Trojan Vundo détécté par McAfee

lycandar · Message par **lycandar** » 07 avr. 2008, 19:45

Bonsoir , j'ai un pti problème... Mon anti-virus (McAfee) detecte un trojan nommé Vundo sur mon pc.

Apparement la clé de registre MSServeur y est lié dans HKLM/.../run , et évidement quand je la supprime elle revient... voila la valeur de cette clé => rundll32.exe C:\Windows\system32\nnnnNFyW.dll,#1

Nota : la dll change de nom a chaque démarrage , McAffe l'a deja supprimer suite a un scan anti virus , seulement elle revient aussi evidement... (sous un autre nom encore une fois).

Si quelqu'un pouvais m'aider ce serait vraiment sympa :'(

voici le rapport de OAD:

07/04/2008 ---- 19:42:48,17

----------------------------------
§§§§§§ [nawrimpk] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

***************************************************************

Voici le rapport de HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:34, on 07/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\LaunchPad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\conime.exe
C:\Users\Julien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&clie ... bd=6080226
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnnNFyW.dll,#1
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1523829881-3507361307-3335080311-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9802 bytes

Message par **nardino** » 07 avr. 2008, 21:21

Bonsoir.

Télécharge VundoFix de Atribune :
http://www.atribune.org/ccount/click.php?id=4
Lien de secours
http://www.clubic.com/telecharger-fiche ... dofix.html

Clic droit sur Vundofix.exe et Exécuter en tant qu'administrateur.
Quand il est rouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse.

Tu y joindras un nouveau rapport Hijackthis fait en mode normal.

@+

lycandar · Message par **lycandar** » 07 avr. 2008, 22:21

Merci d'avoir répondu si rapidement !

comme je me suis longuement renseigné avant de venir vous embeter avec mon probleme, j'ai pu testé (sur conseil de je ne sais plus quel site).
Cela date d'hiere soir donc c'est tout frais. Il ne m'a rien détécté, pourtant McAfee l'identifie bien comme le trojan Vundo

Je relance un scan de VundoFix de suite et j'envoi le rapport ! (on ne sais jamais =) )

ps : Par contre il m'est impossible de cocher l'option pour lancer le programme en tant qu'administrateur. Je ne sais pas pour quelle raison mais la fonction est grisée.

Edit : Voila , Cette fois-ci VundoFix a trouvé quelque chose a supprimer : / La preuve, le rapport d'hier soir y est aussi... J'ai du mal a comprendre.

Voila le rapport de VundoFix (tout les rapports) :

VundoFix V7.0.3

Scan started at 00:47:58 07/04/2008

Listing files found while scanning....

Beginning removal...

VundoFix V7.0.3

Scan started at 00:50:32 07/04/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V7.0.3

Scan started at 22:14:37 07/04/2008

Listing files found while scanning....

C:\Windows\System32\byXOeFVO.dll
C:\Windows\System32\OVFeOXyb.ini
C:\Windows\System32\OVFeOXyb.ini2

Beginning removal...

Attempting to delete C:\Windows\System32\byXOeFVO.dll
C:\Windows\System32\byXOeFVO.dll Has been deleted!

Attempting to delete C:\Windows\System32\OVFeOXyb.ini
C:\Windows\System32\OVFeOXyb.ini Has been deleted!

Attempting to delete C:\Windows\System32\OVFeOXyb.ini2
C:\Windows\System32\OVFeOXyb.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Et le nouveau rapport de HiJackThis pour terminer :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:37, on 07/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\LaunchPad.exe
C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\U3Action.exe
L:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\FirefoxForU3Start.exe
L:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\firefox.exe
C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe
C:\Users\Julien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&clie ... bd=6080226
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {539DADB4-2E07-494F-A531-6A2AA8B77B6E} - C:\Windows\system32\byXOeFVO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\Windows\system32\nnnnNFyW.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BM891b777e] Rundll32.exe "C:\Windows\system32\disebqib.dll",s
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1523829881-3507361307-3335080311-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 11068 bytes

En tout cas , McAfee ne me lance plus de messages d'alerte !
Un grand merci !!!

Enfin j'attend tout de meme que vous me confirmié tout cela =)

Sinon j'ai une derniere petite question :
McAfee était installé par defaut sur le pc.
J'avais un essai de 1 mois qui se termine aujourd'hui.
cet anti-virus est-il convenable ou vaudrait il mieu que je me tourne vers un autre ?
(Sachant qu'il marque un point a mes yeux ,vu qu'il a bloqué de suite Vundo :p)

Message par **nardino** » 07 avr. 2008, 23:28

Bonsoir.
Tous les outils doivent être exécutés avec élévation des privilèges.

1°- Dans Démarrer tape services.msc Entrée et Continuer

Recherche et arrête celui-ci

SessionLauncher

Puis tu lances Hijackthis, Open the misc tools section, Delete an NT service, tu colles SessionLauncher et tu valides par OK sans tenir compte de l'avertissement.

2°- Lance Hijackthis par Do a system scan only, sans autre application lancée.
Coche les lignes suivantes :

O2 - BHO: (no name) - {539DADB4-2E07-494F-A531-6A2AA8B77B6E} - C:\Windows\system32\byXOeFVO.dll (file missing)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\Windows\system32\nnnnNFyW.dll (file missing)
O4 - HKLM\..\Run: [BM891b777e] Rundll32.exe "C:\Windows\system32\disebqib.dll",s

Clique sur Fix checked et referme le programme.

3°- Télécharge OTMoveIt2 :
http://download.bleepingcomputer.com/ol ... oveIt2.exe
Sur ton bureau. Important.

Lance OtMoveIt, il ne nécessite pas d'installation.

Tu inscris (ou tu colles) le chemin du fichier/dossier à supprimer (C'est à dire ce qui suit)dans la fenêtre de gauche, cadre du haut , en-tête bleu
(Paste Standard List of Files/Folders to Move) et tu cliques sur MoveIt! (en rouge).
(La case Unregister Dll's and OCX's doit être cochée.)

C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\LaunchPad.exe
C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\U3Action.exe
C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe
C:\Users\ADMINISTRATEUR\AppData\Local\Temp\DX9\SessionLauncher.exe
C:\Windows\system32\disebqib.dll

Le résultat apparaitra dans le cadre Results à droite.
Clique sur Exit pour fermer.
Un rapport sera enregistré dans C:\\_OTMoveIt\MovedFiles.(xxxxxxxx_xxxxxx.log)
Les x sont des chiffres qui correspondent à la date et l'heure du scan.

4°- Poste le rapport OtMoveIt, un nouveau Hijackthis et des nouvelles.

Pour l'antivirus, veux-tu un payant ou un gratuit ?
@+

lycandar · Message par **lycandar** » 08 avr. 2008, 17:59

Alors voici le rapport de OTMoveIt:

File/Folder C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\LaunchPad.exe not found.
File/Folder C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\U3Action.exe not found.
File/Folder C:\Users\Julien\AppData\Roaming\U3\0000185194717D3E\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\AvastU3.exe not found.
File/Folder C:\Users\ADMINISTRATEUR\AppData\Local\Temp\DX9\SessionLauncher.exe not found.
DllUnregisterServer procedure not found in C:\Windows\system32\disebqib.dll
C:\Windows\system32\disebqib.dll NOT unregistered.
C:\Windows\system32\disebqib.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_175131

Et enfin celui de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:30, on 08/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Julien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&clie ... bd=6080226
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BM891b777e] Rundll32.exe "C:\Windows\system32\disebqib.dll",s
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1523829881-3507361307-3335080311-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 10530 bytes

Pour l'anti virus , qu'importe qu'il soit payant a vrai dire , le principale c'est qu'il soit performant . M'enfin si il en existe des performant et non-payant je dis pas :p

J'ai entendu parler de antivir par example, Est-il performant ?

En tout cas un grand merci pour m'avoir secourut !
C'est vraiment tres sympa de votre part.

En attente du verdict final , mes salutations !

Message par **nardino** » 08 avr. 2008, 20:59

Bonsoir.

Pour l'antivirus, Antivir est très bon, seulement en anglais pour le moment ou en allemand si tu maitrises cette langue.
La seule précaution à prendre avec la version gratuite qui ne contrôle pas les gestionnaires de messagerie est d'enregistrer les pièces jointes avant de les ouvrir.
Dans ce cas la protection s'exercera.
Pour ton Vundo, il semble encore présent.
Voici une autre manip.
Télécharge VirtumondoBegone :
http://secured2k.home.comcast.net/tools ... BeGone.exe

Redémarre en mode sans échec et lance VirtumundoBeGone.exe.
Et poste le rapport.
Ainsi qu'un nouveau Hijackthis en mode normal après redémarrage.
@+

lycandar · Message par **lycandar** » 09 avr. 2008, 17:38

Je ne le dirais jamais assez ... : encore merci de répondre a mon appel a l'aide

Voila le rapport de Virtumundobegone [mode sans echec] :

[04/09/2008, 17:25:49] - VirtumundoBeGone v1.5 ( "C:\Users\Julien\Desktop\VirtumundoBeGone.exe" )
[04/09/2008, 17:26:02] - Detected System Information:
[04/09/2008, 17:26:02] - Windows Version: 6.0.6000,
[04/09/2008, 17:26:02] - Current Username: Julien (Admin)
[04/09/2008, 17:26:02] - Windows is in SAFE mode with Networking.
[04/09/2008, 17:26:02] - Searching for Browser Helper Objects:
[04/09/2008, 17:26:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[04/09/2008, 17:26:02] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/09/2008, 17:26:02] - BHO 3: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[04/09/2008, 17:26:02] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/09/2008, 17:26:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/09/2008, 17:26:02] - No filename found. Continuing.
[04/09/2008, 17:26:02] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/09/2008, 17:26:02] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/09/2008, 17:26:02] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/09/2008, 17:26:02] - BHO 8: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[04/09/2008, 17:26:02] - Finished Searching Browser Helper Objects
[04/09/2008, 17:26:02] - Finishing up...
[04/09/2008, 17:26:02] - Nothing found! Exiting...

Et le HiJackThis [mode normal]:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:47, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Julien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&clie ... bd=6080226
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BM891b777e] Rundll32.exe "C:\Windows\system32\disebqib.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1523829881-3507361307-3335080311-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 10521 bytes

Sinon depuis l'avant derniere manip , j'ai une dll manquante apparement : disebqib.dll
ce qui genere un petit message d'erreur au démarrage , est-ce lié a Vundo ?

Merci pour l'info de antivir , je vais surement penché pour cette antivirus, l'anglais n'étant pas vraiment un facteur négatif =)

Merci d'avance !

Message par **nardino** » 09 avr. 2008, 18:09

Bonsoir,
Vundo est toujours là.
C'est bien lui qui provoque cette alerte.
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sur ton bureau. IMPERATIF

Ferme toutes les fenêtres
Clique droit sur ComboFix.exe (ne clique pas sur la fenêtre qui s'ouvre) et Exécuter en tant qu'administrateur
Appuie sur Y pour lancer le scan
Il y aura un redémarrage assez lent, ne t'en inquiète pas.
A la fin du scan (cela peut prendre du temps), un rapport sera créé.
Poste ce rapport dans ton prochain message.

@+

lycandar · Message par **lycandar** » 09 avr. 2008, 19:38

Voila le rapport en question :

ComboFix 08-04-08.10 - Julien 2008-04-09 19:20:16.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1166 [GMT 2:00]
Endroit: C:\Users\Julien\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\BM891b777e.xml
C:\Windows\pskt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 06:18 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 05:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 05:41 --------- d-----w C:\Users\Julien\AppData\Roaming\U3
2008-04-07 20:12 147,456 ----a-w C:\Program Files\VundoFix.exe
2008-04-07 00:17 0 ----a-w C:\ntuser.dat
2008-04-06 22:28 --------- d-----w C:\Program Files\McAfee
2008-04-06 22:25 --------- d-----w C:\Users\Julien\AppData\Roaming\Azureus
2008-03-29 17:54 0 ----a-w C:\Users\Julien\AppData\Roaming\wklnhst.dat
2008-03-26 19:43 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-22 11:42 --------- d-----w C:\Users\Julien\AppData\Roaming\Turbine
2008-03-22 09:02 --------- d-----w C:\Users\Julien\AppData\Roaming\GetRightToGo
2008-03-22 09:02 --------- d-----w C:\Program Files\Turbine
2008-03-09 22:35 --------- d-----w C:\Users\Julien\AppData\Roaming\Apple Computer
2008-03-09 22:35 --------- d-----w C:\Program Files\iTunes
2008-03-09 22:35 --------- d-----w C:\Program Files\iPod
2008-03-09 22:34 --------- d-----w C:\ProgramData\Apple Computer
2008-03-09 22:20 --------- d-----w C:\Program Files\Bonjour
2008-03-09 22:19 --------- d-----w C:\Program Files\QuickTime
2008-03-09 22:17 --------- d-----w C:\Program Files\Apple Software Update
2008-03-09 22:16 --------- d-----w C:\ProgramData\Apple
2008-03-09 22:16 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-09 16:02 --------- d-----w C:\Users\Julien\AppData\Roaming\InstallShield
2008-03-09 16:02 --------- d-----w C:\Program Files\SAGEM
2008-03-07 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 16:19 --------- d-----w C:\Users\Julien\AppData\Roaming\Samsung
2008-03-06 22:11 --------- d-----w C:\ProgramData\Azureus
2008-03-06 22:03 --------- d-----w C:\Program Files\Azureus
2008-03-06 18:54 --------- d-----w C:\Program Files\Samsung
2008-03-04 18:24 --------- d-----w C:\Users\Julien\AppData\Roaming\Roxio
2008-03-04 07:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-04 07:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-04 07:02 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-04 07:02 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-04 07:02 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-04 07:02 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-04 07:02 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-04 07:02 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-04 07:02 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-04 07:02 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-03-04 07:00 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-04 07:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-04 07:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-04 07:00 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-04 07:00 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-04 07:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-04 07:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-04 07:00 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-04 06:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-03 23:11 --------- d-----w C:\Users\Julien\AppData\Roaming\tmp
2008-03-03 23:11 --------- d-----w C:\Users\Julien\AppData\Roaming\Reallusion
2008-03-03 22:44 --------- d-----w C:\Program Files\Windows Live
2008-03-03 22:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 22:42 --------- d-----w C:\ProgramData\WLInstaller
2008-03-03 21:30 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-03 21:25 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-03 21:24 --------- d-----w C:\Users\Julien\AppData\Roaming\DAEMON Tools
2008-03-03 20:42 --------- d-----w C:\ProgramData\Dell
2008-03-03 19:53 --------- d-----w C:\Program Files\OrangeHSS
2008-03-03 19:50 --------- d-----w C:\Program Files\Common Files\France Telecom
2008-03-03 17:30 --------- d-----w C:\ProgramData\Gtek
2008-03-03 17:29 --------- d-----w C:\Users\Julien\AppData\Roaming\GTek
2008-03-03 17:29 --------- d-----w C:\ProgramData\NVIDIA
2008-03-03 17:24 --------- d-sh--w C:\ProgramData\Modèles
2008-03-03 17:24 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-03 17:24 --------- d-sh--w C:\ProgramData\Favoris
2008-03-03 17:24 --------- d-sh--w C:\ProgramData\Documents
2008-03-03 17:24 --------- d-sh--w C:\ProgramData\Bureau
2008-03-03 17:24 --------- d-sh--w C:\ProgramData\Application Data
2008-03-03 17:24 --------- d-sh--w C:\Program Files\Fichiers communs
2008-02-26 23:59 45,240 ------w C:\Windows\system32\drivers\pciidex.sys
2008-02-26 23:59 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-02-26 23:59 21,688 ------w C:\Windows\system32\drivers\atapi.sys
2008-02-26 23:59 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-02-26 23:59 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-02-26 23:59 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-02-26 23:59 17,592 ------w C:\Windows\system32\drivers\intelide.sys
2008-02-26 23:59 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-02-26 23:59 16,056 ------w C:\Windows\system32\drivers\pciide.sys
2008-02-26 23:59 110,264 ------w C:\Windows\system32\drivers\ataport.sys
2008-02-26 23:56 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-02-26 23:56 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-02-26 23:56 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-02-26 23:56 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-02-26 23:56 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-02-26 23:56 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-02-26 23:55 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-02-26 23:55 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-02-26 23:55 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-02-26 23:55 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-02-26 23:55 --------- d-----w C:\Program Files\Windows Calendar
2008-02-26 23:54 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-02-26 23:54 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-02-26 23:54 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-02-26 23:53 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-26 23:53 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-26 23:53 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-26 23:53 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-26 23:52 --------- d-----w C:\Program Files\Windows Defender
2008-02-26 23:51 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-02-26 23:51 28,344 ------w C:\Windows\system32\drivers\battc.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-27 01:52 1006264]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 10:40 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-25 06:52 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-25 06:52 8530464]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-26 18:15 77824]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 19:30 152144]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-26 18:33 1838592]
"BM891b777e"="C:\Windows\system32\disebqib.dll" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D076CA08-C082-4FD2-B1B4-C066D267ADB1}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{533AD663-1298-4092-9DF1-780FC7CC6533}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{52996306-39DA-4CC9-8A0E-66AD37F2DCE6}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F0584667-5598-4692-9EC4-888BAFA746D0}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{632A537C-177E-429C-B63D-0AC4D5CA5918}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{E1D8B49C-70AF-4B50-A4C9-5C653651B9A1}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{E6461058-D4B2-4650-A1AF-756C48AE30D8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{700DD36B-2515-405B-B2CD-E85AF36CFB9C}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{DEA53BA5-081F-4DFB-B8FC-BD0A9E699497}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{C948154A-E53C-49AB-B009-B4EDBBCE6E1A}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{85FD5C86-B5B4-4C9D-AE03-5E35FA1FD3E6}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{390F7BFC-2BB5-4792-9D27-7C451CCBB787}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{993A71AE-9A05-465E-AD40-76B31F16BDF6}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{4AF5B9E4-FE3E-4690-A0E8-6E413A446A1E}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{545E7812-CF4C-4251-9FF8-0CDC42574EB9}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{79C16937-E062-49E7-9C0E-ED4F758F36A8}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BFEBA67D-A003-4773-87DB-297A9816755F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8CB2E41E-E731-422E-A567-BE81CFEBD4A3}"= UDP:C:\jeux\NWN2\nwn2main.exe:Neverwinter Nights 2 Main
"{592583D9-5DF0-4564-AB1B-6742A7EFF53B}"= TCP:C:\jeux\NWN2\nwn2main.exe:Neverwinter Nights 2 Main
"{8F28A851-5F96-4FC6-8F05-6CB1E3B58599}"= UDP:C:\jeux\NWN2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{4C4146EB-89D1-498E-A136-BF2373F12FF8}"= TCP:C:\jeux\NWN2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{4FB182B8-C8AA-4115-82DE-75492BDE9F94}"= UDP:C:\jeux\NWN2\nwupdate.exe:Neverwinter Nights 2 Updater
"{A1B0383D-89CF-4FEA-A157-83BE87C598FA}"= TCP:C:\jeux\NWN2\nwupdate.exe:Neverwinter Nights 2 Updater
"{894BAAC2-0961-4914-903F-D463B0065C32}"= UDP:C:\jeux\NWN2\nwn2server.exe:Neverwinter Nights 2 Server
"{9AC47C47-5BF3-4996-8C14-8E6872F50BF4}"= TCP:C:\jeux\NWN2\nwn2server.exe:Neverwinter Nights 2 Server
"{7E6FA81E-705D-4560-990B-628DCD9BF55C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{707D32C1-E2E3-4FAA-8C69-0F2B33E916F1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B70F38B1-53F5-4BA5-A619-04023C97968E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B66B5F82-7553-477D-BBE4-D5DF2B16874B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1FF5827C-4402-49DC-967E-3D72CECE4AAC}"= UDP:C:\Program Files\Turbine\The Lord of the Rings Online\TurbineElevator.exe:TurbineElevator.exe
"{6A10EDD3-57DF-4B6C-9258-21F62A053D17}"= TCP:C:\Program Files\Turbine\The Lord of the Rings Online\TurbineElevator.exe:TurbineElevator.exe
"{3CBEA830-8239-43EC-86D6-086E5A7BBDAE}"= UDP:C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:lotroclient.exe
"{E23AE267-E4FF-4435-80F3-59046DB753E7}"= TCP:C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:lotroclient.exe
"{4A0425F4-2447-4A2C-BFF4-0262D99D8E03}"= UDP:C:\Program Files\Turbine\The Lord of the Rings Online\TurbineLauncher.exe:TurbineLauncher.exe
"{2936FD3A-2E06-494A-AE73-916187B197E7}"= TCP:C:\Program Files\Turbine\The Lord of the Rings Online\TurbineLauncher.exe:TurbineLauncher.exe
"{7638D0BB-50F9-41B5-8618-EF3F34CADBD9}"= UDP:C:\Program Files\Turbine\The Lord of the Rings Online\TurbineInvoker.exe:TurbineInvoker.exe
"{A8A6A9A3-0A59-4AAA-9F23-98C65F096E09}"= TCP:C:\Program Files\Turbine\The Lord of the Rings Online\TurbineInvoker.exe:TurbineInvoker.exe
"{07003E48-8807-47BE-833F-1FC4106070BE}"= UDP:C:\jeux\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe:Blizzard Downloader
"{BC26AF23-DC1C-451E-A3A2-814D61E29BAD}"= TCP:C:\jeux\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe:Blizzard Downloader
"{8BBE296E-4152-4D7F-9F3B-4F099E4FD302}"= UDP

Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 13:46]
R2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 12:14]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 22:34]
R2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 12:17]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 11:23]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-02-26 18:27]
R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\system32\Drivers\OEM03Afx.sys [2007-06-18 07:44]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys [2007-06-18 07:44]
R3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys [2007-06-18 07:44]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 15:41]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 18:44]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys [2007-01-15 19:57]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2005-05-14 17:37]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-12-14 16:25]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-12-14 16:25]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe []
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 12:15]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-12-14 16:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e4062e5-e951-11dc-b15d-001d092c47ea}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-26 16:31:03 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-26 16:31:03 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-04-09 13:01:06 C:\Windows\Tasks\User_Feed_Synchronization-{4F5DF2ED-E7A6-424D-83A6-844B4B86434D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 19:27:41
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-09 19:31:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 17:31:21
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-09 06:04:57 --- E O F ---

Message par **nardino** » 09 avr. 2008, 20:19

Bonsoir.

Script Combofix

- Ouvre le bloc-note et colles-y les lignes écrites ci-dessous :
Veille à ce que Retour à la ligne ne soit pas coché dans Format.

File::
C:\Users\Julien\AppData\Roaming\wklnhst.dat
C:\Windows\system32\disebqib.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM891b777e"=-

- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe

- Combofix va se lancer et faire redémarrer l'ordinateur.
- Poste le rapport Combofix2.txt qui est dans C:\Combofix et un nouveau rapport HijackThis.

@+

Forum-vista : Entraide et dépannage Windows Vista et Windows Seven

Trojan Vundo détécté par McAfee

Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee

Re: Trojan Vundo détécté par McAfee