Win32:Vundo@dll [Trj]

Résolu
Ned' Messages postés 31 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

J'ai un virus et je ne sais comment m'en débarrasser, le virus revient sans arrêt sur avast, et même quand je le supprime il revient ..

Le virus est "Win32:Vundo@dll [Trj]"

Pouvez-vous m'aidez a la supprimer ?

Merci A+
Configuration: Windows Vista
Firefox 2.0.0.14

22 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    ___________________
    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    ___________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  2. Ned' Messages postés 31 Statut Membre 2
     
    Merci de m'aidé :)

    Une fois le scan fini avec Vundo, il me marque que je n'ai rien mais pas de Remove Vundo :s
    0
  3. Ned' Messages postés 31 Statut Membre 2
     
    VundoFix V7.0.5

    Scan started at 21:29:17 02/06/2008

    Listing files found while scanning....

    No infected files were found.

    --------------------------------------------------------

    [06/02/2008, 21:52:42] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
    [06/02/2008, 21:52:51] - Detected System Information:
    [06/02/2008, 21:52:51] - Windows Version: 6.0.6000,
    [06/02/2008, 21:52:51] - Current Username: PIPPO (Admin)
    [06/02/2008, 21:52:51] - Windows is in NORMAL mode.
    [06/02/2008, 21:52:51] - Searching for Browser Helper Objects:
    [06/02/2008, 21:52:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [06/02/2008, 21:52:51] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [06/02/2008, 21:52:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/02/2008, 21:52:51] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [06/02/2008, 21:52:51] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/02/2008, 21:52:51] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/02/2008, 21:52:51] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
    [06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/02/2008, 21:52:51] - No filename found. Continuing.
    [06/02/2008, 21:52:51] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
    [06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/02/2008, 21:52:51] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
    [06/02/2008, 21:52:51] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
    [06/02/2008, 21:52:51] - Finished Searching Browser Helper Objects
    [06/02/2008, 21:52:51] - Finishing up...
    [06/02/2008, 21:52:51] - Nothing found! Exiting...

    [06/02/2008, 21:53:15] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
    [06/02/2008, 21:53:18] - Detected System Information:
    [06/02/2008, 21:53:18] - Windows Version: 6.0.6000,
    [06/02/2008, 21:53:18] - Current Username: PIPPO (Admin)
    [06/02/2008, 21:53:18] - Windows is in NORMAL mode.
    [06/02/2008, 21:53:18] - Searching for Browser Helper Objects:
    [06/02/2008, 21:53:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [06/02/2008, 21:53:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [06/02/2008, 21:53:18] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/02/2008, 21:53:18] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [06/02/2008, 21:53:18] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/02/2008, 21:53:18] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/02/2008, 21:53:18] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
    [06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/02/2008, 21:53:18] - No filename found. Continuing.
    [06/02/2008, 21:53:18] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
    [06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/02/2008, 21:53:18] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
    [06/02/2008, 21:53:18] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
    [06/02/2008, 21:53:18] - Finished Searching Browser Helper Objects
    [06/02/2008, 21:53:19] - Finishing up...
    [06/02/2008, 21:53:19] - Nothing found! Exiting...

    [06/02/2008, 22:06:01] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone(2).exe" )
    [06/02/2008, 22:06:03] - Detected System Information:
    [06/02/2008, 22:06:03] - Windows Version: 6.0.6000,
    [06/02/2008, 22:06:03] - Current Username: PIPPO (Admin)
    [06/02/2008, 22:06:03] - Windows is in NORMAL mode.
    [06/02/2008, 22:06:03] - Searching for Browser Helper Objects:
    [06/02/2008, 22:06:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [06/02/2008, 22:06:03] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [06/02/2008, 22:06:03] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/02/2008, 22:06:03] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [06/02/2008, 22:06:03] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/02/2008, 22:06:03] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/02/2008, 22:06:03] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
    [06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/02/2008, 22:06:03] - No filename found. Continuing.
    [06/02/2008, 22:06:03] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
    [06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/02/2008, 22:06:03] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
    [06/02/2008, 22:06:03] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
    [06/02/2008, 22:06:03] - Finished Searching Browser Helper Objects
    [06/02/2008, 22:06:03] - Finishing up...
    [06/02/2008, 22:06:03] - Nothing found! Exiting...

    ---------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03:10, on 02/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
    O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok vire ce qui est dans la sauvegarde de spybot

    ______________

    refais hijakchtis en le renommant comme indiqué cette fois
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Ned' Messages postés 31 Statut Membre 2
     
    Comment on fait ?
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu lance spybot puis tu vas dans quarantaine/sauvegarde et tu vire ce qui est dedans

    puis

    colle un rapport hijackthis

    manuel :
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  8. Ned' Messages postés 31 Statut Membre 2
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:40:06, on 02/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
    O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu n'as pas viré ce qui est en quarantaine dans SPYBOT ( vire ce qui est dans la sauvegarde!!!!))

    ____________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    [si je suspecte une infection bagle, j'ajoute :

    sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ____________
    0
  10. Ned' Messages postés 31 Statut Membre 2
     
    J'ai bien supprimé dans "Sauvegardes" dans Spybot pourtant
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    non je pense pas , car encore dans hijakchits
    0
  12. Ned' Messages postés 31 Statut Membre 2
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:52:25, on 02/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\explorer.exe
    C:\Hijackthis\eden.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
    O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    0
  13. Ned' Messages postés 31 Statut Membre 2
     
    J'ai désinstaller spybot et reinstaller et fait l'analyse Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:15:06, on 02/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Hijackthis\eden.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
    O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\iifgDUoP.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifgDUoP.dll,#1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon pour spybot tu avais quelle version?

    ________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  15. Ned' Messages postés 31 Statut Membre 2
     
    ComboFix 08-06-01.6 - PIPPO 2008-06-02 23:26:02.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1338 [GMT 2:00]
    Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\uusee
    C:\Program Files\uusee\AD\UUAD_Banner.gif
    C:\Program Files\uusee\AD\UUAD_Banner.html
    C:\Program Files\uusee\AD\UUAD_Banner_1.html
    C:\Program Files\uusee\AD\UUAD_Banner_3.html
    C:\Program Files\uusee\AD\UUAD_Buffering.html
    C:\Program Files\uusee\AD\UUAD_Buffering.jpg
    C:\Program Files\uusee\AD\UUAD_TextLink_0.xml
    C:\Program Files\uusee\bass-plugins.exe
    C:\Program Files\uusee\skins\UUPlayer\About.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
    C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
    C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
    C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
    C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
    C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
    C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
    C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
    C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
    C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
    C:\Program Files\uusee\skins\UUPlayer\Resource.h
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Thumbs.db
    C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
    C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
    C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
    C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
    C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
    C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
    C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
    C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
    C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
    C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
    C:\Program Files\uusee\uninstuusee.exe
    C:\Program Files\uusee\UUPlayer.dll
    C:\Program Files\uusee\UUPlayer_update.ini
    C:\Program Files\uusee\UUSee.url
    C:\Program Files\uusee\UUSeePlayer.exe
    C:\Program Files\uusee\UUTV_MY.xml
    C:\Program Files\uusee\UUTV_UUPlayer.xml
    C:\ProgramData\Microsoft\Windows\Start Menu\UUSEE~1.LNK
    C:\Windows\system32\fjmmdkls.ini
    C:\Windows\System32\gggikUvw.ini
    C:\Windows\System32\gggikUvw.ini2
    C:\Windows\system32\goaucuka.ini
    C:\Windows\System32\HgQWEfhk.ini
    C:\Windows\System32\HgQWEfhk.ini2
    C:\Windows\system32\jvmpbvoi.ini
    C:\Windows\System32\LVGOnnnn.ini
    C:\Windows\System32\LVGOnnnn.ini2
    C:\Windows\System32\mlnmnqss.ini
    C:\Windows\System32\mlnmnqss.ini2
    C:\Windows\System32\ncxmfchp.ini
    C:\Windows\system32\odqksvpb.ini
    C:\Windows\System32\qojeuslg.ini
    C:\Windows\System32\SCbayGgh.ini
    C:\Windows\System32\SCbayGgh.ini2
    C:\Windows\System32\snlrmctd.ini
    C:\Windows\System32\tccptime.ini
    C:\Windows\System32\VxyHPrqr.ini
    C:\Windows\System32\VxyHPrqr.ini2
    C:\Windows\System32\wleqrgty.ini
    C:\Windows\System32\yJiQAKkj.ini
    C:\Windows\System32\yJiQAKkj.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-02 23:31 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\ssqOICVN.dll
    2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
    2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
    2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
    2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
    2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
    2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
    2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
    2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
    2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
    2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
    2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
    2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
    2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
    2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
    2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
    2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
    2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
    2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
    2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
    2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
    2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
    2008-05-04 13:52 --------- d-----w C:\Program Files\Google
    2008-05-03 03:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
    2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
    2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
    2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
    2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
    2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
    2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
    2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
    2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
    2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
    2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
    2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
    2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
    2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
    2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
    2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
    2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
    2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
    2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
    2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
    2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
    2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
    2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
    2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
    2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
    2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
    2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
    2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
    2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
    2008-05-16 21:24 29824 --a------ C:\Windows\system32\ssqOICVN.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSServer"="C:\Windows\system32\ssqOICVN.dll" [2008-05-16 21:24 29824]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\ssqOICVN.dll [2008-05-16 21:24 29824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    "Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "VX1000"=C:\Windows\vVX1000.exe
    "WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
    "WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    "NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
    "UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
    "{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
    "{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
    "TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
    "UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
    "{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
    "{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
    "TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
    "UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
    "TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
    "{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
    "{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
    "{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
    "TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
    R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
    R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
    S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
    S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    GPSvcGroup REG_MULTI_SZ GPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
    \shell\AutoRun\command - E:\autorun_PES2008.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-02 21:30:39 C:\Windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-02 23:31:30
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\system32\winlogon.exe
    -> C:\Windows\system32\ssqOICVN.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\nvvsvc.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\PnkBstrA.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-02 23:35:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-02 21:33:48

    Pre-Run: 204,932,050,944 octets libres
    Post-Run: 204,976,893,952 octets libres

    432 --- E O F --- 2008-05-30 19:21:28
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Windows\system32\ssqOICVN.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis ET DIS TES SOUCIS ACTUELS

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  17. Ned' Messages postés 31 Statut Membre 2
     
    ComboFix 08-06-01.6 - PIPPO 2008-06-03 13:09:36.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1341 [GMT 2:00]
    Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
    Command switches used :: C:\Users\PIPPO\Desktop\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\system32\ssqOICVN.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\vturpOhg.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-03 13:03 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\awttRjHX.dll
    2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
    2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
    2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
    2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
    2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
    2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
    2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
    2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
    2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
    2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
    2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
    2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
    2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
    2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
    2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
    2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
    2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
    2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
    2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
    2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-15 13:31 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
    2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
    2008-05-04 13:52 --------- d-----w C:\Program Files\Google
    2008-04-30 15:27 442,368 ----a-w C:\Windows\System32\NVUNINST.EXE
    2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-04-23 14:29 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
    2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
    2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
    2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
    2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
    2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
    2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
    2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
    2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
    2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
    2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
    2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
    2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
    2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
    2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
    2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
    2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
    2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
    2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
    2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
    2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
    2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
    2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
    2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
    2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
    2008-03-31 19:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
    2008-03-27 18:42 37,888 ----a-w C:\Windows\System32\rar.exe
    2008-03-26 23:32 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
    2008-03-26 23:28 233,888 ----a-w C:\Windows\System32\DreamScene.dll
    2008-03-26 23:28 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
    2008-03-26 23:26 229,888 ----a-w C:\Windows\System32\msshsq.dll
    2008-03-26 23:25 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
    2008-03-26 23:24 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
    2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
    2008-03-26 19:09 87,040 ----a-w C:\Windows\System32\msoert2.dll
    2008-03-26 19:09 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
    2008-03-26 19:09 205,824 ----a-w C:\Windows\System32\msoeacct.dll
    2008-03-26 19:08 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-03-26 19:08 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-03-26 19:08 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-03-26 19:08 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-03-26 19:08 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-03-26 19:08 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-03-26 19:08 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2008-03-26 19:08 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
    2008-03-26 19:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-03-26 19:06 49,664 ----a-w C:\Windows\System32\csrsrv.dll
    2008-03-26 19:06 376,320 ----a-w C:\Windows\System32\winsrv.dll
    2008-03-26 19:03 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2008-03-26 19:02 414,208 ----a-w C:\Windows\System32\msscp.dll
    2008-03-26 19:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-03-26 19:01 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-03-26 19:01 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-03-26 19:01 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-03-26 19:00 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2008-03-26 19:00 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2008-03-26 19:00 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2008-03-26 19:00 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2008-03-26 19:00 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
    2008-03-26 19:00 16,896 ----a-w C:\Windows\System32\wfapigp.dll
    2008-03-26 18:59 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-03-26 18:59 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-03-26 18:59 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
    2008-03-26 18:58 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
    2008-03-26 18:58 23,552 ----a-w C:\Windows\System32\lpremove.exe
    2008-03-26 18:58 2,048 ----a-w C:\Windows\System32\msxml3r.dll
    2008-03-26 18:58 166,912 ----a-w C:\Windows\System32\lpksetup.exe
    2008-03-26 18:58 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
    2008-03-26 18:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-03-26 18:56 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-03-26 18:56 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-03-26 18:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-03-26 18:56 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-03-26 18:55 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-03-26 18:55 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-06-02_23.33.11.71 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-02 21:30:24 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-03 11:03:00 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-02 21:30:54 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-06-03 11:05:03 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2008-06-02 21:30:53 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-06-03 11:11:54 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-02 21:31:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-03 11:03:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-02 21:13:44 103,726 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-03 11:08:18 103,726 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-02 21:13:44 117,366 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-03 11:08:19 117,366 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-02 21:13:44 609,944 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-03 11:08:19 609,944 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-02 21:13:44 690,594 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-03 11:08:19 690,594 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-06-02 21:10:56 7,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
    + 2008-06-03 11:05:34 7,610 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
    - 2008-06-02 21:10:55 66,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-03 11:05:34 67,090 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-02 21:10:54 35,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-03 11:05:32 35,144 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSServer"="C:\Windows\system32\awttRjHX.dll" [2008-05-16 21:24 29824]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\awttRjHX.dll [2008-05-16 21:24 29824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    "Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "VX1000"=C:\Windows\vVX1000.exe
    "WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
    "WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    "NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    "NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
    "UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
    "{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
    "{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
    "TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
    "UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
    "{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
    "{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
    "TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
    "UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
    "TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
    "TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
    "{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
    "{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
    "{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
    "TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
    R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
    R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
    S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
    S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    GPSvcGroup REG_MULTI_SZ GPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
    \shell\AutoRun\command - E:\autorun_PES2008.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
    %SystemRoot%\system32\soundschemes.exe /AddRegistration
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-03 11:03:19 C:\Windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-03 13:12:10
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\system32\winlogon.exe
    -> C:\Windows\system32\awttRjHX.dll
    .
    Temps d'accomplissement: 2008-06-03 13:13:20
    ComboFix-quarantined-files.txt 2008-06-03 11:13:16
    ComboFix2.txt 2008-06-02 21:35:03

    Pre-Run: 204,087,136,256 octets libres
    Post-Run: 204,056,453,120 octets libres

    295 --- E O F --- 2008-05-30 19:21:28

    -------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:15:00, on 03/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\eden.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...

    ___________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\awttRjHX.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    ___________________

    encore des soucis??????????
    0
  19. Ned' Messages postés 31 Statut Membre 2
     
    File/Folder C:\Windows\system32\awttRjHX.dll not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06032008_212830

    ----------------------

    Malwarebytes' Anti-Malware 1.14
    Version de la base de données: 818

    21:54:32 03/06/2008
    mbam-log-6-3-2008 (21-54-32).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 140122
    Temps écoulé: 22 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Windows\System32\qoMfDWmK.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Windows\System32\vturpOhg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ4D66RO\css4[1] (Trojan.Vundo) -> Delete on reboot.
    C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5JLZ4XV\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\PIPPO\AppData\Local\Temp\pmNfebbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\PIPPO\AppData\Local\Temp\wvUmmJcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\jkkKETkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\qoMfDWmK.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\ljJDTmjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est dans le dossier quarantine en allant dans poste de travail puis:

    C:\QooBox\Quarantine

    _____________

    encore des soucis???????????????????????????
    0
  • 1
  • 2