Trojans récurrents - Vundo
Dernière réponse : dans Le monde de Windows
Bonjour, comme de nombreux autres internautes de ce forum je pense avoir un cheval de troie récurrent sur mon PC.
Je chope sans cesse des trojan dans le dossier temp et avast me détecte un certain fichier en vundo.dll![:fou:]( ":fou:")
![:fou:]( ":fou:")
MON OS est vista sp2, j'ai avast comme antivirus, mon firewall est celui de windows et j'ai nettoyé l'ordi avec spybot (rien trouvé), bitdefender (rien trouvé) et avast qui m'a supprimé des trojans dans temp lors d'un scan au demarrage. Mais d'autre viennent de façon récurrente.
NB : J'ai désactivé le demarrage de deux virus au démarrage de windows (fabwurdt.dll et efcAQHWM.dll du dossier temp) avec msconfig.
Je suis en train de faire un scan ad-aware mais d'après d'autres sujets assez similaires ça ne sert à rein.
J'ai fait un hijackthis dont voici le log :
Logfile of HijackThis v1.99.1
Scan saved at 08:25:14, on 20/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Outils\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nicolas\AppData\Local\Temp\urqOHyxy.dll,#1
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
j'espère que vous trouverez l'origine du problème
Merci d'avance!!!
Je chope sans cesse des trojan dans le dossier temp et avast me détecte un certain fichier en vundo.dll
MON OS est vista sp2, j'ai avast comme antivirus, mon firewall est celui de windows et j'ai nettoyé l'ordi avec spybot (rien trouvé), bitdefender (rien trouvé) et avast qui m'a supprimé des trojans dans temp lors d'un scan au demarrage. Mais d'autre viennent de façon récurrente.
NB : J'ai désactivé le demarrage de deux virus au démarrage de windows (fabwurdt.dll et efcAQHWM.dll du dossier temp) avec msconfig.
Je suis en train de faire un scan ad-aware mais d'après d'autres sujets assez similaires ça ne sert à rein.
J'ai fait un hijackthis dont voici le log :
Logfile of HijackThis v1.99.1
Scan saved at 08:25:14, on 20/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Outils\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nicolas\AppData\Local\Temp\urqOHyxy.dll,#1
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
j'espère que vous trouverez l'origine du problème
Merci d'avance!!!
Autres pages sur : trojans recurrents vundo
Lassé par la pub ? Créez un compte
J'ai aussi fais un scan avec combofix. Cela pourra peut être vous aider à trouver l'origine du problème.
Voici le log :
ComboFix 08-05-19.4 - Nicolas 2008-05-20 9:37:02.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1210 [GMT 2:00]
Endroit: C:\Users\Nicolas\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.
2008-05-20 09:30 . 2008-05-20 09:30 <REP> d-------- C:\VundoFix Backups
2008-05-20 09:18 . 2008-05-20 09:18 247,914,031 --a------ C:\Windows\MEMORY.DMP
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\Users\Nicolas\AppData\Roaming\Uniblue
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\Users\All Users\Uniblue
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\ProgramData\Uniblue
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\Program Files\Uniblue
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-05-07 22:16 . 2008-05-07 22:16 <REP> dr-h----- C:\Users\Nicolas\AppData\Roaming\SecuROM
2008-05-07 22:01 . 2008-05-07 22:01 <REP> d--h----- C:\Users\Nicolas\InstallAnywhere
2008-05-07 22:01 . 2008-05-07 22:04 <REP> d--h----- C:\Program Files\Zero G Registry
2008-05-07 22:01 . 2008-05-07 22:01 <REP> d-------- C:\Program Files\Sports Interactive
2008-04-30 22:25 . 2008-04-30 22:25 <REP> d-------- C:\ppmaterecord
2008-04-25 23:43 . 2008-04-25 23:45 <REP> d-------- C:\Users\All Users\Lavasoft
2008-04-25 23:43 . 2008-04-25 23:45 <REP> d-------- C:\ProgramData\Lavasoft
2008-04-25 23:43 . 2008-04-25 23:43 <REP> d-------- C:\Program Files\Lavasoft
2008-04-25 23:42 . 2008-04-25 23:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 21:44 . 2008-04-25 21:46 <REP> d-------- C:\Users\Nicolas\AppData\Roaming\Lavasoft
2008-04-23 13:32 . 2008-04-23 13:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-21 00:09 . 2008-04-21 00:09 <REP> d-------- C:\PerfLogs
2008-04-20 23:49 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-20 23:48 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-04-20 23:47 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-20 23:46 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-20 23:46 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-20 23:46 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-20 23:45 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-20 23:45 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-20 23:45 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-20 23:45 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-20 23:45 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-20 23:45 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-20 23:44 . 2006-11-02 11:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-04-20 23:29 . 2008-04-20 23:30 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{0554b2e9-0d28-11dd-b343-001e4cdcf07c}.TMContainer00000000000000000002.regtrans-ms
2008-04-20 23:29 . 2008-05-20 09:36 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{0554b2e9-0d28-11dd-b343-001e4cdcf07c}.TMContainer00000000000000000001.regtrans-ms
2008-04-20 23:29 . 2008-05-20 09:36 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{0554b2e9-0d28-11dd-b343-001e4cdcf07c}.TM.blf
2008-04-20 19:56 . 2008-04-20 19:56 <REP> d-------- C:\Users\Nicolas\AppData\Roaming\PPMate
2008-04-20 19:56 . 2008-04-20 19:56 <REP> d-------- C:\Program Files\Common Files\Synacast
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 07:16 --------- d-----w C:\Users\Nicolas\AppData\Roaming\uTorrent
2008-05-18 06:43 --------- d-----w C:\Program Files\Google
2008-05-17 10:22 27,525 ----a-w C:\Users\Nicolas\AppData\Roaming\nvModes.dat
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 01:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 01:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-07 19:55 --------- d-----w C:\ProgramData\Dell
2008-05-04 18:45 --------- d-----w C:\Program Files\SopCast
2008-04-30 20:12 --------- d-----w C:\Users\Nicolas\AppData\Roaming\LimeWire
2008-04-20 22:19 --------- d-----w C:\ProgramData\NVIDIA
2008-04-20 22:17 174 --sha-w C:\Program Files\desktop.ini
2008-04-20 22:11 142,904 ----a-w C:\Windows\system32\drivers\sptddrv1.sys
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Journal
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Defender
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Calendar
2008-04-20 22:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-20 22:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-20 21:33 --------- d-----w C:\Program Files\QuickTime
2008-04-13 15:37 --------- d-----w C:\Program Files\Audacity
2008-04-12 15:29 --------- d-----w C:\Program Files\TVAnts
2008-04-11 20:29 --------- d-----w C:\Program Files\Winamp
2008-04-11 19:58 --------- d-----w C:\Program Files\Azureus
2008-04-08 17:58 --------- d-----w C:\Users\Nicolas\AppData\Roaming\Azureus
2008-04-07 21:38 --------- d-----w C:\Program Files\mp3DirectCut
2008-04-03 18:51 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-03-27 18:36 --------- d-----w C:\Users\Nicolas\AppData\Roaming\Winamp
2008-03-15 22:36 691,545 ----a-w C:\Windows\unins000.exe
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-01-29 13:12 0 ----a-w C:\Users\Nicolas\AppData\Roaming\wklnhst.dat
2008-01-22 15:57 76 --sh--r C:\Windows\CT4CET.bin
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 18:06 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 08:03 17920]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 07:58 36864]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 18:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 11:27 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 20:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 22:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 22:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 22:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 22:24 86016]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 19:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-22 17:55:37 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-22 17:54:47 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d409e052]
C:\Users\Nicolas\AppData\Local\Temp\fabwurdt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\Nicolas\AppData\Local\Temp\efcAQHWM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-809873449-2232672630-3900442886-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B37F90D5-D129-4CC8-92B0-03A15F20426A}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{A6C0CE18-2167-428C-A237-12C88FDC0DF4}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{12B5307C-8939-452A-8318-82D9ACDD2357}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{AB6D3652-5060-4485-AFDC-7AA8363A49AA}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{5467652E-3956-4BA7-AB91-A54B447D7B16}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{56B6298E-689C-4169-9FBC-62D324EA1153}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{43C862B1-817F-4E24-B2E2-9745835AFFF6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6DAFC24D-C1D3-4FE5-B66B-EC315568CA17}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{FE240497-6144-4B19-A65C-CF81E4F9A839}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7502D5DC-F5A7-4813-BF96-BEEE4D8C0827}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{AAFB4D8A-D195-475B-92C2-53FD2212903A}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{D90F5502-A897-4CC4-8E8E-62595B6BA4F1}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{A99FE7AD-E934-4CB0-B0FA-9648D1786314}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= UDP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"UDP Query User{0BDE7FFB-F0B2-4A68-ACE1-769A1679D11B}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= TCP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"TCP Query User{08562797-4130-4852-AED7-46C8C2571F28}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{E71D87F3-AFF9-467D-8EA8-070359EA1BD8}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{71849C39-D558-4434-AF3B-4DC9168880C9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8B0C8D97-CBD7-47D1-9FB8-BE2ECDFE1966}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DF50BBA5-75F0-4E19-84D1-BAC2717F9C8C}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{46AF4FDC-C3DC-4E87-8EA9-E2796D9CC83F}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{821A58F6-965D-4655-88D0-561F10739FC1}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{76354CC0-35E4-43D9-A0CF-7C615B14DAF9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9A03A50F-750B-4626-804C-5C656C590310}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{E224E1AD-3ACE-46F0-9533-E82EB92996DE}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{74C067AE-9C8F-4AAE-8215-14AAFB586AEF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8C1B92B0-B71A-4C9D-9D37-5BE0D953DBEB}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{63142F41-7B86-48C5-BD08-DF54A19B22E2}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{E879DF94-D707-4BBA-BA17-B6D44E57041D}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{3800835F-A7B1-46C7-8128-E79FE904F127}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D1C2BF93-D2E5-4237-9A69-8DFEA6745AFC}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{E2440481-4707-4261-862C-FCC0A3A13537}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{904B654D-09B8-4469-A9F3-2DB05CA332E7}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{81AF085D-758E-49EA-964F-664FA719040A}C:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= UDP:C:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:Chem3D Pro 11.0.1
"UDP Query User{55D95DFE-99C8-4F27-836D-87B7991645A7}C:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= TCP:C:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:Chem3D Pro 11.0.1
"TCP Query User{77AAFABA-76C3-4CD5-B887-FE7376F1E1C0}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= UDP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"UDP Query User{42863E3A-D1AE-4FE6-B2DA-9FA31ED692DE}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= TCP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"TCP Query User{53827ACE-136E-4236-BFB9-922090CC284A}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{DBC994DB-4EC0-4A88-B2D0-5E45DB1660C9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{A370BDFC-3543-42A7-93A7-2AEFA188B8D6}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{4305AE76-17B6-4062-A5FA-8B65CCAA5EA7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{83503ACE-51D3-44AD-B66C-CCA935FCCBFF}C:\\users\\nicolas\\desktop\\worms.4.mayhem.multi\\worms 4 mayhem.exe"= Disabled:UDP:C:\users\nicolas\desktop\worms.4.mayhem.multi\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{8308C8B6-673B-4BE2-BC77-E7F84DB3CAE2}C:\\users\\nicolas\\desktop\\worms.4.mayhem.multi\\worms 4 mayhem.exe"= Disabled:TCP:C:\users\nicolas\desktop\worms.4.mayhem.multi\worms 4 mayhem.exe:worms 4 mayhem.exe
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 23:25]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 11:23]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 02:39]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 07:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 07:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04454ad5-00e1-11dd-89df-001c23b5099c}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cc2675e-e5f9-11dc-8b31-001e4cdcf07c}]
\shell\Auto\command - boot.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-20 05:14:25 C:\Windows\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-19 21:23:03 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-20 02:24:26 C:\Windows\Tasks\User_Feed_Synchronization-{FAF1B524-7F74-41F8-9405-4DD758AA4FDD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 09:39:39
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 9:40:38
ComboFix-quarantined-files.txt 2008-05-20 07:40:16
Pre-Run: 20,653,256,704 octets libres
Post-Run: 20,623,716,352 octets libres
235 --- E O F --- 2008-05-16 01:01:42
Voici le log :
ComboFix 08-05-19.4 - Nicolas 2008-05-20 9:37:02.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1210 [GMT 2:00]
Endroit: C:\Users\Nicolas\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.
2008-05-20 09:30 . 2008-05-20 09:30 <REP> d-------- C:\VundoFix Backups
2008-05-20 09:18 . 2008-05-20 09:18 247,914,031 --a------ C:\Windows\MEMORY.DMP
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\Users\Nicolas\AppData\Roaming\Uniblue
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\Users\All Users\Uniblue
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\ProgramData\Uniblue
2008-05-19 23:15 . 2008-05-19 23:15 <REP> d-------- C:\Program Files\Uniblue
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-05-07 22:16 . 2008-05-07 22:16 <REP> dr-h----- C:\Users\Nicolas\AppData\Roaming\SecuROM
2008-05-07 22:01 . 2008-05-07 22:01 <REP> d--h----- C:\Users\Nicolas\InstallAnywhere
2008-05-07 22:01 . 2008-05-07 22:04 <REP> d--h----- C:\Program Files\Zero G Registry
2008-05-07 22:01 . 2008-05-07 22:01 <REP> d-------- C:\Program Files\Sports Interactive
2008-04-30 22:25 . 2008-04-30 22:25 <REP> d-------- C:\ppmaterecord
2008-04-25 23:43 . 2008-04-25 23:45 <REP> d-------- C:\Users\All Users\Lavasoft
2008-04-25 23:43 . 2008-04-25 23:45 <REP> d-------- C:\ProgramData\Lavasoft
2008-04-25 23:43 . 2008-04-25 23:43 <REP> d-------- C:\Program Files\Lavasoft
2008-04-25 23:42 . 2008-04-25 23:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 21:44 . 2008-04-25 21:46 <REP> d-------- C:\Users\Nicolas\AppData\Roaming\Lavasoft
2008-04-23 13:32 . 2008-04-23 13:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-21 00:09 . 2008-04-21 00:09 <REP> d-------- C:\PerfLogs
2008-04-20 23:49 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-20 23:48 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-04-20 23:47 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-20 23:46 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-20 23:46 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-20 23:46 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-20 23:45 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-20 23:45 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-20 23:45 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-20 23:45 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-20 23:45 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-20 23:45 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-20 23:44 . 2006-11-02 11:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-04-20 23:29 . 2008-04-20 23:30 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{0554b2e9-0d28-11dd-b343-001e4cdcf07c}.TMContainer00000000000000000002.regtrans-ms
2008-04-20 23:29 . 2008-05-20 09:36 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{0554b2e9-0d28-11dd-b343-001e4cdcf07c}.TMContainer00000000000000000001.regtrans-ms
2008-04-20 23:29 . 2008-05-20 09:36 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{0554b2e9-0d28-11dd-b343-001e4cdcf07c}.TM.blf
2008-04-20 19:56 . 2008-04-20 19:56 <REP> d-------- C:\Users\Nicolas\AppData\Roaming\PPMate
2008-04-20 19:56 . 2008-04-20 19:56 <REP> d-------- C:\Program Files\Common Files\Synacast
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 07:16 --------- d-----w C:\Users\Nicolas\AppData\Roaming\uTorrent
2008-05-18 06:43 --------- d-----w C:\Program Files\Google
2008-05-17 10:22 27,525 ----a-w C:\Users\Nicolas\AppData\Roaming\nvModes.dat
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 01:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 01:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-07 19:55 --------- d-----w C:\ProgramData\Dell
2008-05-04 18:45 --------- d-----w C:\Program Files\SopCast
2008-04-30 20:12 --------- d-----w C:\Users\Nicolas\AppData\Roaming\LimeWire
2008-04-20 22:19 --------- d-----w C:\ProgramData\NVIDIA
2008-04-20 22:17 174 --sha-w C:\Program Files\desktop.ini
2008-04-20 22:11 142,904 ----a-w C:\Windows\system32\drivers\sptddrv1.sys
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Journal
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Defender
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-20 22:10 --------- d-----w C:\Program Files\Windows Calendar
2008-04-20 22:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-20 22:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-20 21:33 --------- d-----w C:\Program Files\QuickTime
2008-04-13 15:37 --------- d-----w C:\Program Files\Audacity
2008-04-12 15:29 --------- d-----w C:\Program Files\TVAnts
2008-04-11 20:29 --------- d-----w C:\Program Files\Winamp
2008-04-11 19:58 --------- d-----w C:\Program Files\Azureus
2008-04-08 17:58 --------- d-----w C:\Users\Nicolas\AppData\Roaming\Azureus
2008-04-07 21:38 --------- d-----w C:\Program Files\mp3DirectCut
2008-04-03 18:51 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-03-27 18:36 --------- d-----w C:\Users\Nicolas\AppData\Roaming\Winamp
2008-03-15 22:36 691,545 ----a-w C:\Windows\unins000.exe
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-01-29 13:12 0 ----a-w C:\Users\Nicolas\AppData\Roaming\wklnhst.dat
2008-01-22 15:57 76 --sh--r C:\Windows\CT4CET.bin
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 18:06 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 08:03 17920]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 07:58 36864]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 18:43 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 11:27 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 20:23 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 22:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 22:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 22:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 22:24 86016]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 19:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-22 17:55:37 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-22 17:54:47 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d409e052]
C:\Users\Nicolas\AppData\Local\Temp\fabwurdt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\Nicolas\AppData\Local\Temp\efcAQHWM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-809873449-2232672630-3900442886-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B37F90D5-D129-4CC8-92B0-03A15F20426A}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{A6C0CE18-2167-428C-A237-12C88FDC0DF4}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{12B5307C-8939-452A-8318-82D9ACDD2357}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{AB6D3652-5060-4485-AFDC-7AA8363A49AA}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{5467652E-3956-4BA7-AB91-A54B447D7B16}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{56B6298E-689C-4169-9FBC-62D324EA1153}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{43C862B1-817F-4E24-B2E2-9745835AFFF6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6DAFC24D-C1D3-4FE5-B66B-EC315568CA17}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{FE240497-6144-4B19-A65C-CF81E4F9A839}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7502D5DC-F5A7-4813-BF96-BEEE4D8C0827}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{AAFB4D8A-D195-475B-92C2-53FD2212903A}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{D90F5502-A897-4CC4-8E8E-62595B6BA4F1}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{A99FE7AD-E934-4CB0-B0FA-9648D1786314}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= UDP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"UDP Query User{0BDE7FFB-F0B2-4A68-ACE1-769A1679D11B}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= TCP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"TCP Query User{08562797-4130-4852-AED7-46C8C2571F28}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{E71D87F3-AFF9-467D-8EA8-070359EA1BD8}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{71849C39-D558-4434-AF3B-4DC9168880C9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8B0C8D97-CBD7-47D1-9FB8-BE2ECDFE1966}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DF50BBA5-75F0-4E19-84D1-BAC2717F9C8C}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{46AF4FDC-C3DC-4E87-8EA9-E2796D9CC83F}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{821A58F6-965D-4655-88D0-561F10739FC1}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{76354CC0-35E4-43D9-A0CF-7C615B14DAF9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9A03A50F-750B-4626-804C-5C656C590310}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{E224E1AD-3ACE-46F0-9533-E82EB92996DE}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{74C067AE-9C8F-4AAE-8215-14AAFB586AEF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8C1B92B0-B71A-4C9D-9D37-5BE0D953DBEB}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{63142F41-7B86-48C5-BD08-DF54A19B22E2}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{E879DF94-D707-4BBA-BA17-B6D44E57041D}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{3800835F-A7B1-46C7-8128-E79FE904F127}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D1C2BF93-D2E5-4237-9A69-8DFEA6745AFC}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{E2440481-4707-4261-862C-FCC0A3A13537}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{904B654D-09B8-4469-A9F3-2DB05CA332E7}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{81AF085D-758E-49EA-964F-664FA719040A}C:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= UDP:C:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:Chem3D Pro 11.0.1
"UDP Query User{55D95DFE-99C8-4F27-836D-87B7991645A7}C:\\program files\\cambridgesoft\\chemoffice2008\\chem3d\\chem3d.exe"= TCP:C:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe:Chem3D Pro 11.0.1
"TCP Query User{77AAFABA-76C3-4CD5-B887-FE7376F1E1C0}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= UDP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"UDP Query User{42863E3A-D1AE-4FE6-B2DA-9FA31ED692DE}C:\\program files\\cambridgesoft\\chemoffice2008\\chemdraw\\chemdraw.exe"= TCP:C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe:ChemDraw Ultra 11.0.1
"TCP Query User{53827ACE-136E-4236-BFB9-922090CC284A}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{DBC994DB-4EC0-4A88-B2D0-5E45DB1660C9}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{A370BDFC-3543-42A7-93A7-2AEFA188B8D6}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{4305AE76-17B6-4062-A5FA-8B65CCAA5EA7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{83503ACE-51D3-44AD-B66C-CCA935FCCBFF}C:\\users\\nicolas\\desktop\\worms.4.mayhem.multi\\worms 4 mayhem.exe"= Disabled:UDP:C:\users\nicolas\desktop\worms.4.mayhem.multi\worms 4 mayhem.exe:worms 4 mayhem.exe
"UDP Query User{8308C8B6-673B-4BE2-BC77-E7F84DB3CAE2}C:\\users\\nicolas\\desktop\\worms.4.mayhem.multi\\worms 4 mayhem.exe"= Disabled:TCP:C:\users\nicolas\desktop\worms.4.mayhem.multi\worms 4 mayhem.exe:worms 4 mayhem.exe
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 23:25]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 11:23]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 02:39]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 07:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 07:59]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04454ad5-00e1-11dd-89df-001c23b5099c}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cc2675e-e5f9-11dc-8b31-001e4cdcf07c}]
\shell\Auto\command - boot.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-20 05:14:25 C:\Windows\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-19 21:23:03 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-20 02:24:26 C:\Windows\Tasks\User_Feed_Synchronization-{FAF1B524-7F74-41F8-9405-4DD758AA4FDD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 09:39:39
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 9:40:38
ComboFix-quarantined-files.txt 2008-05-20 07:40:16
Pre-Run: 20,653,256,704 octets libres
Post-Run: 20,623,716,352 octets libres
235 --- E O F --- 2008-05-16 01:01:42
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
j'ai effectué ce que vous avez dit et le logiciel à effectivement détecté et supprimé un malware.
Voici le rapport de MalwareByte's Anti-Malware
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 768
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 164606
Temps écoulé: 30 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Merci beaucoup pour cette aide.
Heureuseument qu'il y a des personnes comme toi pour aider les internautes qui ne s'y connaissent pas trop.
Voici le rapport de MalwareByte's Anti-Malware
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 768
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 164606
Temps écoulé: 30 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Merci beaucoup pour cette aide.
Heureuseument qu'il y a des personnes comme toi pour aider les internautes qui ne s'y connaissent pas trop.
Lassé par la pub ? Créez un compte
- Contenus similaires :
