PC blindé de trojan horse help me!!!!

Legreco Messages postés 3 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, voilà comme dit dans le titre, je suis blindé de trojan et je sais pas trop quoi faire j'ai utilisé ad aware il a rien trouvé, spybot 5 objet corrigés et avast à chaque foie que je démarre mon pc il m'en trouve des nouveaux. De plus je le suspecte de ne pas tout avoir viré quand j'ai fait la recherche :fou: . voilà le log de HJT. Si vous avez besoin d'autre chose prévenez moi je vous remercie d'avance pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:45, on 06/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WerCon.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Niko\AppData\Local\Temp\Rar$EX00.433\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomkjkh.dll,#1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Niko\AppData\Local\Temp\ddcdd.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Niko\AppData\Local\Temp\geeeb.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8033 bytes
Configuration: Windows Vista
Firefox 2.0.0.11

7 réponses

  1. piedel48 Messages postés 5 Statut Membre
     
    Aller sur SECUSER.COM ---> anti virus en ligne ...et pi voili !
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomkjkh.dll,#1

    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Niko\AppData\Local\Temp\ddcdd.dll,c
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Niko\AppData\Local\Temp\geeeb.dll,#1
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab

    __________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\qomkjkh.dll
    C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
    C:\Users\Niko\AppData\Local\Temp\geeeb.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _______________________
    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    _______________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
  3. piedel48 Messages postés 5 Statut Membre
     
    AVG7 Free trucide les trojans et autres virus ( www.grisoft.com)
    0
  4. Legreco Messages postés 3 Statut Membre
     
    tout d'abord merci pour ton aide jlpjlp,
    J'ai eu un problème avec lesscans en ligne aucun des deux liens que tu m'avais donné ne marche bien panda ne se lance même pas et bit defender je l'ai lancé 8 fois et à chaque fois il plantais vers la fin de plus je rajoute un log HJK car j'ai l'impression que de nouveaux fichiers dll se sont installés dans mes fichiers temp.

    voila le rapport de move it:

    DllUnregisterServer procedure not found in C:\Windows\system32\qomkjkh.dll
    C:\Windows\system32\qomkjkh.dll NOT unregistered.
    File move failed. C:\Windows\system32\qomkjkh.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
    C:\Users\Niko\AppData\Local\Temp\ddcdd.dll NOT unregistered.
    File move failed. C:\Users\Niko\AppData\Local\Temp\ddcdd.dll scheduled to be moved on reboot.
    File/Folder C:\Users\Niko\AppData\Local\Temp\geeeb.dll not found.

    Created on 02/07/2008 15:12:40

    Voila le rapport de comboFix

    ComboFix 08-02.05.3 - Niko 2008-02-07 15:20:48.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2148 [GMT 1:00]
    Endroit: C:\Users\Niko\Documents\Downloads\Programs\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\qomkjkh.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-07 15:12 . 2008-02-07 15:12 <REP> d-------- C:\_OTMoveIt
    2008-02-06 03:24 . 2008-02-06 03:24 <REP> d-------- C:\Users\Niko\AppData\Roaming\Media Player Classic
    2008-02-06 02:51 . 2008-02-06 02:51 12,176 --a------ C:\Windows\System32\drivers\PROCEXP100.SYS
    2008-02-06 01:43 . 2008-02-06 01:43 <REP> d-------- C:\Windows\Avira
    2008-02-06 01:43 . 2008-02-06 01:43 <REP> d-------- C:\Program Files\Avira
    2008-02-06 01:08 . 2008-02-06 01:09 <REP> d-------- C:\Users\All Users\Lavasoft
    2008-02-06 01:08 . 2008-02-06 01:08 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-06 01:08 . 2008-02-06 01:09 <REP> d-------- C:\PROGRA~2\Lavasoft
    2008-02-06 01:07 . 2008-02-06 02:41 <REP> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2008-02-06 00:48 . 2008-02-06 00:48 <REP> d-------- C:\Windows\AU_Log
    2008-02-06 00:43 . 2008-02-06 00:43 507,904 --a------ C:\Windows\TMUPDATE.DLL
    2008-02-06 00:43 . 2008-02-06 00:43 286,720 --a------ C:\Windows\PATCH.EXE
    2008-02-06 00:43 . 2008-02-06 00:43 69,689 --a------ C:\Windows\UNZIP.DLL
    2008-02-04 11:28 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
    2008-02-04 11:28 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
    2008-02-04 11:28 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
    2008-02-04 11:27 . 2008-02-04 11:27 <REP> d-------- C:\Program Files\Alwil Software
    2008-02-04 11:27 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
    2008-02-04 11:27 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
    2008-02-04 11:27 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-02-04 10:53 . 2008-02-04 10:53 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-04 10:38 . 2008-02-04 10:43 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-02-04 10:38 . 2008-02-04 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-04 10:38 . 2008-02-04 10:43 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
    2008-02-03 12:37 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
    2008-02-03 12:20 . 2008-02-03 12:20 <REP> d-------- C:\Program Files\eMule
    2008-02-01 23:36 . 2004-06-16 00:00 57,344 --a------ C:\Windows\System32\WNASPINT.DLL
    2008-02-01 23:02 . 2008-02-01 23:02 <REP> d-------- C:\Program Files\Alex Feinman
    2008-02-01 22:54 . 2008-02-01 22:54 <REP> d-------- C:\Users\Niko\AppData\Roaming\Ahead
    2008-02-01 22:52 . 2000-06-26 11:45 106,496 --a------ C:\Windows\System32\TwnLib20.dll
    2008-02-01 22:51 . 2008-02-01 22:51 <REP> d-------- C:\Program Files\Common Files\Ahead
    2008-02-01 22:51 . 2008-02-01 23:24 <REP> d-------- C:\Program Files\Ahead
    2008-02-01 22:51 . 2001-07-06 14:41 569,344 --a------ C:\Windows\System32\imagr5.dll
    2008-02-01 22:51 . 2001-07-06 12:44 544,768 --a------ C:\Windows\System32\imagx5.dll
    2008-02-01 22:51 . 2001-07-06 18:24 283,920 --a------ C:\Windows\System32\ImagXpr5.dll
    2008-02-01 22:51 . 2001-07-09 11:50 155,648 --a------ C:\Windows\System32\NeroCheck.exe
    2008-02-01 22:51 . 2001-06-26 08:15 38,912 --a------ C:\Windows\System32\picn20.dll
    2008-02-01 22:02 . 2008-02-01 22:02 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-02-01 21:57 . 2008-02-01 21:57 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
    2008-02-01 21:26 . 2008-02-01 21:40 <REP> d-------- C:\Users\Niko\AppData\Roaming\fltk.org
    2008-01-28 17:29 . 2008-01-28 17:29 <REP> d-------- C:\Users\Niko\AppData\Roaming\eMule
    2008-01-28 17:29 . 2008-02-03 12:22 <REP> d-------- C:\Users\All Users\eMule
    2008-01-28 17:29 . 2008-02-03 12:22 <REP> d-------- C:\PROGRA~2\eMule
    2008-01-28 16:58 . 2008-01-28 16:58 <REP> d-------- C:\Program Files\Combined Community Codec Pack
    2008-01-28 16:50 . 2008-01-28 17:04 <REP> d-------- C:\Users\Niko\AppData\Roaming\IDM
    2008-01-28 16:50 . 2008-02-07 15:19 <REP> d-------- C:\Users\Niko\AppData\Roaming\DMCache
    2008-01-28 16:50 . 2008-01-28 17:38 <REP> d-------- C:\Program Files\Internet Download Manager
    2008-01-27 15:05 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
    2008-01-27 15:04 . 2008-01-27 15:05 <REP> d-------- C:\Program Files\Java
    2008-01-27 15:04 . 2008-01-27 15:04 <REP> d-------- C:\Program Files\Common Files\Java
    2008-01-26 19:32 . 2008-01-31 17:01 <REP> d-------- C:\Users\Niko\AppData\Roaming\Azureus
    2008-01-26 19:32 . 2008-01-26 19:32 <REP> d-------- C:\Users\All Users\Azureus
    2008-01-26 19:32 . 2008-01-26 19:32 <REP> d-------- C:\PROGRA~2\Azureus
    2008-01-26 19:31 . 2008-01-26 19:37 <REP> d-------- C:\Program Files\Azureus
    2008-01-25 17:07 . 2008-01-25 17:08 291,500,364 --a------ C:\Windows\MEMORY.DMP
    2008-01-25 01:21 . 2008-01-25 01:21 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-01-24 22:58 . 2008-01-24 22:58 <REP> d-------- C:\Program Files\Common Files\NSV
    2008-01-24 22:56 . 2008-01-31 17:01 <REP> d-------- C:\Users\Niko\AppData\Roaming\Winamp
    2008-01-24 22:56 . 2008-01-24 22:56 <REP> d-------- C:\Program Files\Winamp
    2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\Windows\System32\idmmbc.dll
    2008-01-22 22:41 . 2008-01-22 22:41 <REP> d-------- C:\Defiler Backups
    2008-01-22 17:15 . 2007-02-06 15:22 347,032 --a------ C:\Windows\System32\Mrvw24C.sys
    2008-01-22 17:15 . 2007-01-19 18:01 312,320 --a------ C:\Windows\System32\Mrvw24B.sys
    2008-01-22 17:15 . 2007-02-08 09:54 16,525 --a------ C:\Windows\System32\netmw24b.inf
    2008-01-22 17:15 . 2007-02-08 09:54 16,514 --a------ C:\Windows\System32\netmw24c.inf
    2008-01-22 17:15 . 2007-01-29 08:08 11,252 --a------ C:\Windows\System32\mrvw24c.cat
    2008-01-22 17:15 . 2007-01-29 08:08 11,252 --a------ C:\Windows\System32\mrvw24b.cat
    2008-01-22 15:49 . 2003-03-19 01:20 1,060,864 --a------ C:\Windows\System32\mfc71.dll
    2008-01-22 15:49 . 2003-03-19 00:14 499,712 --a------ C:\Windows\System32\MSVCP71.dll
    2008-01-22 15:49 . 2006-04-29 14:25 40,960 --a------ C:\Windows\System32\psfind.dll
    2008-01-22 15:42 . 2008-01-22 15:42 <REP> d-------- C:\Program Files\THQ
    2008-01-21 21:56 . 2008-01-21 21:56 <REP> d-------- C:\Users\All Users\Messenger Plus!
    2008-01-21 21:56 . 2008-01-21 21:56 <REP> d-------- C:\PROGRA~2\Messenger Plus!
    2008-01-21 20:07 . 2008-01-21 20:07 <REP> d-------- C:\Program Files\3DO
    2008-01-21 19:53 . 1998-10-07 14:08 327,168 --a------ C:\Windows\IsUn040c.exe
    2008-01-21 19:10 . 2008-01-21 19:10 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-01-21 18:17 . 2008-02-03 19:10 27,240 --a------ C:\Users\Niko\AppData\Roaming\nvModes.dat
    2008-01-21 18:11 . 2008-01-21 18:12 <REP> d-------- C:\Program Files\shinrose
    2008-01-21 15:32 . 2008-01-21 15:32 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2008-01-21 15:32 . 2008-01-21 15:32 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-01-21 15:32 . 2008-01-21 15:32 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-21 15:32 . 2008-01-21 15:32 216,760 --a------ C:\Windows\System32\drivers\netio.sys
    2008-01-21 15:32 . 2008-01-21 15:32 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-01-21 15:32 . 2008-01-21 15:32 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-01-21 15:32 . 2008-01-21 15:32 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-01-21 15:32 . 2008-01-21 15:32 7,680 --a------ C:\Windows\System32\spwmp.dll
    2008-01-21 15:32 . 2008-01-21 15:32 4,096 --a------ C:\Windows\System32\msdxm.ocx
    2008-01-21 15:32 . 2008-01-21 15:32 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2008-01-21 15:31 . 2008-01-21 15:31 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-21 15:31 . 2008-01-21 15:31 1,686,016 --a------ C:\Windows\System32\gameux.dll
    2008-01-21 15:31 . 2008-01-21 15:31 1,327,104 --a------ C:\Windows\System32\quartz.dll
    2008-01-21 15:26 . 2008-01-21 15:26 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
    2008-01-21 15:26 . 2008-01-21 15:26 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
    2008-01-21 15:26 . 2008-01-21 15:26 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
    2008-01-21 15:26 . 2008-01-21 15:26 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
    2008-01-21 15:25 . 2008-01-21 15:25 788,992 --a------ C:\Windows\System32\rpcrt4.dll
    2008-01-21 15:23 . 2008-01-21 15:23 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-21 15:23 . 2008-01-21 15:23 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-01-21 15:23 . 2008-01-21 15:23 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-01-21 15:23 . 2008-01-21 15:23 2,048 --a------ C:\Windows\System32\tzres.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-04 10:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-04 10:17 --------- d-----w C:\PROGRA~2\Symantec
    2008-02-03 11:37 --------- d-----w C:\Program Files\CyberLink
    2008-02-03 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-03 11:36 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-31 16:01 --------- d-----w C:\Program Files\HDReg
    2008-01-28 23:58 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-01-27 14:17 --------- d-----w C:\PROGRA~2\CyberLink
    2008-01-23 23:02 --------- d-----w C:\Program Files\Packard Bell
    2008-01-21 14:34 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-21 14:34 --------- d-----w C:\Program Files\Windows Mail
    2008-01-21 14:33 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-21 14:33 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-01-21 14:33 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-01-21 14:33 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-01-21 14:33 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-01-21 14:33 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-01-21 14:33 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2008-01-21 14:33 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2008-01-21 14:33 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2008-01-21 14:33 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2008-01-21 14:33 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2008-01-21 14:33 2,923,520 ----a-w C:\Windows\explorer.exe
    2008-01-21 14:33 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-01-21 14:33 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2008-01-21 14:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-21 14:31 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-21 14:31 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-21 14:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-21 14:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-21 14:30 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-21 14:30 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-21 14:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-01-21 14:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-21 14:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-21 14:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-01-21 14:30 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
    2008-01-21 14:30 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-01-21 14:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-01-21 14:30 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-01-21 14:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-21 14:29 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-01-21 14:29 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-01-21 14:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-01-21 14:29 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-01-21 14:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-21 14:16 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-01-21 14:16 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-01-21 14:11 --------- d-----w C:\PROGRA~2\Sonic
    2008-01-21 14:09 --------- d-----w C:\Program Files\Picasa2
    2008-01-21 13:30 --------- d-----w C:\PROGRA~2\Skype
    2008-01-21 13:20 --------- d-----w C:\Program Files\Intel
    2008-01-21 13:15 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Modèles
    2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
    2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Favoris
    2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Bureau
    2006-03-10 04:41 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-03-10 14:16 1006264]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 22:36 36864]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 23:40 857648]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 21:19 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 21:19 8478720]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 21:19 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [ ]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 13:38]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 14:45]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-07 13:00:00 C:\Windows\Tasks\Extension de garantie.job"
    - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
    "2008-02-07 13:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
    - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-07 15:22:08
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-07 15:22:44
    ComboFix-quarantined-files.txt 2008-02-07 14:22:42
    .
    2008-02-05 20:51:27 --- E O F ---

    et pour finir le log HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:14:38, on 08/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Niko\AppData\Local\Temp\Rar$EX00.716\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu peux fixer ces lignes (fix cheked)

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    ____________

    refais pour verifeir otmovit

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Users\Niko\AppData\Local\Temp\ddcdd.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ______________________

    encore des alertes avast? que donne le scan en ligne?
    0
  7. Legreco Messages postés 3 Statut Membre
     
    Voilà le result de MoveIT, et merci encore!!!
    Comment faire aussi pour être sûr que mon PC n'a plus de Trojan et autres virus???

    DllUnregisterServer procedure not found in C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
    C:\Users\Niko\AppData\Local\Temp\ddcdd.dll NOT unregistered.
    C:\Users\Niko\AppData\Local\Temp\ddcdd.dll moved successfully.

    Created on 02/08/2008 17:05:27
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    supprime ce qui est dans le dossier moved files en allant dans poste de travail puis
    C:\_OTMoveIt\MovedFiles

    ______________

    pour verifier
    analyse avec ton antivirus et

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0