Multi infections

Sura -  
 sura -
Bonjour,

Mon ordinateur est infecté. les symptômes sont les suivants :

- processus "windows" prenant 100% UC apparaissant de temps à autres
- internet lent, impossibilté d'ouvrir un dossier sur le bureau
- popup permanents
- ancien problème : winologon.exe = 100% uc, mais n'apparaît plus depuis un moment
- spybot releve en permanence des infections virtuamonde

Voici le rapport hijacthis

Logfile of HijackThis v1.99.1
Scan saved at 17:48:20, on 26/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=H:\WINDOWS\System32\ddabc.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a0cbf2bf] rundll32.exe "H:\WINDOWS\System32\wxekfele.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Holdem Genius Auto Attacher.lnk = H:\Program Files\Holdem Genius\HG_Watcher.exe
O4 - Global Startup: B4Playing Smart Tool.lnk = H:\Program Files\B4Playing\B4PlayingSmartTool\B4PClient.exe
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - H:\WINDOWS\System32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe

Devoir formater me pose beaucoup de problème pour sauvegarder mes données, et je vous serai très reconnaissant si vous parveniez à m'éviter ca.

Je suis à votre entière disposition dans le cas ou vous voudriez bien me répondre.

Sura
Configuration: Windows XP
Internet Explorer 6.0

27 réponses

  • 1
  • 2
  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Moi je veux bien te désinfecter tout ca.
    Mais si c'est pour repartir dans la nature sans antivirus, ca m'interresse pas.

    Télécharge Combofix sUBs :http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    Copie/colle un nouveau rapport HiJackThis avec.
    2
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    H:\WINDOWS\system32\sys32time.dll
    H:\WINDOWS\c3VyYQ
    H:\WINDOWS\System32\oljpwrfv.dll
    H:\Program Files\kernel
    H:\WINDOWS\System32\ddabc.exe
    H:\Program Files\?asks
    H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    1
  3. Sura
     
    je rajoute que mon disque C apparaît comme marqué d'une croix rouge sur le poste de travail (j'ai 2 disques, windows est sur H)
    et que C et H se trouvent encombrés par des centaines de fichies . tmp, certains "in use" et qui reviennent systématiquement une fois supprimés
    0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Pourquoi n'y a t il pas d'antivirus?

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Sura
     
    je n'en utilise généralement que quand j'ai des probleme, la il n'y a que spybot
    0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Spybot est un anti-spyware, pas un antivirus.

    Que penses tu de commencer par la base, c'est a dire l'installation d'un antivirus ? :)
    0
  8. Sura
     
    j'ai déja essayé sans succès avec avg et www.secuser.com

    J'aurai besoin d'une aide un peu plus personnalisée :)
    0
  9. Sura
     
    Je te remercie beaucon de ton aide et serai plus prudent à l'avenir. Voici le rapport que tu m'as demandé, je l'ai uploadé sur rapidshare, ne parvenant pas à le copier ici dans son intégralité. J'espère que ça t'ira

    Sura

    http://rapidshare.com/files/86903442/rapport.txt.html
    0
  10. Sura
     
    mon ordinateur va beaucoup mieux, a part la croix rouge sur le disque c toujours présente tout va bien
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Yo, j'arrive pas a l'obtenir
    Heberge le plutot sur c joint:
    https://www.cjoint.com/

    A+
    0
  12. Sura
     
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      Salut

      Copie/colle le résultat ici, cela sera nettement plus facile pour Régis
      A+
      0
  13. SchneiderBZH Messages postés 761 Statut Membre 28
     
    Sura,je te conseillerais d'installé le SP2 pour ton Windows XP et de passer d'Internet Explorer 6 au 7 ou bien tout siplement d'installer Firefox!
    0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    OK

    Y'a une grosse infection de type Vundo.

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe afin de le lancer.
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    A+
    0
  15. Sura
     
    Merci pour tes instructions si clairement détaillées

    Vundo fix :

    H:\WINDOWS\system32\ddabc.exe

    Hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 02:01:06, on 29/01/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\Explorer.EXE
    H:\Program Files\Google\Google Updater\GoogleUpdater.exe
    H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    H:\WINDOWS\System32\nvsvc32.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    H:\Program Files\MSN Messenger\usnsvc.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Holdem Genius Auto Attacher.lnk = H:\Program Files\Holdem Genius\HG_Watcher.exe
    O4 - Global Startup: B4Playing Smart Tool.lnk = H:\Program Files\B4Playing\B4PlayingSmartTool\B4PClient.exe
    O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - H:\WINDOWS\System32\windows (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
    0
  16. Sura
     
    je te signale également que j'ai l'impression (depuis un bon moment) que mes processus occupent trop de mémoire quand j'accede au gestionnaire des tâches, surtout iexporer.exe. D'autre part ce processus peut être actif plusieurs fois alors qu'une seule fenêtre internet est ouverte.

    Merci encore pour ton aide
    0
  17. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok. C'est mieux.

    Installe un antivirus, je te conseille Antivir (clique sur antivir pour avoir le lien de téléchargement).
    Une fois installé, remet un rapport combofix.

    A+
    0
  18. sura
     
    Je t'envoie ici le rapport de Antivir après scannage du disque. Je redémarre, le rapport combofix arrive dans 2 minutes

    AntiVir PersonalEdition Classic
    Report file date: jeudi 31 janvier 2008 01:18

    Scanning for 1085232 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 1) [5.1.2600]
    Username: SYSTEM
    Computer name: SURA-17ENM42UUK

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:42:53
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 13:42:53
    ANTIVIR3.VDF : 7.0.2.71 203264 Bytes 30/01/2008 13:42:53
    AVEWIN32.DLL : 7.6.0.59 3232256 Bytes 30/01/2008 13:42:53
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 30/01/2008 13:42:53
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: h:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: H:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 31 janvier 2008 01:18

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'Steam.exe' - '1' Module(s) have been scanned
    Scan process 'IGZones.exe' - '1' Module(s) have been scanned
    Scan process 'casino.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    27 processes with 27 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'H:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    H:\WINDOWS\system32\CTFMON.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47e7061e.qua'!
    H:\WINDOWS\system32\CTFMON.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DVD

    The registry was scanned ( '22' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Propriétaire\Bureau\mickael\JEUX\AOC\crack_aok_2.0a.zip
    [0] Archive type: ZIP
    --> empires2.exe
    [DETECTION] Is the Trojan horse TR/Small.971264
    [INFO] The file was moved to '4802088d.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temp\dm_0030.exe
    [DETECTION] Is the Trojan horse TR/Dialer.TS
    [INFO] The file was moved to '480008f9.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4ZUVEFSB\gepj[1]
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '48110919.qua'!
    C:\Program Files\eMule\Incoming\poker tracker 2.16.03d + keygen.rar
    [0] Archive type: RAR
    --> Keygen\keygen.exe
    [DETECTION] Contains detection pattern of the dropper DR/Shark.AU
    [INFO] The file was moved to '480c09f8.qua'!
    C:\System Volume Information\_restore{2D30742B-7C2B-4F51-9FB6-BB723D9C758A}\RP93\A0032860.exe
    [DETECTION] Is the Trojan horse TR/Dialer.TS
    [INFO] The file was moved to '47d10a61.qua'!
    C:\WINDOWS\lsas32.exe
    [DETECTION] Is the Trojan horse TR/Dialer.TS
    [INFO] The file was moved to '48020b05.qua'!
    C:\WINDOWS\syss.dll
    [DETECTION] Is the Trojan horse TR/Spy.Agent.adi
    [INFO] The file was moved to '48140b0d.qua'!
    C:\WINDOWS\system32\rsvpsp61.dll
    [DETECTION] Is the Trojan horse TR/Hijacker.Gen
    [INFO] The file was moved to '48170ba2.qua'!
    C:\WINDOWS\system32\sstqp.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48150ba7.qua'!
    C:\WINDOWS\system32\udtyrpdq.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '48150b9a.qua'!
    C:\WINDOWS\Temp\dm_0030.exe
    [DETECTION] Is the Trojan horse TR/Dialer.TS
    [INFO] The file was moved to '48000bee.qua'!
    Begin scan in 'H:\' <DATA>
    H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.RB0
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '48020e3b.qua'!
    H:\QooBox\Quarantine\H\Program Files\ComPlus Applications\fsodyvav.html.vir
    [DETECTION] Is the Trojan horse TR/Click.HTML.IFrame.DN
    [INFO] The file was moved to '48100fa8.qua'!
    H:\QooBox\Quarantine\H\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '48130f9a.qua'!
    H:\QooBox\Quarantine\H\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47ea0f82.qua'!
    H:\QooBox\Quarantine\H\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47ea0f83.qua'!
    H:\QooBox\Quarantine\H\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '48140fab.qua'!
    H:\QooBox\Quarantine\H\Program Files\MSN Messenger\MsnMsgr .Exe.vir
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '480f0faa.qua'!
    H:\QooBox\Quarantine\H\Program Files\MSN Messenger\MsnMsgr.Exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '499fb5d3.qua'!
    H:\QooBox\Quarantine\H\Program Files\Spybot - Search & Destroy\TeaTimer.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '48020f9d.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\b122.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.1
    [INFO] The file was moved to '47d30f6a.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\Downloaded Program Files\xpreload.ocx.vir
    [DETECTION] Is the Trojan horse TR/Dldr.VB.cdq
    [INFO] The file was moved to '48130fa9.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47e40f8c.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\ahtwyycv.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48150fa2.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\anhrfwkl.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was moved to '48090fa8.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\bodjxtim.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48050faa.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\dsyugqrm.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.dvc.6
    [INFO] The file was moved to '481a0fae.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\ejvldjbr.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.dvc.6
    [INFO] The file was moved to '48170fa5.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\hxpedkag.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DUP
    [INFO] The file was moved to '48110fb4.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\lebncpnn.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was moved to '48030fa1.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\oljpwrfv.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DUP
    [INFO] The file was moved to '480b0fa8.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\oyupvrxv.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '48160fb5.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\RCXFB.tmp.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47f90f80.qua'!
    H:\QooBox\Quarantine\H\WINDOWS\system32\windows.vir
    [DETECTION] Is the Trojan horse TR/Zapchast.DT.1
    [INFO] The file was moved to '480f0fa6.qua'!
    H:\RECYCLER\S-1-5-21-484763869-1004336348-725345543-1003\Dh4.zip
    [0] Archive type: ZIP
    --> ddabc.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> grffnhtf.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was moved to '47d50fa7.qua'!
    H:\System Volume Information\_restore{2D30742B-7C2B-4F51-9FB6-BB723D9C758A}\RP93\A0032789.exe
    [DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
    [INFO] The file was moved to '47d10f70.qua'!
    H:\System Volume Information\_restore{2D30742B-7C2B-4F51-9FB6-BB723D9C758A}\RP93\A0032859.EXE
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '465fa019.qua'!
    H:\VundoFix Backups\ddabc.exe.bad
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '48020fa5.qua'!
    H:\WINDOWS\system32\RCX147.tmp
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47f9104f.qua'!
    H:\WINDOWS\system32\RCX182.tmp
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '4674b9b0.qua'!
    H:\WINDOWS\system32\RCX1F2C.tmp
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47f91050.qua'!
    H:\WINDOWS\system32\RCX3CD.tmp
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '4674b9b1.qua'!
    H:\WINDOWS\system32\sys32time.dll
    [DETECTION] Is the Trojan horse TR/Spy.Banker.hrm
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    H:\WINDOWS\system32\ugwdgtal.dll_old
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was moved to '4818108f.qua'!
    H:\WINDOWS\system32\windows_old
    [DETECTION] Is the Trojan horse TR/Zapchast.DT.1
    [INFO] The file was moved to '480f1094.qua'!
    H:\WINDOWS\system32\ardCo01\ardCo011065.exe
    [DETECTION] Is the Trojan horse TR/Dldr.VB.ccs
    [INFO] The file was moved to '480510a0.qua'!

    End of the scan: jeudi 31 janvier 2008 02:03
    Used time: 45:18 min

    The scan has been done completely.

    6201 Scanning directories
    297173 Files were scanned
    48 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    46 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    297125 Files not concerned
    3068 Archives were scanned
    0
  19. sura
     
    Combofix

    ComboFix 08-01-23.1C - Propri‚taire 2008-01-31 2:07:09.3 - NTFSx86
    Endroit: H:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-30 07:24 . 2008-01-30 07:24 <REP> d-------- H:\Program Files\Avira
    2008-01-29 22:27 . 2008-01-29 22:27 230,454 --a------ H:\WINDOWS\GOM_Wallpaper.bmp
    2008-01-29 01:51 . 2008-01-31 01:58 <REP> d-------- H:\VundoFix Backups
    2008-01-27 01:02 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\Nircmd.exe
    2008-01-26 17:23 . 2003-12-12 16:06 1,693,696 --a------ H:\WINDOWS\system32\ltclr13n.dll
    2008-01-26 17:23 . 2003-11-04 15:11 155,648 --a------ H:\WINDOWS\system32\lftif13n.dll
    2008-01-26 17:23 . 2003-11-04 15:10 98,304 --a------ H:\WINDOWS\system32\lffax13n.dll
    2008-01-26 17:18 . 2004-05-14 16:53 462,848 --a------ H:\WINDOWS\system32\ltkrn13n.dll
    2008-01-26 17:18 . 2004-05-14 16:53 450,560 --a------ H:\WINDOWS\system32\ltimg13n.dll
    2008-01-26 17:18 . 2004-05-14 16:53 401,408 --a------ H:\WINDOWS\system32\lfcmp13n.dll
    2008-01-26 17:18 . 2004-05-14 16:53 299,008 --a------ H:\WINDOWS\system32\ltdis13n.dll
    2008-01-26 17:18 . 2004-01-12 02:09 206,336 --a------ H:\WINDOWS\system32\ltefx13n.dll
    2008-01-26 17:18 . 2004-05-14 16:53 163,840 --a------ H:\WINDOWS\system32\ltfil13n.dll
    2008-01-26 17:18 . 2003-11-04 15:10 69,632 --a------ H:\WINDOWS\system32\lfgif13n.dll
    2008-01-26 17:18 . 2004-05-14 16:53 57,344 --a------ H:\WINDOWS\system32\lfbmp13n.dll
    2008-01-26 15:58 . 2008-01-26 15:58 <REP> d-------- H:\WINDOWS\AU_Temp
    2008-01-26 15:09 . 2008-01-26 15:09 <REP> d-------- H:\WINDOWS\report
    2008-01-26 15:09 . 2008-01-26 15:29 <REP> d-------- H:\WINDOWS\AU_Backup
    2008-01-26 15:09 . 2008-01-26 15:09 1,916,766 --a------ H:\WINDOWS\tsc.ptn
    2008-01-26 15:09 . 2008-01-26 15:58 1,163,344 --a------ H:\WINDOWS\vsapi32.dll
    2008-01-26 15:09 . 2008-01-26 15:09 267,845 --a------ H:\WINDOWS\tsc.exe
    2008-01-26 15:09 . 2008-01-26 15:58 86,094 --a------ H:\WINDOWS\BPMNT.dll
    2008-01-26 15:09 . 2008-01-26 15:09 71,749 --a------ H:\WINDOWS\hcextoutput.dll
    2008-01-26 15:09 . 2008-01-26 15:58 823 --a------ H:\WINDOWS\tsc.ini
    2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\VPTNFILE.963
    2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\LPT$VPN.963
    2008-01-26 15:06 . 2008-01-26 15:06 <REP> d-------- H:\WINDOWS\AU_Log
    2008-01-26 15:06 . 2008-01-26 15:06 507,904 --a------ H:\WINDOWS\TMUPDATE.DLL
    2008-01-26 15:06 . 2008-01-26 15:06 286,720 --a------ H:\WINDOWS\PATCH.EXE
    2008-01-26 15:06 . 2008-01-26 15:06 69,689 --a------ H:\WINDOWS\UNZIP.DLL
    2008-01-26 15:06 . 2008-01-26 15:58 170 --a------ H:\WINDOWS\GetServer.ini
    2008-01-26 03:17 . 2008-01-26 03:18 <REP> d-------- H:\Program Files\TexasCalculatem
    2008-01-26 03:12 . 2008-01-26 03:15 <REP> d-------- H:\Program Files\Holdem Genius
    2008-01-26 03:08 . 2008-01-26 03:08 <REP> d-------- H:\Program Files\B4Playing
    2008-01-23 15:08 . 2008-01-23 15:08 <REP> d-------- H:\Poker
    2008-01-22 14:38 . 2008-01-22 14:38 <REP> d-------- H:\WINDOWS\Sun
    2008-01-22 14:37 . 2008-01-22 14:37 <REP> d-------- H:\Program Files\Java
    2008-01-22 14:37 . 2007-09-24 23:31 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl
    2008-01-22 14:36 . 2008-01-22 14:36 <REP> d-------- H:\Program Files\Fichiers communs\Java
    2008-01-20 22:00 . 2008-01-20 22:00 <REP> d-------- H:\Program Files\aMSN
    2008-01-16 16:47 . 2008-01-16 16:47 <REP> d-------- H:\Program Files\PokerAce Hud
    2008-01-08 18:44 . 2008-01-26 14:46 1,938 --a------ H:\WINDOWS\wininit.ini
    2008-01-04 21:52 . 2008-01-31 02:01 69 --a------ H:\WINDOWS\NeroDigital.ini
    2008-01-04 21:35 . 2008-01-04 21:35 <REP> d-------- H:\Program Files\Nero
    2008-01-04 21:35 . 2008-01-04 21:37 <REP> d-------- H:\Program Files\Fichiers communs\Nero
    2008-01-01 01:36 . 2008-01-31 02:02 <REP> d-------- H:\WINDOWS\system32\ardCo01
    2008-01-01 01:36 . 2008-01-30 14:17 <REP> d--hs---- H:\WINDOWS\c3VyYQ
    2007-12-31 18:51 . 2007-12-31 18:51 43,520 --a------ H:\WINDOWS\system32\CmdLineExt03.dll
    2007-12-31 11:29 . 2008-01-20 14:48 <REP> d-------- H:\Program Files\IGZones
    2007-12-13 19:09 . 2007-12-13 19:09 972,072 --a------ H:\WINDOWS\UNNeroMediaHome.exe
    2007-12-12 01:35 . 2008-01-30 20:58 <REP> d-------- H:\Program Files\bwin
    2007-12-04 00:05 . 2007-12-04 00:05 59 --a------ H:\WINDOWS\pp.enc
    2007-12-03 23:52 . 2007-12-03 23:52 <REP> d-------- H:\Microgaming
    2007-12-03 18:04 . 2007-12-03 18:04 95,600 --a------ H:\WINDOWS\system32\NeroCo.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-26 23:08 --------- d-----w H:\Program Files\MSN Messenger
    2007-10-30 23:41 133,632 --s-a-w H:\WINDOWS\system32\sys32time.dll
    2005-08-02 14:46 187,904 --sha-r H:\WINDOWS\c3VyYQ\asappsrv.dll
    2005-07-29 14:24 472 --sha-r H:\WINDOWS\c3VyYQ\wapVsk.vbs
    .
    [code]<pre>
    ----a-w 2,321,600 2008-01-08 15:44:52 H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater .exe
    ----a-w 68,856 2008-01-15 10:54:08 H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((( snapshot@2008-01-27_ 1.15.20.57 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-26 15:54:37 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-01-27 12:29:01 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-01-26 15:54:37 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-01-27 12:29:01 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-01-26 15:54:37 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-01-27 12:29:01 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-01-26 15:54:37 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-01-27 12:29:01 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-01-26 15:54:37 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-01-27 12:29:01 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-01-26 15:54:37 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-01-27 12:29:01 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-01-26 15:54:37 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-01-27 12:29:01 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-01-26 15:54:37 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-01-27 12:29:01 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-01-26 15:54:37 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-01-27 12:29:01 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-01-26 15:54:37 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-01-27 12:29:01 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-01-26 15:54:37 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-01-27 12:29:01 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-01-26 15:54:37 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-01-27 12:29:01 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-01-26 15:54:37 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-01-27 12:29:01 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2008-01-26 23:10:00 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-01-26 23:10:00 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-01-26 23:10:00 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-30 11:35:29 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-26 23:02:52 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-01-31 00:07:07 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2007-08-09 11:04:11 40,768 ----a-w H:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 12:22:19 21,312 ----a-w H:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-01-30 13:42:53 61,632 ----a-w H:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:36 28,352 ----a-w H:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
    "SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="H:\WINDOWS\System32\NvCpl.dll" [2006-07-12 06:19 7626752]
    "SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
    "avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-30 15:42 249896]

    H:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    Holdem Genius Auto Attacher.lnk - H:\Program Files\Holdem Genius\HG_Watcher.exe [2008-01-26 03:12:18 1286144]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a0cbf2bf]
    H:\WINDOWS\System32\oljpwrfv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-03 10:43 69632 H:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]
    H:\Program Files\kernel\kernel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    H:\WINDOWS\System32\ddabc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
    H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mvrzptni]
    H:\Program Files\?asks\??oolsv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
    H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-07-12 06:19 7626752 H:\WINDOWS\System32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-07-12 06:19 86016 H:\WINDOWS\System32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-07-12 06:19 1519616 H:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-06-01 08:48 16208384 H:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    H:\WINDOWS\mrofinu572.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    --a------ 2006-05-16 10:04 2879488 H:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tacc]
    H:\DOCUME~1\PROPRI~1\MESDOC~1\ICROSO~1.NET\winlogon.exe

    R0 avgntmgr;avgntmgr;H:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;H:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    S3 MSControlService;Microsoft cache control;H:\WINDOWS\System32\windows []

    *Newly Created Service* - ANTIVIRSERVICE
    *Newly Created Service* - SSMDRV
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-31 02:08:19
    Windows 5.1.2600 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: H:\WINDOWS\explorer.exe [6.00.2800.1106]
    -> h:\windows\system32\sys32time.dll
    .
    Temps d'accomplissement: 2008-01-31 2:08:52
    ComboFix-quarantined-files.txt 2008-01-31 00:08:50
    ComboFix2.txt 2008-01-26 23:15:47
    0
  20. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Fais gaffe a ce que tu télécharges sur emule!!!

    Vas sur le site https://virusscan.jotti.org/
    - Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
    H:\WINDOWS\c3VyYQ\asappsrv.dll
    - Clic sur submit toujours en haut à droite
    - Le scan va se lancer, ça va prendre un petit instant
    - En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
    Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

    a+
    0
  • 1
  • 2