Win32:Vundo@dll [Trj] [Résolu]

slt,


scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

___________________
puis :


virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

___________________


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Merci de m'aidé :)

Une fois le scan fini avec Vundo, il me marque que je n'ai rien mais pas de Remove Vundo :s

VundoFix V7.0.5

Scan started at 21:29:17 02/06/2008

Listing files found while scanning....

No infected files were found.

--------------------------------------------------------


[06/02/2008, 21:52:42] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
[06/02/2008, 21:52:51] - Detected System Information:
[06/02/2008, 21:52:51] - Windows Version: 6.0.6000,
[06/02/2008, 21:52:51] - Current Username: PIPPO (Admin)
[06/02/2008, 21:52:51] - Windows is in NORMAL mode.
[06/02/2008, 21:52:51] - Searching for Browser Helper Objects:
[06/02/2008, 21:52:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 21:52:51] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 21:52:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 21:52:51] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 21:52:51] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 21:52:51] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 21:52:51] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:52:51] - No filename found. Continuing.
[06/02/2008, 21:52:51] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 21:52:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:52:51] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 21:52:51] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 21:52:51] - Finished Searching Browser Helper Objects
[06/02/2008, 21:52:51] - Finishing up...
[06/02/2008, 21:52:51] - Nothing found! Exiting...

[06/02/2008, 21:53:15] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone.exe" )
[06/02/2008, 21:53:18] - Detected System Information:
[06/02/2008, 21:53:18] - Windows Version: 6.0.6000,
[06/02/2008, 21:53:18] - Current Username: PIPPO (Admin)
[06/02/2008, 21:53:18] - Windows is in NORMAL mode.
[06/02/2008, 21:53:18] - Searching for Browser Helper Objects:
[06/02/2008, 21:53:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 21:53:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 21:53:18] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 21:53:18] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 21:53:18] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 21:53:18] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 21:53:18] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:53:18] - No filename found. Continuing.
[06/02/2008, 21:53:18] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 21:53:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 21:53:18] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 21:53:18] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 21:53:18] - Finished Searching Browser Helper Objects
[06/02/2008, 21:53:19] - Finishing up...
[06/02/2008, 21:53:19] - Nothing found! Exiting...

[06/02/2008, 22:06:01] - VirtumundoBeGone v1.5 ( "C:\Users\PIPPO\Downloads\Mozilla Firefox\VirtumundoBeGone(2).exe" )
[06/02/2008, 22:06:03] - Detected System Information:
[06/02/2008, 22:06:03] - Windows Version: 6.0.6000,
[06/02/2008, 22:06:03] - Current Username: PIPPO (Admin)
[06/02/2008, 22:06:03] - Windows is in NORMAL mode.
[06/02/2008, 22:06:03] - Searching for Browser Helper Objects:
[06/02/2008, 22:06:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/02/2008, 22:06:03] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/02/2008, 22:06:03] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/02/2008, 22:06:03] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/02/2008, 22:06:03] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/02/2008, 22:06:03] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/02/2008, 22:06:03] - BHO 7: {BA1248C9-9415-4EAA-97F0-5080D2A832EB} ()
[06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 22:06:03] - No filename found. Continuing.
[06/02/2008, 22:06:03] - BHO 8: {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} ()
[06/02/2008, 22:06:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/02/2008, 22:06:03] - Checking for HKLM\...\Winlogon\Notify\qoMdCsrO
[06/02/2008, 22:06:03] - Key not found: HKLM\...\Winlogon\Notify\qoMdCsrO, continuing.
[06/02/2008, 22:06:03] - Finished Searching Browser Helper Objects
[06/02/2008, 22:06:03] - Finishing up...
[06/02/2008, 22:06:03] - Nothing found! Exiting...


---------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:10, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

ok vire ce qui est dans la sauvegarde de spybot

______________

refais hijakchtis en le renommant comme indiqué cette fois

Comment on fait ?

tu lance spybot puis tu vas dans quarantaine/sauvegarde et tu vire ce qui est dedans




puis

colle un rapport hijackthis


manuel :
http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:06, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5566] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1813] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8352] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9208] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1321] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4016] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1438] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

tu n'as pas viré ce qui est en quarantaine dans SPYBOT ( vire ce qui est dans la sauvegarde!!!!))



____________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

[si je suspecte une infection bagle, j'ajoute :

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
____________

J'ai bien supprimé dans "Sauvegardes" dans Spybot pourtant

non je pense pas , car encore dans hijakchits

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:25, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Hijackthis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\qoMdCsrO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdCsrO.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8639] command /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4862] cmd /c del "C:\Windows\System32\khfgDuTn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2336] command /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8142] cmd /c del "C:\Windows\System32\ssqoPFYs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2693] command /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3832] cmd /c del "C:\Windows\System32\tuvVNFUm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7648] command /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2372] cmd /c del "C:\Windows\System32\vtUommJb.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

non toujours...

bon as tu la derniere version de spybot:???
ici:

http://www.01net.com/...

(si c'est pas le cas mets la sans activer le tea timer)


_________________

vire ce qui est dans la sauvegarde de spybot


puis colle un rapport combofix

J'ai désinstaller spybot et reinstaller et fait l'analyse Hijackthis :





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:06, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Hijackthis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BA1248C9-9415-4EAA-97F0-5080D2A832EB} - (no file)
O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\Windows\system32\iifgDUoP.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifgDUoP.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

ok c'est bon pour spybot tu avais quelle version?





________________


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

ComboFix 08-06-01.6 - PIPPO 2008-06-02 23:26:02.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1338 [GMT 2:00]
Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\uusee
C:\Program Files\uusee\AD\UUAD_Banner.gif
C:\Program Files\uusee\AD\UUAD_Banner.html
C:\Program Files\uusee\AD\UUAD_Banner_1.html
C:\Program Files\uusee\AD\UUAD_Banner_3.html
C:\Program Files\uusee\AD\UUAD_Buffering.html
C:\Program Files\uusee\AD\UUAD_Buffering.jpg
C:\Program Files\uusee\AD\UUAD_TextLink_0.xml
C:\Program Files\uusee\bass-plugins.exe
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Thumbs.db
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\uninstuusee.exe
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer_update.ini
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\UUSeePlayer.exe
C:\Program Files\uusee\UUTV_MY.xml
C:\Program Files\uusee\UUTV_UUPlayer.xml
C:\ProgramData\Microsoft\Windows\Start Menu\UUSEE~1.LNK
C:\Windows\system32\fjmmdkls.ini
C:\Windows\System32\gggikUvw.ini
C:\Windows\System32\gggikUvw.ini2
C:\Windows\system32\goaucuka.ini
C:\Windows\System32\HgQWEfhk.ini
C:\Windows\System32\HgQWEfhk.ini2
C:\Windows\system32\jvmpbvoi.ini
C:\Windows\System32\LVGOnnnn.ini
C:\Windows\System32\LVGOnnnn.ini2
C:\Windows\System32\mlnmnqss.ini
C:\Windows\System32\mlnmnqss.ini2
C:\Windows\System32\ncxmfchp.ini
C:\Windows\system32\odqksvpb.ini
C:\Windows\System32\qojeuslg.ini
C:\Windows\System32\SCbayGgh.ini
C:\Windows\System32\SCbayGgh.ini2
C:\Windows\System32\snlrmctd.ini
C:\Windows\System32\tccptime.ini
C:\Windows\System32\VxyHPrqr.ini
C:\Windows\System32\VxyHPrqr.ini2
C:\Windows\System32\wleqrgty.ini
C:\Windows\System32\yJiQAKkj.ini
C:\Windows\System32\yJiQAKkj.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.

2008-06-02 23:31 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\ssqOICVN.dll
2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
2008-05-04 13:52 --------- d-----w C:\Program Files\Google
2008-05-03 03:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
2008-05-16 21:24 29824 --a------ C:\Windows\system32\ssqOICVN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\ssqOICVN.dll" [2008-05-16 21:24 29824]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\ssqOICVN.dll [2008-05-16 21:24 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VX1000"=C:\Windows\vVX1000.exe
"WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
"WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
"{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
"TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
"{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
"{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
"{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
"TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-02 21:30:39 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 23:31:30
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\ssqOICVN.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 23:35:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 21:33:48

Pre-Run: 204,932,050,944 octets libres
Post-Run: 204,976,893,952 octets libres

432 --- E O F --- 2008-05-30 19:21:28

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
C:\Windows\system32\ssqOICVN.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"=-


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis ET DIS TES SOUCIS ACTUELS


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ComboFix 08-06-01.6 - PIPPO 2008-06-03 13:09:36.3 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1341 [GMT 2:00]
Endroit: C:\Users\PIPPO\Downloads\Mozilla Firefox\ComboFix.exe
Command switches used :: C:\Users\PIPPO\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\ssqOICVN.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\vturpOhg.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.

2008-06-03 13:03 . 2008-05-16 21:24 29,824 --a------ C:\Windows\System32\awttRjHX.dll
2008-06-02 23:22 . 2006-11-02 11:44 320,000 --a------ C:\Windows\System32\CF1.exe
2008-06-02 23:12 . 2008-06-02 23:12 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 21:58 . 2008-06-02 23:14 <REP> d-------- C:\Hijackthis
2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 21:29 . 2008-06-02 22:04 <REP> d-------- C:\VundoFix Backups
2008-06-02 20:46 . 2008-06-02 20:47 269 --a------ C:\Windows\wininit.ini
2008-05-28 12:37 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 12:37 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:35 . 2008-05-26 01:35 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-15 19:09 . 2008-05-15 19:09 <REP> d-------- C:\Windows\Sun
2008-05-15 16:29 . 2008-05-15 16:29 <REP> d-------- C:\Program Files\KONAMI
2008-05-15 15:31 . 2008-05-15 15:31 <REP> dr-h----- C:\Users\PIPPO\AppData\Roaming\SecuROM
2008-05-15 14:28 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-15 14:28 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-05-15 00:00 . 2008-06-01 23:35 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\LimeWire
2008-05-15 00:00 . 2008-05-15 00:00 <REP> d-------- C:\Program Files\LimeWire
2008-05-14 23:19 . 2008-05-14 23:20 1,160 --a------ C:\Windows\mozver.dat
2008-05-14 22:19 . 2008-05-14 22:19 <REP> d-------- C:\Users\PIPPO\AppData\Roaming\Talkback
2008-05-14 22:18 . 2008-05-14 22:18 0 --a------ C:\Windows\nsreg.dat
2008-05-04 15:45 . 2008-05-04 16:54 <REP> d-------- C:\Program Files\Common Files\uusee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:14 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-02 19:49 --------- d-----w C:\ProgramData\Google Updater
2008-06-01 20:45 --------- d-----w C:\ProgramData\TrackMania
2008-05-26 14:32 --------- d-----w C:\ProgramData\NVIDIA
2008-05-23 11:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-21 17:16 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-16 11:52 --------- d-----w C:\Program Files\Game Graphic Studio
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 13:31 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-15 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 22:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 22:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 10:48 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Canon
2008-05-04 13:52 --------- d-----w C:\Program Files\Google
2008-04-30 15:27 442,368 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-04-23 14:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-23 14:29 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-18 13:53 --------- d-----w C:\Program Files\TmNationsForever
2008-04-15 13:41 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-15 01:47 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:47 --------- d-----w C:\Program Files\Microsoft Works
2008-04-15 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-15 01:42 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 01:33 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-15 01:14 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Nero
2008-04-15 01:13 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-15 01:11 --------- d-----w C:\ProgramData\Nero
2008-04-15 01:11 --------- d-----w C:\Program Files\Nero
2008-04-14 19:04 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Azureus
2008-04-14 01:22 --------- d-----w C:\Users\PIPPO\AppData\Roaming\ma-config.com
2008-04-13 00:12 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-04-12 21:31 --------- d-----w C:\Program Files\DkZ Studio
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-09 19:24 --------- d-----w C:\Program Files\SopCast
2008-04-09 17:31 --------- d-----w C:\Program Files\DS-3200 Wireless Optical Slimline Deskset
2008-04-09 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 16:13 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Samsung
2008-04-07 16:09 --------- d-----w C:\Program Files\Samsung
2008-04-06 18:51 --------- d-----w C:\ProgramData\TVU Networks
2008-04-06 18:50 --------- d-----w C:\Program Files\TVUPlayer
2008-04-06 18:41 --------- d-----w C:\Users\PIPPO\AppData\Roaming\TVU Networks
2008-04-06 15:16 30,544 ----a-w C:\Windows\dirdib.drv
2008-04-06 15:16 30,464 ----a-w C:\Windows\macromix.dll
2008-04-06 15:12 85,536 ----a-w C:\Windows\~GLC0000.TMP
2008-04-06 15:05 2,855 ----a-w C:\Windows\PIF\INSTALL.PIF
2008-04-03 11:40 --------- d-----w C:\Users\PIPPO\AppData\Roaming\Hamachi
2008-03-31 19:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-31 13:42 22,328 ----a-w C:\Users\PIPPO\AppData\Roaming\PnkBstrK.sys
2008-03-27 18:42 37,888 ----a-w C:\Windows\System32\rar.exe
2008-03-26 23:32 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-26 23:28 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-03-26 23:28 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2008-03-26 23:26 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-03-26 23:25 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2008-03-26 23:24 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-26 19:38 174 --sha-w C:\Program Files\desktop.ini
2008-03-26 19:09 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-26 19:09 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-26 19:09 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-26 19:08 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-26 19:08 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-26 19:08 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-26 19:08 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-26 19:08 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-26 19:08 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-26 19:08 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-26 19:08 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-26 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-26 19:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 19:06 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-26 19:06 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-26 19:03 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-26 19:02 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-26 19:01 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 19:01 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 19:01 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 19:01 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 19:00 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-26 19:00 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-26 19:00 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-26 19:00 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-26 19:00 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-26 19:00 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-26 18:59 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 18:59 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 18:59 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-26 18:58 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-03-26 18:58 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-03-26 18:58 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 18:58 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-03-26 18:58 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-03-26 18:58 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-03-26 18:57 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-03-26 18:56 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-26 18:56 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-26 18:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-26 18:56 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 18:55 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 18:55 223,232 ----a-w C:\Windows\System32\WMASF.DLL
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-06-02_23.33.11.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 21:30:24 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-03 11:03:00 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-03 11:03:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-02 21:30:54 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-03 11:05:03 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-02 21:30:53 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-03 11:11:54 176,128 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-02 21:31:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 11:03:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-02 21:31:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 11:03:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-02 21:13:44 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-03 11:08:18 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-02 21:13:44 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-03 11:08:19 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-02 21:13:44 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-03 11:08:19 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-02 21:13:44 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-03 11:08:19 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-02 21:10:56 7,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
+ 2008-06-03 11:05:34 7,610 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916555441-147088009-4003317088-1000_UserData.bin
- 2008-06-02 21:10:55 66,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 11:05:34 67,090 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-02 21:10:54 35,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 11:05:32 35,144 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 20:51 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\awttRjHX.dll" [2008-05-16 21:24 29824]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\Windows\system32\awttRjHX.dll [2008-05-16 21:24 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Windows Mail"=C:\Program Files\Windows Mail\WinMail.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VX1000"=C:\Windows\vVX1000.exe
"WireLessMouse"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
"WireLessKeyboard"=C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3916555441-147088009-4003317088-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F08722BD-E523-4FBD-8F41-1FA194F4BE90}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{D7B2093C-7DFB-41AC-81D7-B1EDC4A8DF3A}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{82EBB8C6-5BF3-41F2-94C4-5BCD41A92D01}"= UDP:28960:COD4_TCP
"{ADDAAF3F-33A5-465F-8D03-E7ACE9FCA48A}"= TCP:28960:COD4_UDP
"TCP Query User{F6D7869B-6911-4BD3-8F5E-DBC241C5E937}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0B5A7BB1-E521-46C4-B86A-4CB3E53D3B5D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{B244E013-F621-45ED-98FD-EA7764F2A975}C:\\program files\\uusee\\uuseeplayer.exe"= UDP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"UDP Query User{FB279982-6EC5-4DCD-B6A3-53EC18DE6F5B}C:\\program files\\uusee\\uuseeplayer.exe"= TCP:C:\program files\uusee\uuseeplayer.exe:UUPlayer
"{2B93A11C-56DA-4483-A8A5-50072437D5FA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"{F41967D0-DEC9-4B75-AEB0-AA07DE54ED8B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) Multijoueur
"TCP Query User{800313B7-547D-4963-9461-05E16FA28C86}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{58ACDF31-DD0C-4BED-ABAC-D82AC57B95E9}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{75099DFC-9D68-4C0A-8213-619AFAEB7F3D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3A8FD7A7-4B8C-4042-912C-69F877862876}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{EF1F06A2-EBF1-4C9F-BDDB-E40D90FFF33B}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{D8C3AB0E-08C3-41A2-ABD8-88EEE7E72EB9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8802BA6C-EC33-4222-9B95-F56B2591ADE3}C:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{7F747BF1-ADDD-4DD3-92CD-6F96402389C9}C:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"TCP Query User{4696D59C-69D7-48B3-8AF9-E873BED46A1E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DCD6A7C8-37B9-49BA-AEA7-788FC623A934}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{35A99C0F-9132-4202-A016-A6177245E8B2}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{A67B40DD-7846-4A5A-B691-3F7D1A2FBAAA}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"TCP Query User{4A87CF7A-326E-4BC5-AB07-6CB7840747E2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4F368E62-3108-4854-AA32-FF688815198E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DABEF101-0727-4583-8B43-F9A32ED5F0F2}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{368A7545-2D3F-4853-85AF-BB466F721C70}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{FCE03C5B-C251-4F35-BF16-404EC184F56D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{B7E9086F-21F2-4BD7-9FEF-DD0B0BFCDF80}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{90239C22-3349-4BCE-A3A4-FF45A93A95F6}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{C700663D-C930-40DA-A865-5B8952500868}"= UDP:2350:Tm_TCP
"{9C11490A-33C1-4246-B8A1-252562FEDED7}"= TCP:2350:Tm_UDP
"{F5CDCEF3-3CC9-42FE-BE5A-4F45E6363E50}"= UDP:3450:tm2_TCP
"{358348B1-9436-497B-870D-8A8A1CBC8923}"= TCP:3450:Tm2_UDP
"TCP Query User{9CA74043-4999-4B13-B922-CD269617D0DA}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{CFDE6892-E88C-42C2-A060-7BA323231D95}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{DF049DD1-7D36-491F-A43C-79141736729F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2E770910-D8EC-480C-87CE-31E0E29043CB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-27 22:31]
S3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2008-03-27 21:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-27 01:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e7f872-fb5f-11dc-a425-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-03 11:03:19 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 13:12:10
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\awttRjHX.dll
.
Temps d'accomplissement: 2008-06-03 13:13:20
ComboFix-quarantined-files.txt 2008-06-03 11:13:16
ComboFix2.txt 2008-06-02 21:35:03

Pre-Run: 204,087,136,256 octets libres
Post-Run: 204,056,453,120 octets libres

295 --- E O F --- 2008-05-30 19:21:28



-------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:00, on 03/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awttRjHX.dll,#1

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...

___________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\awttRjHX.dll


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________


scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
___________________

encore des soucis??????????

File/Folder C:\Windows\system32\awttRjHX.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06032008_212830


----------------------


Malwarebytes' Anti-Malware 1.14
Version de la base de données: 818

21:54:32 03/06/2008
mbam-log-6-3-2008 (21-54-32).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 140122
Temps écoulé: 22 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\qoMfDWmK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\vturpOhg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGEJOL3E\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ4D66RO\css4[1] (Trojan.Vundo) -> Delete on reboot.
C:\Users\PIPPO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5JLZ4XV\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Temp\pmNfebbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\PIPPO\AppData\Local\Temp\wvUmmJcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkKETkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\qoMfDWmK.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\byXPIBUK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ljJDTmjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

vire ce qui est dans le dossier quarantine en allant dans poste de travail puis:

C:\QooBox\Quarantine


_____________

encore des soucis???????????????????????????