Sujet Précédent Sujet Suivant

AIDE SVP infecté par Win32:Vundo@dll [Trj]

Résolu/Fermé
ludo3815 Messages postés 32 Date d'inscription jeudi 22 mai 2008 Statut Membre Dernière intervention 6 avril 2009 - 22 mai 2008 à 19:05
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 26 mai 2008 à 20:53
Bonjour,
je suis infecté depuis peux de temps par Win32:Vundo@dll [Trj], j'ai déjà essayé de téléchargé Vundofix mais il ne trouve rien, et pourtant avec avast il m'en trouve plusieurs, pourquoi je ne sais pas.
Voici le log fais avec Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:54, on 22/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Users\Ludovic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECD7WPAM\VundoFix[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ludovic\Documents\Logiciel\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\gEWOiHBu.dll,#1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

13 réponses

Réponse 1 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mai 2008 à 19:07
slt



virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_________________

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
ludo3815 Messages postés 32 Date d'inscription jeudi 22 mai 2008 Statut Membre Dernière intervention 6 avril 2009
22 mai 2008 à 19:22
voici le rapport


[05/22/2008, 19:21:20] - VirtumundoBeGone v1.5 ( "C:\Users\Ludovic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECD7WPAM\VirtumundoBeGone[1].exe" )
[05/22/2008, 19:21:35] - Detected System Information:
[05/22/2008, 19:21:35] - Windows Version: 6.0.6000,
[05/22/2008, 19:21:35] - Current Username: Ludovic (Admin)
[05/22/2008, 19:21:35] - Windows is in NORMAL mode.
[05/22/2008, 19:21:35] - Searching for Browser Helper Objects:
[05/22/2008, 19:21:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/22/2008, 19:21:35] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/22/2008, 19:21:35] - BHO 3: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[05/22/2008, 19:21:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 19:21:35] - No filename found. Continuing.
[05/22/2008, 19:21:35] - BHO 4: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[05/22/2008, 19:21:35] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/22/2008, 19:21:35] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/22/2008, 19:21:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/22/2008, 19:21:35] - No filename found. Continuing.
[05/22/2008, 19:21:35] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/22/2008, 19:21:35] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/22/2008, 19:21:35] - Finished Searching Browser Helper Objects
[05/22/2008, 19:21:35] - Finishing up...
[05/22/2008, 19:21:35] - Nothing found! Exiting...
0
Réponse 2 / 13
Utilisateur anonyme
22 mai 2008 à 19:07
va dans update et faitchercher ton crob et apres fait le lavage de la machine
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mai 2008 à 19:08
en français cela donne quoi?
0
Réponse 3 / 13
Utilisateur anonyme
22 mai 2008 à 19:13
va chercher le logiciel de avast cleaner outil desinfectant version 1.0.211 fait le menage et apres tu verras
0
Réponse 4 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mai 2008 à 19:15
il a déjà avast!

C:\Program Files\Alwil Software\Avast4\ashDisp.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
ludo3815 Messages postés 32 Date d'inscription jeudi 22 mai 2008 Statut Membre Dernière intervention 6 avril 2009
22 mai 2008 à 19:47
voicii le rapport de combofix dites moi si tout est bon ?

ComboFix 08-05-21.2 - Ludovic 2008-05-22 19:26:42.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1217 [GMT 1:00]
Endroit: C:\Users\Ludovic\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\efcBrOiJ.dll
C:\Windows\system32\efcDTKcC.dll
C:\Windows\system32\geBtRLee.dll
C:\Windows\system32\jusched.exe
C:\Windows\system32\nnnKBSmK.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

2008-05-22 18:33 . 2008-05-22 18:33 <REP> d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-05-22 17:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\System32\d3dx9_26.dll
2008-05-22 16:57 . 2008-05-22 16:57 <REP> d-------- C:\WINDOWS\Sun
2008-05-22 16:38 . 2008-05-22 16:38 1,037 --a------ C:\WINDOWS\System32\sdbackup.reg
2008-05-22 16:24 . 2008-05-22 17:36 <REP> d-------- C:\Program Files\EA GAMES
2008-05-22 16:24 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\System32\vp6vfw.dll
2008-05-22 16:14 . 2008-05-22 16:14 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-22 16:09 . 2008-05-22 16:09 717,296 --a------ C:\WINDOWS\System32\drivers\sptd.sys
2008-05-22 16:08 . 2008-05-22 16:08 <REP> d-------- C:\Users\Ludovic\AppData\Roaming\DAEMON Tools
2008-05-22 15:37 . 2008-05-22 16:03 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-22 15:23 . 2008-05-22 15:38 <REP> d-------- C:\Users\All Users\Lavasoft
2008-05-22 15:23 . 2008-05-22 15:38 <REP> d-------- C:\ProgramData\Lavasoft
2008-05-22 15:10 . 2008-05-22 15:10 <REP> d-------- C:\Users\All Users\IncrediMail
2008-05-22 15:10 . 2008-05-22 15:11 <REP> d-------- C:\Users\All Users\IM
2008-05-22 15:10 . 2008-05-22 15:10 <REP> d-------- C:\ProgramData\IncrediMail
2008-05-22 15:10 . 2008-05-22 15:11 <REP> d-------- C:\ProgramData\IM
2008-05-22 15:10 . 2008-05-22 15:10 <REP> d-------- C:\Program Files\IncrediMail
2008-05-21 23:12 . 2008-05-21 23:12 <REP> d-------- C:\Users\Chantal\AppData\Roaming\Hewlett-Packard
2008-05-21 21:49 . 2008-05-21 21:49 268 --ah----- C:\sqmdata02.sqm
2008-05-21 21:49 . 2008-05-21 21:49 244 --ah----- C:\sqmnoopt02.sqm
2008-05-21 21:43 . 2008-05-22 16:27 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-21 21:43 . 2008-05-22 16:27 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-21 21:43 . 2008-05-22 16:18 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-21 21:40 . 2008-05-21 21:40 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-05-21 21:40 . 2008-05-21 21:40 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-05-21 21:40 . 2008-05-21 21:40 268 --ah----- C:\sqmdata01.sqm
2008-05-21 21:40 . 2008-05-21 21:40 244 --ah----- C:\sqmnoopt01.sqm
2008-05-21 21:35 . 2008-05-21 21:35 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-05-21 21:35 . 2008-05-21 21:35 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-05-21 21:32 . 2008-05-21 21:32 3,505,720 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-05-21 21:32 . 2008-05-21 21:32 3,471,928 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-05-21 21:32 . 2008-05-21 21:32 211,000 --a------ C:\WINDOWS\System32\drivers\volsnap.sys
2008-05-21 21:32 . 2008-05-21 21:32 154,624 --a------ C:\WINDOWS\System32\drivers\nwifi.sys
2008-05-21 21:32 . 2008-05-21 21:32 109,624 --a------ C:\WINDOWS\System32\drivers\ataport.sys
2008-05-21 21:32 . 2008-05-21 21:32 45,112 --a------ C:\WINDOWS\System32\drivers\pciidex.sys
2008-05-21 21:32 . 2008-05-21 21:32 21,560 --a------ C:\WINDOWS\System32\drivers\atapi.sys
2008-05-21 21:32 . 2008-05-21 21:32 17,464 --a------ C:\WINDOWS\System32\drivers\intelide.sys
2008-05-21 21:31 . 2008-05-21 21:31 1,327,104 --a------ C:\WINDOWS\System32\quartz.dll
2008-05-21 21:31 . 2008-05-21 21:31 806,400 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-05-21 21:31 . 2008-05-21 21:31 217,144 --a------ C:\WINDOWS\System32\drivers\netio.sys
2008-05-21 21:31 . 2008-05-21 21:31 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll
2008-05-21 21:31 . 2008-05-21 21:31 24,064 --a------ C:\WINDOWS\System32\netcfg.exe
2008-05-21 21:31 . 2008-05-21 21:31 22,016 --a------ C:\WINDOWS\System32\netiougc.exe
2008-05-21 21:30 . 2008-05-21 21:30 <REP> d-------- C:\Users\Sandra\AppData\Roaming\Hewlett-Packard
2008-05-21 21:25 . 2008-05-21 21:25 1,585,664 --a------ C:\WINDOWS\System32\setupapi.dll
2008-05-21 21:23 . 2008-05-21 21:23 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys
2008-05-21 21:22 . 2008-05-21 21:22 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-05-21 21:22 . 2008-05-21 21:22 1,686,528 --a------ C:\WINDOWS\System32\gameux.dll
2008-05-21 21:22 . 2008-05-21 21:22 296,448 --a------ C:\WINDOWS\System32\gdi32.dll
2008-05-21 21:22 . 2008-05-21 21:22 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2008-05-21 21:22 . 2008-05-21 21:22 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2008-05-21 21:22 . 2008-05-21 21:22 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2008-05-21 21:21 . 2008-05-21 21:21 11,776 --a------ C:\WINDOWS\System32\sbunattend.exe
2008-05-21 21:20 . 2008-05-21 21:20 84,480 --a------ C:\WINDOWS\System32\dnsrslvr.dll
2008-05-21 21:20 . 2008-05-21 21:20 24,576 --a------ C:\WINDOWS\System32\dnscacheugc.exe
2008-05-21 21:17 . 2008-05-22 19:09 <REP> d-------- C:\Users\Ludovic\AppData\Roaming\uTorrent
2008-05-21 21:17 . 2008-05-21 21:17 <REP> d-------- C:\Program Files\uTorrent
2008-05-21 21:16 . 2008-05-21 21:16 130,048 --a------ C:\WINDOWS\System32\drivers\srv2.sys
2008-05-21 21:16 . 2008-05-21 21:16 101,888 --a------ C:\WINDOWS\System32\drivers\mrxsmb.sys
2008-05-21 21:16 . 2008-05-21 21:16 84,992 --a------ C:\WINDOWS\System32\drivers\srvnet.sys
2008-05-21 21:16 . 2008-05-21 21:16 58,368 --a------ C:\WINDOWS\System32\drivers\mrxsmb20.sys
2008-05-21 21:15 . 2008-05-21 21:15 826,368 --a------ C:\WINDOWS\System32\wininet.dll
2008-05-21 21:13 . 2008-05-21 21:13 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-21 21:11 . 2008-05-21 21:11 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-05-21 21:07 . 2008-05-21 21:07 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-05-21 20:24 . 2008-05-21 20:24 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-21 20:23 . 2008-05-21 20:23 268 --ah----- C:\sqmdata00.sqm
2008-05-21 20:23 . 2008-05-21 20:23 244 --ah----- C:\sqmnoopt00.sqm
2008-05-21 20:12 . 2008-05-21 20:21 <REP> d-------- C:\Program Files\Windows Live
2008-05-21 20:12 . 2008-05-21 20:21 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-21 20:11 . 2008-05-21 20:11 <REP> d-------- C:\Users\All Users\WLInstaller
2008-05-21 20:11 . 2008-05-21 20:11 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-21 20:10 . 2008-05-21 20:10 <REP> d-------- C:\Users\All Users\Google
2008-05-21 20:09 . 2008-05-21 21:10 <REP> d-------- C:\Users\All Users\Google Updater
2008-05-21 20:09 . 2008-05-21 21:10 <REP> d-------- C:\ProgramData\Google Updater
2008-05-21 19:08 . 2008-05-21 19:08 <REP> d-------- C:\Users\All Users\CheckPoint
2008-05-21 19:08 . 2008-05-21 19:08 <REP> d-------- C:\ProgramData\CheckPoint
2008-05-21 19:08 . 2008-05-21 19:08 <REP> d-------- C:\Program Files\Zone Labs
2008-05-21 19:07 . 2008-05-21 19:08 <REP> d-------- C:\WINDOWS\System32\ZoneLabs
2008-05-21 19:07 . 2008-05-22 19:34 352,615 --ah----- C:\WINDOWS\System32\drivers\vsconfig.xml
2008-05-21 19:07 . 2008-03-03 15:06 279,440 --------- C:\WINDOWS\System32\drivers\vsdatant.sys
2008-05-21 19:07 . 2008-05-16 00:18 50,768 --a------ C:\WINDOWS\System32\drivers\aswMonFlt.sys
2008-05-21 19:06 . 2008-05-22 19:35 <REP> d-------- C:\WINDOWS\Internet Logs
2008-05-21 19:06 . 2008-05-21 19:06 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-05-21 19:06 . 2008-05-21 19:06 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll
2008-05-21 19:06 . 2008-05-21 19:06 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-05-21 19:06 . 2008-05-21 19:06 43,352 --a------ C:\WINDOWS\System32\wups2.dll
2008-05-21 18:55 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\System32\msonpmon.dll
2008-05-21 18:52 . 2008-05-21 18:52 <REP> d-------- C:\WINDOWS\PCHEALTH
2008-05-21 18:52 . 2008-05-21 18:52 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-21 18:50 . 2008-05-21 18:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-21 18:49 . 2008-05-21 21:38 <REP> d-------- C:\Users\All Users\Microsoft Help
2008-05-21 18:49 . 2008-05-21 21:38 <REP> d-------- C:\ProgramData\Microsoft Help
2008-05-21 18:46 . 2008-05-21 18:46 <REP> dr-h----- C:\MSOCache
2008-05-21 18:44 . 2008-05-21 18:44 <REP> d-------- C:\Program Files\CCleaner
2008-05-21 18:44 . 2008-05-21 18:44 <REP> d-------- C:\Program Files\Alwil Software
2008-05-21 18:43 . 2006-12-15 22:19 897,024 --a------ C:\WINDOWS\System32\hpotiop1.dll
2008-05-21 18:43 . 2006-12-15 22:19 675,840 --a------ C:\WINDOWS\System32\hpowiav1.dll
2008-05-21 18:43 . 2006-12-15 22:19 303,104 --a------ C:\WINDOWS\System32\hpovst01.dll
2008-05-21 18:42 . 2006-12-29 09:57 117,760 --a------ C:\WINDOWS\System32\hpz3l4v2.dll
2008-05-21 18:41 . 2008-05-21 18:41 <REP> d-------- C:\Users\All Users\Adobe Systems
2008-05-21 18:41 . 2008-05-21 18:41 <REP> d-------- C:\ProgramData\Adobe Systems
2008-05-21 18:40 . 2008-05-21 18:40 <REP> d-------- C:\Users\Ludovic\All Users
2008-05-21 18:38 . 2008-05-21 18:38 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-21 18:36 . 2008-05-21 18:36 <REP> d-------- C:\Users\All Users\Acronis
2008-05-21 18:36 . 2008-05-21 18:36 <REP> d-------- C:\ProgramData\Acronis
2008-05-21 18:36 . 2008-05-21 18:36 441,760 --a------ C:\WINDOWS\System32\drivers\timntr.sys
2008-05-21 18:36 . 2008-05-21 18:36 368,736 --a------ C:\WINDOWS\System32\drivers\tdrpman.sys
2008-05-21 18:36 . 2008-05-21 18:36 129,248 --a------ C:\WINDOWS\System32\drivers\snapman.sys
2008-05-21 18:36 . 2008-05-21 18:36 44,384 --a------ C:\WINDOWS\System32\drivers\tifsfilt.sys
2008-05-21 18:35 . 2008-05-21 18:36 <REP> d-------- C:\Program Files\Common Files\Acronis
2008-05-21 18:35 . 2008-05-21 18:35 <REP> d-------- C:\Program Files\Acronis
2008-05-21 18:33 . 2008-05-22 16:07 <REP> d-------- C:\Users\Ludovic\AppData\Roaming\Ahead
2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\Users\All Users\Ahead
2008-05-21 18:33 . 2008-05-21 18:33 <REP> d-------- C:\ProgramData\Ahead
2008-05-21 18:32 . 2008-05-21 18:32 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-05-21 18:28 . 2008-05-21 18:28 <REP> d-------- C:\Program Files\VideoLAN
2008-05-21 18:28 . 2008-05-21 18:28 <REP> d-------- C:\Program Files\UltraDefrag
2008-05-21 18:28 . 2008-05-21 18:28 <REP> d-------- C:\Program Files\TubeMaster
2008-05-21 18:27 . 2008-05-21 18:27 <REP> d-------- C:\Program Files\MSN BackUp
2008-05-21 18:27 . 2008-05-21 18:27 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-21 18:27 . 2008-05-22 19:21 <REP> d-------- C:\Program Files\Eraser
2008-05-21 18:27 . 2008-05-21 18:27 3,476 --a------ C:\WINDOWS\mozver.dat
2008-05-21 18:26 . 2008-05-21 18:26 <REP> d-------- C:\Program Files\Radio Fr Solo
2008-05-21 18:26 . 2008-05-21 21:10 <REP> d-------- C:\Program Files\Picasa2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 16:42 --------- d-----w C:\Program Files\Microsoft Games
2008-05-22 15:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-21 21:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-21 21:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-21 20:37 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-21 20:37 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-21 20:37 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-21 20:24 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-21 20:24 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-21 20:24 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-21 20:24 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-21 20:24 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-21 20:24 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-21 20:24 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-21 20:24 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-05-21 20:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-21 20:22 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-21 20:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-21 20:22 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-21 20:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-21 20:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-21 17:54 --------- d-----w C:\ProgramData\WildTangent
2008-05-21 17:53 --------- d-----w C:\Program Files\MSBuild
2008-05-21 17:53 --------- d-----w C:\Program Files\Microsoft Works
2008-05-21 17:48 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-05-21 17:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 17:13 --------- d-----w C:\ProgramData\Symantec
2008-05-21 16:59 --------- d-sh--w C:\ProgramData\Modèles
2008-05-21 16:59 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-21 16:59 --------- d-sh--w C:\ProgramData\Favoris
2008-05-21 16:59 --------- d-sh--w C:\ProgramData\Documents
2008-05-21 16:59 --------- d-sh--w C:\ProgramData\Bureau
2008-05-21 16:59 --------- d-sh--w C:\ProgramData\Application Data
2008-05-21 16:59 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-07 21:57 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-21 21:21 1232896]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2003-07-25 11:15 536576]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-21 20:09 68856]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-05-18 19:44 243072]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 10:39 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 07:26 1006264]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 14:52 4702208 C:\WINDOWS\RtHDVCpl.exe]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 17:01 2620336]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 17:36 904880]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-07 17:08 140568]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Users\Ludovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 16:01 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1160770533-2116503048-2882012982-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F8D4CCCB-1626-45AE-8D7E-7581943CC359}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{051F7D88-3D8F-4F83-833D-B9496D70F680}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BAA57561-F094-4939-9E5C-05699F02FC7C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{76AEFEAB-5413-4431-BA18-BF2A686DB56C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{195BAC5B-A2E4-46DD-BF07-CD44EC99A88C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B66C0FB8-444D-4FF3-AA5E-09C96088C437}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4DA716B4-A811-431A-9EC2-89520C266D89}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B47529E4-C1A3-41A2-9A3E-01ABD7B8173D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{ECE29975-3334-4BB3-8EDD-B1622FD8468C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F79478BF-777E-4B72-A328-6EEFD1A3F9C5}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{B4945324-29D9-42CC-83DE-861259445F21}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{59D20CA1-A756-4560-8CFC-8F005D7FE7B2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{50D6BB02-CE81-4C32-BF00-8CBEC1E15025}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{66F7BA51-8387-4F63-990F-AF8549DA1365}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{2EC9DB9C-D3B2-446D-9DE9-573748A004FD}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5B251F92-CE5E-4DBD-A675-21B48D3F18A9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6EB0809D-EB4D-45B0-AF3C-8956CC468B8F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{A1744227-94EF-459F-B489-D4D5F3C7A6FA}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5873A7D6-C31D-439C-A5A0-E8D14EFA876C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-05-21 18:36]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-14 23:16]
S3 ultradfg;ultradfg;C:\Windows\system32\DRIVERS\ultradfg.sys [2007-10-08 10:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bd088f-2811-11dd-ae11-001e907216c5}]
\shell\AutoRun\command - J:\Autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 19:36:03
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\Ludovic\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1201 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\urlmon.dll
-> ?:\Program Files\IncrediMail\bin\B4ImApp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\audiodg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\schtasks.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\hp\KBD\kbd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-22 19:43:59 - machine was rebooted [Ludovic]
ComboFix-quarantined-files.txt 2008-05-22 18:43:48

Pre-Run: 262,198,046,720 octets libres
Post-Run: 263,205,097,472 octets libres

321 --- E O F --- 2008-05-22 15:50:52
0
Réponse 6 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mai 2008 à 19:54
utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

___________________


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 7 / 13
ludo3815
22 mai 2008 à 20:03
voila le rapport merci de me dire ou sa en est :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:52, on 22/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\hp\kbd\kbd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\hijackthis\Eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
0
Réponse 8 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mai 2008 à 20:19
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

________
vire combofix, vundofix et virtubeogone

de ton ordi




encore des problèmes????

si non c'est finit pour toi



si oui:


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 9 / 13
ludo3815 Messages postés 32 Date d'inscription jeudi 22 mai 2008 Statut Membre Dernière intervention 6 avril 2009
23 mai 2008 à 23:03
Merci beaucoup, j'ai fais plusierus scan avec divers antivirus et il me trouve plus rien.
Sa a du fonctionner.
Merci encore
0
Réponse 10 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
24 mai 2008 à 13:33
ok parfait bonne continuation
0
Réponse 11 / 13
wil87
26 mai 2008 à 19:21
Slts, je suis infesté depuis prés d'une semaine par Win32:Vundo@dll [Trj]
g téléchargé avast et ça ne done rien.
Merci de bien vouloir m'aider car c pas cool.
0
Réponse 12 / 13
guigui
26 mai 2008 à 20:15
Bonjour à tous!

Depuis peu je me retrouve infesté par le meme virus! J'ai donc fait un rapport avec Hijackthis et voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:57, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Guillaume\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GUILLA~1\AppData\Local\Temp\hgGwXqNF.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\GUILLA~1\AppData\Local\Temp\pmNgfGvW.dll,c
O4 - HKCU\..\Run: [f02d8ad7] rundll32.exe "C:\Users\GUILLA~1\AppData\Local\Temp\gytlypqb.dll",b
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
0
Réponse 13 / 13
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
26 mai 2008 à 20:53
slt pour virer ce virus créer votre propre post et n'allez pas dans celui d'un autre! Expliquez votre problème . Collez y un rapport combofix et hijackthis. Bonne suite
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses