Infection par cheval de troie vundo.k

slt et merci a toi verni29 pour ton aide
j ai suivi s que tu m as dit mais MalwareBytes ne detecte aucun trojan vundo ou infection et quand de moi mm j fait une analyse avec avg aussi il me detecte rien mais quand il fait son analyse programmé la il detecte 2 trojan vundo
de plus j arrive pas a supprimer avg peut etre sa viens de lui.....??
que puis je faire?
merci encore a toi verni29
a+

slt et merci a toi verni29 pour ton aide
j ai suivi s que tu m as dit mais MalwareBytes ne detecte aucun trojan vundo ou infection et quand de moi mm j fait une analyse avec avg aussi il me detecte rien mais quand il fait son analyse programmé la il detecte 2 trojan vundo
de plus j arrive pas a supprimer avg peut etre sa viens de lui.....??
que puis je faire?
merci encore a toi verni29
a+

Merci pour l'info, DIID ( c'est ce que je pensais faire , malwatreBytes n'ayant rien trouvé ).

On termine ToolBar.il n'y a plus que l'option 2 à passer.
On passera ComBoFix après, si tu le veux bien.
Pour ma part, je préfére passer ComBoFix en mode sans échec ( plus efficace ).

Tu peux suivre le sujet. Aucun problème.

voici le rapport de toolbar S&D:

-----------\\ ToolBar S&D 1.0.6 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Siemens ] [ "D:\Toolbar SD" ] [ Selection : 2 ]
[ 19/07/2008 | 20:41:17,20 ] [ PC : ADMIN-BDADE051B ]
[ MAJ : 18-07-2008 | 20:45 ]

-----------\\ SUPPRESSION

Supprime! - D:\Program Files\Dealio\kb127
Supprime! - D:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - D:\DOCUME~1\Siemens\APPLIC~1\Search Settings\kb127
Supprime! - D:\Program Files\Search Settings\kb127
Supprime! - D:\Program Files\Search Settings\SearchSettings.exe
Supprime! - D:\Program Files\Dealio
Supprime! - D:\DOCUME~1\Siemens\APPLIC~1\Search Settings
Supprime! - D:\Program Files\Search Settings
Supprime! - D:\DOCUME~1\Siemens\APPLIC~1\Mozilla\Firefox\Profiles\default.d2e\EXTENS~1\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="D:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


-----------\\ Fin du rapport a 20:41:59,68

et celui de hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:30, on 19/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
D:\WINDOWS\sm56hlpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\S3trayp.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EF5B16D-C8C1-4C34-90F0-FDED33D51F38} - (no file)
O2 - BHO: (no name) - {2761DDB0-645A-4977-9CB9-2D1A06B15DA5} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C16BEC13-5DC9-48B0-806D-BCE6832A3784} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HDAudDeck] D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] D:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMffFXr - D:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)

OK, fais le en mode sans échec.

Tu copies ComBoFix.exe de mes documents vers le bureau.

Le mode sous Windows (Lol ) , c'est sous ta session windows tout simplement.

A+ avec le rapport de ComBofix.

voici les deux rapport demandé combofix suivie de hijackthis

ComboFix 08-07-18.5 - Siemens 2008-07-19 22:28:43.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.610 [GMT 2:00]
Endroit: D:\Documents and Settings\Siemens\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\Siemens\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))))))
.

2008-07-19 20:05 . 2008-07-19 20:05 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avg8
2008-07-19 19:55 . 2008-07-19 20:41 <REP> d-------- D:\Toolbar SD
2008-07-18 23:14 . 2008-07-18 23:14 <REP> d-------- D:\Program Files\Trend Micro
2008-07-18 22:59 . 2008-07-18 22:59 <REP> d-------- D:\Program Files\Yahoo!
2008-07-18 22:51 . 2008-07-18 22:52 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-07-18 22:51 . 2008-07-07 17:35 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-18 22:51 . 2008-07-07 17:35 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-07-14 14:22 . 2008-07-14 14:22 <REP> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-13 21:05 . 2008-07-13 21:05 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-13 21:03 . 2008-04-11 20:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-13 21:03 . 2008-04-11 20:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-13 21:03 . 2008-04-11 19:04 <REP> d--h----- D:\Documents and Settings\Administrateur\Modèles
2008-07-13 21:03 . 2008-04-11 20:55 <REP> d-------- D:\Documents and Settings\Administrateur\Mes documents
2008-07-13 21:03 . 2008-04-11 20:55 <REP> dr------- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-13 21:03 . 2008-04-11 20:55 <REP> d-------- D:\Documents and Settings\Administrateur\Favoris
2008-07-13 21:03 . 2008-04-11 19:14 <REP> d-------- D:\Documents and Settings\Administrateur\Bureau
2008-07-13 21:03 . 2008-07-13 21:03 <REP> d-------- D:\Documents and Settings\Administrateur
2008-07-13 20:07 . 2008-07-19 20:30 <REP> d-------- D:\Program Files\Fichiers communs\Symantec Shared
2008-07-13 20:07 . 2008-07-19 20:30 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2008-07-13 19:42 . 2008-07-13 19:42 <REP> d-------- D:\VundoFix Backups
2008-07-13 19:33 . 2008-07-13 19:33 <REP> d-------- D:\Documents and Settings\Siemens\Application Data\Malwarebytes
2008-07-13 19:33 . 2008-07-13 19:33 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 13:15 . 2008-07-17 19:53 <REP> d-------- D:\Program Files\a-squared Free
2008-07-06 12:54 . 2008-07-17 19:52 <REP> d-------- D:\Program Files\Anti Trojan Elite
2008-07-05 18:56 . 2008-07-05 18:56 <REP> d-------- D:\Program Files\AVG
2008-07-05 18:06 . 2008-07-05 18:06 8,627 --a------ D:\WINDOWS\system32\PAV_FOG.OPC
2008-07-05 18:01 . 2008-07-05 18:01 <REP> d-------- D:\Documents and Settings\All Users\Application Data\sentinel
2008-07-05 17:56 . 2008-07-05 17:56 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Backup
2008-07-05 17:56 . 2008-07-05 17:56 5,884 --a------ D:\WINDOWS\system32\drivers\net_m32.PNF
2008-07-05 17:52 . 2008-07-05 18:41 <REP> d-------- D:\Program Files\Fichiers communs\Panda Software
2008-06-22 09:31 . 2008-06-22 09:31 268 --ah----- D:\sqmdata02.sqm
2008-06-22 09:31 . 2008-06-22 09:31 244 --ah----- D:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2062-12-31 22:00 61,440 ----a-w D:\WINDOWS\system32\vuins32.dll
2062-12-31 22:00 42,496 ----a-w D:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-07-19 20:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-19 17:21 --------- d-----w D:\Program Files\Azureus
2008-07-19 17:21 --------- d-----w D:\Documents and Settings\Siemens\Application Data\Azureus
2008-07-16 03:20 --------- d-----w D:\Program Files\Free Easy Burner
2008-07-14 12:08 --------- d-----w D:\Program Files\eMule
2008-07-10 16:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-05 16:41 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-07-05 15:56 20,376 ----a-w D:\WINDOWS\system32\drivers\INFCACHE.1
2008-06-20 17:41 247,808 ----a-w D:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w D:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w D:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 17:45 --------- d-----w D:\Documents and Settings\Siemens\Application Data\AdobeUM
2008-06-09 14:10 --------- d-----w D:\Documents and Settings\Siemens\Application Data\FileZilla
2008-06-09 14:08 --------- d-----w D:\Program Files\Google
2008-06-09 13:15 --------- d-----w D:\Program Files\SUPERAntiSpyware
2008-06-04 18:05 --------- d-----w D:\Program Files\AML Products
2008-05-20 15:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth
2008-05-20 15:11 --------- d-----w D:\Program Files\IVT Corporation
2008-05-07 05:15 1,293,824 ----a-w D:\WINDOWS\system32\quartz.dll
2008-05-06 06:01 45,056 ----a-w D:\WINDOWS\system32\WNASPI32.DLL
2008-04-23 04:16 826,368 ----a-w D:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_21.21.50.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-15 23:24:43 1,152,888 ----a-w D:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:12:36 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:13:26 26,944 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:16:06 20,560 ----a-w D:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w D:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-05-15 23:18:33 94,416 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:15:29 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w D:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:14:11 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-07-19 19:43:22 16,384 ----atw D:\WINDOWS\temp\Perflib_Perfdata_708.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"TuneUp MemOptimizer"="D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 00:10 313352]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-09 15:16 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HDAudDeck"="D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 13:56 720896]
"SMSERIAL"="D:\WINDOWS\sm56hlpr.exe" [2006-04-05 17:36 565248]
"SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 18:56 794714]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [BU]
"VTTimer"="VTTimer.exe" [2006-08-03 14:53 53248 D:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-11 02:33 176128 D:\WINDOWS\system32\S3Trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-22 21:30 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Extension de thème;D:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 S3GIGP;S3GIGP;D:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 10:43]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;D:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-07-03 16:11]
S3 ATE_PROCMON;ATE_PROCMON;D:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 ovt530;Webcam Deluxe;D:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-18 15:15:42 D:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-19 20:26:31 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 22:29:30
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-19 22:30:27
ComboFix-quarantined-files.txt 2008-07-19 20:30:18
ComboFix2.txt 2008-07-19 19:54:36
ComboFix3.txt 2008-07-19 19:31:16
ComboFix4.txt 2008-07-19 19:03:45
ComboFix5.txt 2008-07-19 20:28:16

Pre-Run: 31,663,124,480 octets libres
Post-Run: 31,656,906,752 octets libres

157 --- E O F --- 2008-07-14 12:22:43

__________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:08, on 19/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
D:\WINDOWS\sm56hlpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\S3trayp.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HDAudDeck] D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] D:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMffFXr - D:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)

salut et merci mais franchement j suis d accord avec verni29 de plus si m reste a faire tout s que tu m as dit alors j prefere formater c est moins compliqué
bref merci kan mm a toi
bye

slt comment vas tu?
ta pas recu mon resultats d analyse de kaspersky hier soir??
A+

OK, message bien reçu.
Les trois fichiers infectés sont dans les sauvegardes des points de restauration.
On s'en occupe à la fin.