Win32:Vundo@dll [Trj]
Résolu/Fermé
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
-
2 juin 2008 à 20:26
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 4 juin 2008 à 10:30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 4 juin 2008 à 10:30
A voir également:
- Win32:Vundo@dll [Trj]
- Hacktool win32 autokms ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Télécharger win32 valide pour windows 7 gratuit - Forum Windows
- Win32 pup gen ✓ - Forum Linux / Unix
- Puadimanager win32/installcore ✓ - Forum Virus
22 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 juin 2008 à 21:07
2 juin 2008 à 21:07
slt,
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
___________________
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
___________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
___________________
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
___________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 21:46
2 juin 2008 à 21:46
Merci de m'aidé :)
Une fois le scan fini avec Vundo, il me marque que je n'ai rien mais pas de Remove Vundo :s
Une fois le scan fini avec Vundo, il me marque que je n'ai rien mais pas de Remove Vundo :s
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 22:07
2 juin 2008 à 22:07
VundoFix V7.0.5
Scan started at 21:29:17 02/06/2008
Listing files found while scanning....
No infected files were found.
--------------------------------------------------------
[06/02/2008, 21:52:42] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
[06/02/2008, 21:52:51] - Detected System Information:
[06/02/2008, 21:52:51] - Windows Version: 6.0.6000,
[06/02/2008, 21:52:51] - Current Username: PIPPO (Admin)
[06/02/2008, 21:52:51] - Windows is in NORMAL mode.
[06/02/2008, 21:52:51] - Searching for Browser Helper Objects:
[06/02/2008, 21:52:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 21:52:51] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 21:52:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 21:52:51] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 21:52:51] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 21:52:51] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 21:52:51] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:52:51] - No filename found. Continuing.
[06/02/2008, 21:52:51] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:52:51] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 21:52:51] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 21:52:51] - Finished Searching Browser Helper Objects
[06/02/2008, 21:52:51] - Finishing up...
[06/02/2008, 21:52:51] - Nothing found! Exiting...
[06/02/2008, 21:53:15] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
[06/02/2008, 21:53:18] - Detected System Information:
[06/02/2008, 21:53:18] - Windows Version: 6.0.6000,
[06/02/2008, 21:53:18] - Current Username: PIPPO (Admin)
[06/02/2008, 21:53:18] - Windows is in NORMAL mode.
[06/02/2008, 21:53:18] - Searching for Browser Helper Objects:
[06/02/2008, 21:53:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 21:53:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 21:53:18] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 21:53:18] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 21:53:18] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 21:53:18] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 21:53:18] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:53:18] - No filename found. Continuing.
[06/02/2008, 21:53:18] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:53:18] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 21:53:18] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 21:53:18] - Finished Searching Browser Helper Objects
[06/02/2008, 21:53:19] - Finishing up...
[06/02/2008, 21:53:19] - Nothing found! Exiting...
[06/02/2008, 22:06:01] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone(2).exe" )
[06/02/2008, 22:06:03] - Detected System Information:
[06/02/2008, 22:06:03] - Windows Version: 6.0.6000,
[06/02/2008, 22:06:03] - Current Username: PIPPO (Admin)
[06/02/2008, 22:06:03] - Windows is in NORMAL mode.
[06/02/2008, 22:06:03] - Searching for Browser Helper Objects:
[06/02/2008, 22:06:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 22:06:03] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 22:06:03] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 22:06:03] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 22:06:03] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 22:06:03] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 22:06:03] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 22:06:03] - No filename found. Continuing.
[06/02/2008, 22:06:03] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 22:06:03] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 22:06:03] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 22:06:03] - Finished Searching Browser Helper Objects
[06/02/2008, 22:06:03] - Finishing up...
[06/02/2008, 22:06:03] - Nothing found! Exiting...
---------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:10, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
Scan started at 21:29:17 02/06/2008
Listing files found while scanning....
No infected files were found.
--------------------------------------------------------
[06/02/2008, 21:52:42] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
[06/02/2008, 21:52:51] - Detected System Information:
[06/02/2008, 21:52:51] - Windows Version: 6.0.6000,
[06/02/2008, 21:52:51] - Current Username: PIPPO (Admin)
[06/02/2008, 21:52:51] - Windows is in NORMAL mode.
[06/02/2008, 21:52:51] - Searching for Browser Helper Objects:
[06/02/2008, 21:52:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 21:52:51] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 21:52:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 21:52:51] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 21:52:51] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 21:52:51] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 21:52:51] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:52:51] - No filename found. Continuing.
[06/02/2008, 21:52:51] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:52:51] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 21:52:51] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 21:52:51] - Finished Searching Browser Helper Objects
[06/02/2008, 21:52:51] - Finishing up...
[06/02/2008, 21:52:51] - Nothing found! Exiting...
[06/02/2008, 21:53:15] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
[06/02/2008, 21:53:18] - Detected System Information:
[06/02/2008, 21:53:18] - Windows Version: 6.0.6000,
[06/02/2008, 21:53:18] - Current Username: PIPPO (Admin)
[06/02/2008, 21:53:18] - Windows is in NORMAL mode.
[06/02/2008, 21:53:18] - Searching for Browser Helper Objects:
[06/02/2008, 21:53:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 21:53:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 21:53:18] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 21:53:18] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 21:53:18] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 21:53:18] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 21:53:18] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:53:18] - No filename found. Continuing.
[06/02/2008, 21:53:18] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:53:18] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 21:53:18] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 21:53:18] - Finished Searching Browser Helper Objects
[06/02/2008, 21:53:19] - Finishing up...
[06/02/2008, 21:53:19] - Nothing found! Exiting...
[06/02/2008, 22:06:01] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone(2).exe" )
[06/02/2008, 22:06:03] - Detected System Information:
[06/02/2008, 22:06:03] - Windows Version: 6.0.6000,
[06/02/2008, 22:06:03] - Current Username: PIPPO (Admin)
[06/02/2008, 22:06:03] - Windows is in NORMAL mode.
[06/02/2008, 22:06:03] - Searching for Browser Helper Objects:
[06/02/2008, 22:06:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 22:06:03] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 22:06:03] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 22:06:03] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 22:06:03] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 22:06:03] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 22:06:03] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 22:06:03] - No filename found. Continuing.
[06/02/2008, 22:06:03] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 22:06:03] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 22:06:03] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 22:06:03] - Finished Searching Browser Helper Objects
[06/02/2008, 22:06:03] - Finishing up...
[06/02/2008, 22:06:03] - Nothing found! Exiting...
---------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:10, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 juin 2008 à 22:27
2 juin 2008 à 22:27
ok vire ce qui est dans la sauvegarde de spybot
______________
refais hijakchtis en le renommant comme indiqué cette fois
______________
refais hijakchtis en le renommant comme indiqué cette fois
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 22:30
2 juin 2008 à 22:30
Comment on fait ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 juin 2008 à 22:31
2 juin 2008 à 22:31
tu lance spybot puis tu vas dans quarantaine/sauvegarde et tu vire ce qui est dedans
puis
colle un rapport hijackthis
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
puis
colle un rapport hijackthis
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 22:42
2 juin 2008 à 22:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:06, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
Scan saved at 22:40:06, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 juin 2008 à 22:44
2 juin 2008 à 22:44
tu n'as pas viré ce qui est en quarantaine dans SPYBOT ( vire ce qui est dans la sauvegarde!!!!))
____________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
[si je suspecte une infection bagle, j'ajoute :
sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
____________
____________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
[si je suspecte une infection bagle, j'ajoute :
sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
____________
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 22:48
2 juin 2008 à 22:48
J'ai bien supprimé dans "Sauvegardes" dans Spybot pourtant
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 juin 2008 à 22:50
2 juin 2008 à 22:50
non je pense pas , car encore dans hijakchits
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 22:53
2 juin 2008 à 22:53
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:25, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Hijackthis\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
Scan saved at 22:52:25, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Hijackthis\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 juin 2008 à 23:01
2 juin 2008 à 23:01
non toujours...
bon as tu la derniere version de spybot:???
ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
(si c'est pas le cas mets la sans activer le tea timer)
_________________
vire ce qui est dans la sauvegarde de spybot
puis colle un rapport combofix
bon as tu la derniere version de spybot:???
ici:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
(si c'est pas le cas mets la sans activer le tea timer)
_________________
vire ce qui est dans la sauvegarde de spybot
puis colle un rapport combofix
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 23:17
2 juin 2008 à 23:17
J'ai désinstaller spybot et reinstaller et fait l'analyse Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:06, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Hijackthis\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\iifgDUoP.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifgDUoP.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:06, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Hijackthis\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\iifgDUoP.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifgDUoP.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 juin 2008 à 23:19
2 juin 2008 à 23:19
ok c'est bon pour spybot tu avais quelle version?
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
2 juin 2008 à 23:37
2 juin 2008 à 23:37
ComboFix 08-06-01.6 - PIPPO 2008-06-02 23:26:02.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1338 [GMT 2:00]
Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\uusee
C:\Program Files\uusee\AD\UUAD_Banner.gif
C:\Program Files\uusee\AD\UUAD_Banner.html
C:\Program Files\uusee\AD\UUAD_Banner_1.html
C:\Program Files\uusee\AD\UUAD_Banner_3.html
C:\Program Files\uusee\AD\UUAD_Buffering.html
C:\Program Files\uusee\AD\UUAD_Buffering.jpg
C:\Program Files\uusee\AD\UUAD_TextLink_0.xml
C:\Program Files\uusee\bass-plugins.exe
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Thumbs.db
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\uninstuusee.exe
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer_update.ini
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\UUSeePlayer.exe
C:\Program Files\uusee\UUTV_MY.xml
C:\Program Files\uusee\UUTV_UUPlayer.xml
C:\ProgramData\Microsoft\Windows\Start Menu\UUSEE~1.LNK
C:\Windows\system32\fjmmdkls.ini
C:\Windows\System32\gggikUvw.ini
C:\Windows\System32\gggikUvw.ini2
C:\Windows\system32\goaucuka.ini
C:\Windows\System32\HgQWEfhk.ini
C:\Windows\System32\HgQWEfhk.ini2
C:\Windows\system32\jvmpbvoi.ini
C:\Windows\System32\LVGOnnnn.ini
C:\Windows\System32\LVGOnnnn.ini2
C:\Windows\System32\mlnmnqss.ini
C:\Windows\System32\mlnmnqss.ini2
C:\Windows\System32\ncxmfchp.ini
C:\Windows\system32\odqksvpb.ini
C:\Windows\System32\qojeuslg.ini
C:\Windows\System32\SCbayGgh.ini
C:\Windows\System32\SCbayGgh.ini2
C:\Windows\System32\snlrmctd.ini
C:\Windows\System32\tccptime.ini
C:\Windows\System32\VxyHPrqr.ini
C:\Windows\System32\VxyHPrqr.ini2
C:\Windows\System32\wleqrgty.ini
C:\Windows\System32\yJiQAKkj.ini
C:\Windows\System32\yJiQAKkj.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 23:31 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\ssqOICVN.dll
2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
2008-05-04 13:52 --------- d-----w C:\Program Files\Google
2008-05-03 03:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
2008-05-16 21:24 29824 --a------ C:\Windows\system32\ssqOICVN.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\ssqOICVN.dll" [2008-05-16 21:24 29824]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\ssqOICVN.dll [2008-05-16 21:24 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VX1000"=C:\Windows\vVX1000.exe
"WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
"WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
"{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
"TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
"{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
"{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
"{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
"TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-02 21:30:39 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 23:31:30
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\ssqOICVN.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 23:35:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 21:33:48
Pre-Run: 204,932,050,944 octets libres
Post-Run: 204,976,893,952 octets libres
432 --- E O F --- 2008-05-30 19:21:28
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1338 [GMT 2:00]
Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\uusee
C:\Program Files\uusee\AD\UUAD_Banner.gif
C:\Program Files\uusee\AD\UUAD_Banner.html
C:\Program Files\uusee\AD\UUAD_Banner_1.html
C:\Program Files\uusee\AD\UUAD_Banner_3.html
C:\Program Files\uusee\AD\UUAD_Buffering.html
C:\Program Files\uusee\AD\UUAD_Buffering.jpg
C:\Program Files\uusee\AD\UUAD_TextLink_0.xml
C:\Program Files\uusee\bass-plugins.exe
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Thumbs.db
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\uninstuusee.exe
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer_update.ini
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\UUSeePlayer.exe
C:\Program Files\uusee\UUTV_MY.xml
C:\Program Files\uusee\UUTV_UUPlayer.xml
C:\ProgramData\Microsoft\Windows\Start Menu\UUSEE~1.LNK
C:\Windows\system32\fjmmdkls.ini
C:\Windows\System32\gggikUvw.ini
C:\Windows\System32\gggikUvw.ini2
C:\Windows\system32\goaucuka.ini
C:\Windows\System32\HgQWEfhk.ini
C:\Windows\System32\HgQWEfhk.ini2
C:\Windows\system32\jvmpbvoi.ini
C:\Windows\System32\LVGOnnnn.ini
C:\Windows\System32\LVGOnnnn.ini2
C:\Windows\System32\mlnmnqss.ini
C:\Windows\System32\mlnmnqss.ini2
C:\Windows\System32\ncxmfchp.ini
C:\Windows\system32\odqksvpb.ini
C:\Windows\System32\qojeuslg.ini
C:\Windows\System32\SCbayGgh.ini
C:\Windows\System32\SCbayGgh.ini2
C:\Windows\System32\snlrmctd.ini
C:\Windows\System32\tccptime.ini
C:\Windows\System32\VxyHPrqr.ini
C:\Windows\System32\VxyHPrqr.ini2
C:\Windows\System32\wleqrgty.ini
C:\Windows\System32\yJiQAKkj.ini
C:\Windows\System32\yJiQAKkj.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 23:31 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\ssqOICVN.dll
2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
2008-05-04 13:52 --------- d-----w C:\Program Files\Google
2008-05-03 03:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
2008-05-16 21:24 29824 --a------ C:\Windows\system32\ssqOICVN.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\ssqOICVN.dll" [2008-05-16 21:24 29824]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\ssqOICVN.dll [2008-05-16 21:24 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VX1000"=C:\Windows\vVX1000.exe
"WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
"WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
"{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
"TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
"{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
"{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
"{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
"TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-02 21:30:39 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 23:31:30
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\ssqOICVN.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 23:35:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 21:33:48
Pre-Run: 204,932,050,944 octets libres
Post-Run: 204,976,893,952 octets libres
432 --- E O F --- 2008-05-30 19:21:28
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
3 juin 2008 à 11:31
3 juin 2008 à 11:31
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\ssqOICVN.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis ET DIS TES SOUCIS ACTUELS
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\ssqOICVN.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis ET DIS TES SOUCIS ACTUELS
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
3 juin 2008 à 13:16
3 juin 2008 à 13:16
ComboFix 08-06-01.6 - PIPPO 2008-06-03 13:09:36.3 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1341 [GMT 2:00]
Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
Command switches used :: C:\Users\PIPPO\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\ssqOICVN.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\vturpOhg.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.
2008-06-03 13:03 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\awttRjHX.dll
2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 13:31 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
2008-05-04 13:52 --------- d-----w C:\Program Files\Google
2008-04-30 15:27 442,368 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-23 14:29 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
2008-03-31 19:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
2008-03-27 18:42 37,888 ----a-w C:\Windows\System32\rar.exe
2008-03-26 23:32 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-26 23:28 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-03-26 23:28 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2008-03-26 23:26 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-03-26 23:25 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2008-03-26 23:24 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-03-26 19:09 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-26 19:09 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-26 19:09 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-26 19:08 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-26 19:08 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-26 19:08 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-26 19:08 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-26 19:08 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-26 19:08 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-26 19:08 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-26 19:08 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-26 19:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 19:06 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-26 19:06 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-26 19:03 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-26 19:02 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-26 19:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 19:01 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 19:01 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 19:01 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 19:00 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-26 19:00 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-26 19:00 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-26 19:00 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-26 19:00 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-26 19:00 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-26 18:59 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 18:59 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 18:59 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-26 18:58 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-03-26 18:58 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-03-26 18:58 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 18:58 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-03-26 18:58 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-03-26 18:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-03-26 18:56 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-26 18:56 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-26 18:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-26 18:56 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 18:55 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 18:55 223,232 ----a-w C:\Windows\System32\WMASF.DLL
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_23.33.11.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 21:30:24 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-03 11:03:00 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-02 21:30:54 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-03 11:05:03 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-02 21:30:53 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-03 11:11:54 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-02 21:31:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 11:03:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-02 21:13:44 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-03 11:08:18 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-02 21:13:44 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-03 11:08:19 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-02 21:13:44 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-03 11:08:19 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-02 21:13:44 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-03 11:08:19 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-02 21:10:56 7,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
+ 2008-06-03 11:05:34 7,610 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
- 2008-06-02 21:10:55 66,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 11:05:34 67,090 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-02 21:10:54 35,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 11:05:32 35,144 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\awttRjHX.dll" [2008-05-16 21:24 29824]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\awttRjHX.dll [2008-05-16 21:24 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VX1000"=C:\Windows\vVX1000.exe
"WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
"WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
"{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
"TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
"{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
"{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
"{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
"TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-03 11:03:19 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 13:12:10
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\awttRjHX.dll
.
Temps d'accomplissement: 2008-06-03 13:13:20
ComboFix-quarantined-files.txt 2008-06-03 11:13:16
ComboFix2.txt 2008-06-02 21:35:03
Pre-Run: 204,087,136,256 octets libres
Post-Run: 204,056,453,120 octets libres
295 --- E O F --- 2008-05-30 19:21:28
-------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:00, on 03/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1341 [GMT 2:00]
Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
Command switches used :: C:\Users\PIPPO\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\ssqOICVN.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\vturpOhg.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.
2008-06-03 13:03 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\awttRjHX.dll
2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 13:31 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
2008-05-04 13:52 --------- d-----w C:\Program Files\Google
2008-04-30 15:27 442,368 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-23 14:29 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
2008-03-31 19:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
2008-03-27 18:42 37,888 ----a-w C:\Windows\System32\rar.exe
2008-03-26 23:32 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-26 23:28 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-03-26 23:28 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2008-03-26 23:26 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-03-26 23:25 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2008-03-26 23:24 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-03-26 19:09 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-26 19:09 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-26 19:09 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-26 19:08 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-26 19:08 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-26 19:08 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-26 19:08 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-26 19:08 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-26 19:08 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-26 19:08 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-26 19:08 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-26 19:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 19:06 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-26 19:06 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-26 19:03 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-26 19:02 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-26 19:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 19:01 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 19:01 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 19:01 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 19:00 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-26 19:00 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-26 19:00 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-26 19:00 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-26 19:00 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-26 19:00 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-26 18:59 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 18:59 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 18:59 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-26 18:58 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-03-26 18:58 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-03-26 18:58 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 18:58 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-03-26 18:58 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-03-26 18:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-03-26 18:56 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-26 18:56 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-26 18:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-26 18:56 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 18:55 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 18:55 223,232 ----a-w C:\Windows\System32\WMASF.DLL
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_23.33.11.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 21:30:24 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-03 11:03:00 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-02 21:30:54 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-03 11:05:03 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-02 21:30:53 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-03 11:11:54 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-02 21:31:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 11:03:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-02 21:13:44 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-03 11:08:18 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-02 21:13:44 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-03 11:08:19 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-02 21:13:44 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-03 11:08:19 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-02 21:13:44 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-03 11:08:19 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-02 21:10:56 7,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
+ 2008-06-03 11:05:34 7,610 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
- 2008-06-02 21:10:55 66,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 11:05:34 67,090 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-02 21:10:54 35,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 11:05:32 35,144 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\awttRjHX.dll" [2008-05-16 21:24 29824]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\awttRjHX.dll [2008-05-16 21:24 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VX1000"=C:\Windows\vVX1000.exe
"WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
"WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
"{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
"TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
"{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
"{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
"{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
"TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-03 11:03:19 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 13:12:10
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\awttRjHX.dll
.
Temps d'accomplissement: 2008-06-03 13:13:20
ComboFix-quarantined-files.txt 2008-06-03 11:13:16
ComboFix2.txt 2008-06-02 21:35:03
Pre-Run: 204,087,136,256 octets libres
Post-Run: 204,056,453,120 octets libres
295 --- E O F --- 2008-05-30 19:21:28
-------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:00, on 03/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206569648_03995fd895754494775de5da8651e9cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
3 juin 2008 à 13:44
3 juin 2008 à 13:44
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
___________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\awttRjHX.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
encore des soucis??????????
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
___________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\awttRjHX.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
encore des soucis??????????
Ned'
Messages postés
30
Date d'inscription
lundi 2 juin 2008
Statut
Membre
Dernière intervention
20 avril 2009
2
3 juin 2008 à 21:55
3 juin 2008 à 21:55
File/Folder C:\Windows\system32\awttRjHX.dll not found.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06032008_212830
----------------------
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 818
21:54:32 03/06/2008
mbam-log-6-3-2008 (21-54-32).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 140122
Temps écoulé: 22 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Windows\System32\qoMfDWmK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\vturpOhg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ4D66RO\css4[1] (Trojan.Vundo) -> Delete on reboot.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5JLZ4XV\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Temp\pmNfebbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Temp\wvUmmJcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkKETkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMfDWmK.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ljJDTmjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06032008_212830
----------------------
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 818
21:54:32 03/06/2008
mbam-log-6-3-2008 (21-54-32).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 140122
Temps écoulé: 22 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Windows\System32\qoMfDWmK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\vturpOhg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ4D66RO\css4[1] (Trojan.Vundo) -> Delete on reboot.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5JLZ4XV\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Temp\pmNfebbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Temp\wvUmmJcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkKETkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMfDWmK.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ljJDTmjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
3 juin 2008 à 22:52
3 juin 2008 à 22:52
vire ce qui est dans le dossier quarantine en allant dans poste de travail puis:
C:\QooBox\Quarantine
_____________
encore des soucis???????????????????????????
C:\QooBox\Quarantine
_____________
encore des soucis???????????????????????????