 12:15 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 13:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-10-11 18:10 --------- d-----w c:\program files\Microsoft Works
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll
2008-08-20 05:10 670,208 ------w c:\windows\system32\dllcache\wininet.dll
2008-08-20 05:10 620,544 ------w c:\windows\system32\dllcache\urlmon.dll
2008-08-20 05:10 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-20 05:10 1,499,648 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-03-06 13:39 2,410 ----a-w c:\documents and settings\Ben\Application Data\wklnhst.dat
2007-12-29 21:24 22,328 ----a-w c:\documents and settings\Ben\Application Data\PnkBstrK.sys
2007-10-20 16:15 76 --sh--r c:\windows\CT4CET.bin
2007-11-07 12:43 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.
  1. <pre>
  2. ----a-w 16,845 2008-01-08 18:03:51 c:\dev-cpp\Gérard 2\TP 3 .exe
  3. </pre>



((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [N/A]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 68856]
"Steam"="c:\steam\steam.exe" [2008-03-28 1271032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Crocpopup"="c:\program files\crocpopup\crocpopup.exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-15 1392640]
"DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe" [2007-06-28 286720]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320]
"dscactivate"="c:\dell\dsca.exe" [N/A]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [N/A]
"BuildBU"="c:\dell\bldbubg.exe" [N/A]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 283888]
"Tpscrex"="c:\program files\MSTpscre\Tpscrex.exe" [N/A]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"nwiz"="nwiz.exe" [2008-02-22 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 c:\windows\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 c:\windows\system32\nvmctray.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]
"Zip"="wscript.exe" [2008-05-08 c:\windows\system32\wscript.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ben\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-20 50688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Steam\\steamapps\\coldjah\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Steam\\steamapps\\coldjah\\counter-strike source\\hl2.exe"=
"c:\\Steam\\steamapps\\coldjah\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Jeux\\Overlord\\Overlord2.exe"=
"c:\\Steam\\steamapps\\coldjah\\source sdk base\\hl2.exe"=
"\\\\CFGVHJK\\CS1.6\\hltv.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Steam\\steamapps\\spliffounet\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Jeux\\UT3\\Binaries\\UT3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14503:TCP"= 14503:TCP:BitComet 14503 TCP
"14503:UDP"= 14503:UDP:BitComet 14503 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 DESVUSB;Dell service driver;c:\windows\system32\DRIVERS\desrvusb.sys [2007-05-11 17536]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-09-16 162304]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{741fb218-bc7f-11dc-b5af-001c26dfc2d4}]
\Shell\AutoRun\command - F:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7b16740-b71b-11dc-b5a0-001c23a1e616}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1dfbfce-2bca-11dd-b699-001c2697d214}]
\Shell\Auto\command - F:\Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f888a9b7-84ed-11dc-b516-001c26dfc2d4}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-11-07 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2008-11-11 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\xi6ysk70.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 13:30:36
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2008-11-11 13:33:02
ComboFix-quarantined-files.txt 2008-11-11 12:31:56

Avant-CF: 41,697,087,488 octets libres
Après-CF: 41,687,085,056 octets libres

206 --- E O F --- 2008-10-24 18:23:09
11 Novembre 2008 18:17:34

re
Citation :
Aussi je voudrais rappeler que mon infection est à l'origine sur un DD externe G:\, et qui s'est propagée sur mon C:\

pas de problèmes, je souhaite juste qu'on traite tout d'un coup (vu qu'il y a d'autres choses que de l'infection USB)

1
Télécharge Flash Disinfector
Connectes tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
Connecte tous les périphériques externes ( DD , USB , ..... )
Double clique sur Flash Disinfector et laisse toi guider

2
Copie (Ctrl+C) le texte ci-dessous :
File::
C:\wa6.vbs
C:\gdmae.bmp
RenV::
c:\dev-cpp\Gérard 2\TP 3 .exe



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    3
    reposte un log hijackthis stp



    11 Novembre 2008 19:50:32

    Je pense avoir fait comme tu me l'as indiqué mais je n'ai pas eu la question "Type 1.... or 2..." mais le scan de ComboFix s'est déroulé normalement et j'ai eu un rapport que voici :


    Rapport de ComboFix :
    ______________________________________________________________
    ComboFix 08-11-10.01 - Ben 2008-11-11 19:34:50.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1360 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Ben\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Ben\Bureau\CFScript.txt.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    C:\gdmae.bmp
    C:\wa6.vbs
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\gdmae.bmp
    C:\wa6.vbs

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-11 16:27 . 2008-11-11 18:31 <REP> d-------- c:\documents and settings\Ben\Application Data\dvdcss
    2008-11-11 14:21 . 2008-11-11 14:21 <REP> d-------- c:\documents and settings\Ben\Application Data\vlc
    2008-11-11 14:17 . 2008-11-11 14:18 <REP> d-------- c:\program files\VLC Media player
    2008-10-27 20:26 . 2004-02-03 17:00 237,568 -ra------ c:\windows\system32\SiSWPars.dll
    2008-10-27 20:26 . 2004-09-16 17:00 162,304 -ra------ c:\windows\system32\drivers\sis163u.sys
    2008-10-27 20:26 . 2004-02-03 17:00 155,648 -ra------ c:\windows\system32\SiSWInst.dll
    2008-10-27 20:26 . 2003-11-12 17:00 49,152 -ra------ c:\windows\system32\SiSWBase.dll
    2008-10-27 20:26 . 2004-06-01 17:00 36,864 -ra------ c:\windows\system32\unwlsdrv.exe
    2008-10-27 20:26 . 2004-03-31 17:00 7,060 -ra------ c:\windows\system32\setparam.ini
    2008-10-27 20:26 . 2004-03-31 17:00 7,060 -ra------ c:\windows\setparam.ini
    2008-10-27 20:26 . 2008-10-27 20:26 33 --a------ c:\windows\system32\wunilog.ini
    2008-10-24 07:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-16 18:57 . 2008-10-16 18:57 <REP> d-------- c:\windows\system32\ageia
    2008-10-16 18:57 . 2008-10-16 18:57 <REP> d-------- c:\program files\AGEIA Technologies
    2008-10-15 06:12 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-10-15 06:12 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-15 06:12 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-15 06:12 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-15 06:12 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
    2008-10-15 06:12 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-10-11 12:22 . 2008-10-11 12:22 <REP> d-------- C:\Powersim

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-11 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-11-11 12:23 --------- d-----w c:\documents and settings\Ben\Application Data\Skype
    2008-11-10 13:54 --------- d-----w c:\program files\Windows Live Safety Center
    2008-11-07 21:21 183,120 ----a-w c:\windows\system32\PnkBstrB.exe
    2008-11-07 21:21 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-07 14:00 --------- d-----w c:\program files\Norton Security Scan
    2008-10-30 18:42 --------- d-----w c:\program files\Avast4
    2008-10-30 12:16 --------- d-----w c:\program files\Google
    2008-10-30 12:15 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-17 13:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2008-10-11 18:10 --------- d-----w c:\program files\Microsoft Works
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll
    2008-08-20 05:10 670,208 ------w c:\windows\system32\dllcache\wininet.dll
    2008-08-20 05:10 620,544 ------w c:\windows\system32\dllcache\urlmon.dll
    2008-08-20 05:10 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-08-20 05:10 1,499,648 ------w c:\windows\system32\dllcache\shdocvw.dll
    2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
    2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
    2008-03-06 13:39 2,410 ----a-w c:\documents and settings\Ben\Application Data\wklnhst.dat
    2007-12-29 21:24 22,328 ----a-w c:\documents and settings\Ben\Application Data\PnkBstrK.sys
    2007-10-20 16:15 76 --sh--r c:\windows\CT4CET.bin
    2007-11-07 12:43 848 --sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 68856]
    "Steam"="c:\steam\steam.exe" [2008-03-28 1271032]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-15 1392640]
    "DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe" [2007-06-28 286720]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320]
    "avast!"="c:\progra~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 283888]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
    "nwiz"="nwiz.exe" [2008-02-22 c:\windows\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2008-02-22 c:\windows\system32\nvhotkey.dll]
    "NvMediaCenter"="NvMCTray.dll" [2008-02-22 c:\windows\system32\nvmctray.dll]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]
    "Zip"="wscript.exe" [2008-05-08 c:\windows\system32\wscript.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Ben\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-20 50688]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Steam\\steamapps\\coldjah\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\Steam\\steamapps\\coldjah\\counter-strike source\\hl2.exe"=
    "c:\\Steam\\steamapps\\coldjah\\day of defeat source\\hl2.exe"=
    "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Jeux\\Overlord\\Overlord2.exe"=
    "c:\\Steam\\steamapps\\coldjah\\source sdk base\\hl2.exe"=
    "\\\\CFGVHJK\\CS1.6\\hltv.exe"=
    "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
    "c:\\Steam\\steamapps\\spliffounet\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Jeux\\UT3\\Binaries\\UT3.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "14503:TCP"= 14503:TCP:BitComet 14503 TCP
    "14503:UDP"= 14503:UDP:BitComet 14503 UDP

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]
    R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
    R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 DESVUSB;Dell service driver;c:\windows\system32\DRIVERS\desrvusb.sys [2007-05-11 17536]
    S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-09-16 162304]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{741fb218-bc7f-11dc-b5af-001c26dfc2d4}]
    \Shell\AutoRun\command - F:\AutoTransfer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7b16740-b71b-11dc-b5a0-001c23a1e616}]
    \Shell\AutoRun\command - wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1dfbfce-2bca-11dd-b699-001c2697d214}]
    \Shell\Auto\command - F:\Windows.scr
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f888a9b7-84ed-11dc-b516-001c26dfc2d4}]
    \Shell\Auto\command - Windows.scr
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe []

    2008-11-07 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

    2008-11-11 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-DellSupport - c:\program files\DellSupport\DSAgnt.exe
    HKCU-Run-Crocpopup - c:\program files\crocpopup\crocpopup.exe
    HKLM-Run-dscactivate - c:\dell\dsca.exe
    HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe
    HKLM-Run-BuildBU - c:\dell\bldbubg.exe
    HKLM-Run-Tpscrex - c:\program files\MSTpscre\Tpscrex.exe



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 19:37:59
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-11-11 19:40:02
    ComboFix-quarantined-files.txt 2008-11-11 18:39:15
    ComboFix2.txt 2008-11-11 12:33:03

    Avant-CF: 41 545 768 960 octets libres
    Après-CF: 41,527,967,744 octets libres

    189 --- E O F --- 2008-10-24 18:23:09

    ___________________________________________________________



    Finalement j'ai relancé Hijackthis
    ___________________________________________________________

    Rapport de Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:43:32, on 11/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Dell\MFP_DELL\deMntrService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\OEM02Mon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ben\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=fr&l=f...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=Pcdn3NpPoi0kEpeeQH0...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [Zip] wscript.exe /E:vbs C:\autoexec.bat
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e8e1e8f58aa8416f97b4e52769330cd5
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e8e1e8f58aa8416f97b4e52769330cd5
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11837 bytes
    12 Novembre 2008 13:10:03

    Bizarrement je pensais que les actions de Combofix m'avaient sorti de ce probleme mais apparement en ayant connecté un autre volume (clef USB) je l'ai aussi infectée...
    Que dois-je faire alors ?
    12 Novembre 2008 14:25:24

    ceceB a dit :
    Bizarrement je pensais que les actions de Combofix m'avaient sorti de ce probleme mais apparement en ayant connecté un autre volume (clef USB) je l'ai aussi infectée...
    Que dois-je faire alors ?

    Bonjour,
    tu avais fait la manip demandée avec Flash Disinfector ?
    il faut que tous les périphériques que tu as soient connectés au moment où tu passes l'outil: tous tes dd externes, toutes tes clés usb...


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS