Problème virus/spyware : tr/Vundo.Gen

Logiciel & apps Logiciel Général
1

bon…apparament je ne suis pas le seul à avoir choppé ce truc infame…mais le rapport hijackthis varie en fonction de l’ordi, alors :

-j’ ai utlilsé spybot, antivir, ccleaner, cleanup, virtumonde et j’en passe…

-voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47, on 2008-07-17
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\DeltaIITray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3242DF5E-D749-4785-856B-BB1AF4747685} - C:\Windows\system32\fcCRKBsp.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C2BE47-B88F-4648-A909-22599A2C33BA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [RivaTuner] “C:\Program Files\RivaTuner v2.06\RivaTuner.exe” /T
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
O4 - HKLM…\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM…\Run: [RivaTunerStartupDaemon] “C:\Program Files\RivaTuner v2.06\RivaTuner.exe” /S
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [MSServer] rundll32.exe C:\Windows\system32\yaYSKASJ.dll,#1
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM…\Policies\Explorer\Run: [ati2sgav] “C:\Windows\system32\ati2sgav.exe”
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - cdn.scan.onecare.live.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - bitdefender.bwm-mediasoft.com…
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe


End of file - 7369 bytes

d’avance merci!
j’pête un cable…
Edité le 17/07/2008 à 23:38

2

O4 - HKLM…\Run: [MSServer] rundll32.exe C:\Windows\system32\yaYSKASJ.dll,#1
O2 - BHO: (no name) - {67C2BE47-B88F-4648-A909-22599A2C33BA} - (no file)
O4 - HKLM…\Policies\Explorer\Run: [ati2sgav] “C:\Windows\system32\ati2sgav.exe” celle la je suis pas sur mais même si inscrit ati je suis pas sur que legitime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

3

Merci riri38, je crois que j’ai dû virer des trucs lors des essais précédents…je te tiens au courant, en espérant que tu aies résolu ce topic,
encore une fois 10000 mercis!

4

Salut

Utilise vundofix et post le rapport

Fait un scan complet avec malwarebytes antimalware,supprime les fichier détecté et colle le rapport

AVG antispyware et devenue obselete
Edité le 17/07/2008 à 22:15

5

ok…c’est donc vrai cette légende que vous aidez les gens jour et nuit…

plus sérieusement : -Vundofix ne détecte rien
-nouveau rapport hijackthis : avec un petit malin (c:\windows\system32\fcCRKBsp.dll) que j’enlève et qui revient quand même…

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21, on 2008-07-17
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3242DF5E-D749-4785-856B-BB1AF4747685} - C:\Windows\system32\fcCRKBsp.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [RivaTuner] “C:\Program Files\RivaTuner v2.06\RivaTuner.exe” /T
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
O4 - HKLM…\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM…\Run: [RivaTunerStartupDaemon] “C:\Program Files\RivaTuner v2.06\RivaTuner.exe” /S
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - cdn.scan.onecare.live.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - bitdefender.bwm-mediasoft.com…
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe


End of file - 7172 bytes

-Et voici le rapport “malware-bytes anti-malware” :
(le disque dur s’est fait scanner tout l’après-midi en long et en large…j’aimerai pas être à sa place…)

Malwarebytes’ Anti-Malware 1.20
Version de la base de données: 962
Windows 6.0.6001 Service Pack 1

22:53:33 2008-07-17
mbam-log-7-17-2008 (22-53-33).txt

Type de recherche: Examen complet (C:|)
Eléments examinés: 150634
Temps écoulé: 24 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\fcCRKBsp.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3242df5e-d749-4785-856b-bb1af4747685} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID{3242df5e-d749-4785-856b-bb1af4747685} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccrkbsp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccrkbsp -> Delete on reboot.

Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\fcCRKBsp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\psBKRCcf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\psBKRCcf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080717170050601.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080717182557366.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080717184009766.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

j’ai voulu les désinstaller mais certains éléments sont restés.
Antivir continue à mettre des messages d’alertes…

aaaaAAAAAAAAAAAAAAAAAARRRRRGGGgggg…!
Edité le 17/07/2008 à 23:39

6

Désactive ton antivirus

Utilise combofix
Fait clique droit exécuter en administrateur

Colle le rapport
Edité le 17/07/2008 à 23:07

7

pitié, pa formaté…

Maintenant, antivir me parle de TR/trash.Gen…éffacé!(suspens…):yeux1:

j’ai perdu ma barre de gadgets dans l’affaire, mais rien à signaler à l’horizon !!
ça à l’air OK :super:

MERCI!

j’ouvre un nouveau topic pour savoir comment récupérer les gadget ???!!:MDR

8

Tu a fait ce que je t’ai marqué au dessus?

9

toujours pas de barre gadget…
PS : à quoi sert vraiment ce combofix?

ComboFix 08-07-13.11 - M… 2008-07-17 23:15:46.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2348 [GMT 2:00]
Endroit: C:\Users\M…\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\2.exe
C:\Windows\system32\fxaeylat.ini
C:\Windows\system32\lsprst7.dll
C:\Windows\system32\ssprs.dll
.
---- Previous Run -------
.
C:\Windows\system32\comsa32.sys
C:\Windows\system32\drmgs.sys

.
((((((((((((((((((((((((((((( Fichiers cr??s 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
.

2008-07-17 22:26 . 2008-07-17 22:26 d-------- C:\Users\M…\AppData\Roaming\Malwarebytes
2008-07-17 22:26 . 2008-07-17 22:26 d-------- C:\Users\All Users\Malwarebytes
2008-07-17 22:26 . 2008-07-17 22:26 d-------- C:\ProgramData\Malwarebytes
2008-07-17 22:26 . 2008-07-17 22:26 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-17 22:26 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-17 22:26 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-17 21:11 . 2008-07-17 21:11 d-------- C:\Users\M…\AppData\Roaming\Grisoft
2008-07-17 21:11 . 2008-07-17 21:11 d-------- C:\Users\All Users\Grisoft
2008-07-17 21:11 . 2008-07-17 21:11 d-------- C:\ProgramData\Grisoft
2008-07-17 21:11 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-07-17 20:58 . 2008-07-17 23:15 d-------- C:\327882R2FWJFW
2008-07-17 20:37 . 2008-07-17 20:37 d-------- C:\VundoFix Backups
2008-07-17 19:27 . 2008-07-17 19:27 d-------- C:\Users\All Users\Avira
2008-07-17 19:27 . 2008-07-17 19:27 d-------- C:\ProgramData\Avira
2008-07-17 19:27 . 2008-07-17 19:27 d-------- C:\Program Files\Avira
2008-07-17 18:57 . 2008-07-17 18:57 d-------- C:\Program Files\Windows Live Safety Center
2008-07-17 17:11 . 2008-07-17 17:11 d-------- C:\Program Files\Alwil Software
2008-07-15 13:06 . 2008-07-15 13:06 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-15 13:06 . 2008-07-15 13:06 1,409 --a------ C:\Windows\QTFont.for
2008-07-14 16:12 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-07-11 18:08 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 18:08 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 18:08 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-11 04:37 . 2008-05-30 14:11 3,850,760 --a------ C:\Windows\System32\D3DX9_38.dll
2008-07-11 04:37 . 2008-05-30 14:11 1,491,992 --a------ C:\Windows\System32\D3DCompiler_38.dll
2008-07-11 04:37 . 2008-05-30 14:19 507,400 --a------ C:\Windows\System32\XAudio2_1.dll
2008-07-11 04:37 . 2008-05-30 14:11 467,984 --a------ C:\Windows\System32\d3dx10_38.dll
2008-07-11 04:37 . 2008-05-30 14:18 238,088 --a------ C:\Windows\System32\xactengine3_1.dll
2008-07-11 04:37 . 2008-05-30 14:17 65,032 --a------ C:\Windows\System32\XAPOFX1_0.dll
2008-07-11 04:37 . 2008-05-30 14:17 25,608 --a------ C:\Windows\System32\X3DAudio1_4.dll
2008-07-02 15:48 . 2008-04-23 10:37 15,656 --a------ C:\Windows\System32\drivers\wacmoumonitor.sys
2008-07-02 03:22 . 2008-07-01 22:18 7,732,943 --a------ C:\Users\Public\prosonde1bis.zip
2008-06-28 09:11 . 2008-06-28 09:11 4,096 --ahs---- C:\VSNAP.IDX
2008-06-28 07:55 . 2008-06-28 07:55 d-------- C:\Users\M…\AppData\Roaming\Symantec
2008-06-28 07:01 . 2008-06-28 07:01 d-------- C:\Program Files\Norton Ghost
2008-06-28 07:00 . 2008-06-28 07:05 d-------- C:\Users\All Users\Symantec
2008-06-28 07:00 . 2008-06-28 07:05 d-------- C:\ProgramData\Symantec
2008-06-28 07:00 . 2008-06-28 07:00 d-------- C:\Program Files\Symantec
2008-06-28 07:00 . 2008-06-28 07:01 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Videos
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Searches
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Links
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-06-28 06:59 . 2008-06-28 06:59 dr------- C:\Windows\System32\config\systemprofile\Documents
2008-06-25 03:02 . 2008-06-25 03:02 d-------- C:\Users\Public\Sins Of A Solar Empire [PCDVD][English][www.zonatorrent.com]
2008-06-24 19:48 . 2008-06-08 22:09 33,668,336 --a------ C:\Users\Public\kis8.0.0.357fr.exe
2008-06-23 18:42 . 2007-04-24 18:47 122,880 --a------ C:\Windows\System32\DreamScene.dll
2008-06-23 18:01 . 2008-06-29 04:16 2,560 --a------ C:\Windows_MSRSTRT.EXE
2008-06-23 17:54 . 2008-06-23 17:54 d-------- C:\Users\All Users\Stardock
2008-06-23 17:54 . 2008-06-23 17:54 d-------- C:\ProgramData\Stardock
2008-06-23 17:39 . 2008-01-19 09:36 1,152,000 --a------ C:\Windows\System32\themecpl.dll.original
2008-06-23 17:04 . 2008-06-23 17:04 29 --a------ C:\Windows.wb4
2008-06-23 17:01 . 2008-06-23 17:01 0 --------- C:\Windows\WB.ini
2008-06-23 16:54 . 2008-06-23 16:54 d-------- C:\Program Files\Stardock
2008-06-23 16:54 . 2007-09-12 17:58 58,792 --------- C:\Windows\System32\wbload.dll
2008-06-23 16:54 . 2007-07-11 14:06 42,672 --------- C:\Windows\System32\wbsys.dll
2008-06-23 16:45 . 2008-06-23 19:29 d-------- C:\Program Files\Dream Aquarium
2008-06-23 16:45 . 2006-10-09 12:00 94,208 --a------ C:\Windows\Dream Aquarium.scr
2008-06-22 11:55 . 2008-06-22 11:55 d–h----- C:\Users\All Users{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-06-22 11:55 . 2008-06-22 11:55 d–h----- C:\ProgramData{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-06-20 11:26 . 2008-07-17 21:09 117,176 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-06-19 07:22 . 2008-07-17 20:12 d–hs---- C:\found.000
2008-06-17 12:49 . 2008-06-17 12:49 0 --a------ C:\Windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 21:02 --------- d-----w C:\Users\M…\AppData\Roaming\WTablet
2008-07-17 19:02 --------- d-----w C:\Program Files\BitComet
2008-07-17 18:21 --------- d-----w C:\Program Files\CCleaner
2008-07-17 16:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-14 15:27 --------- d-----w C:\Program Files\Java
2008-07-14 14:16 --------- d-----w C:\ProgramData\NVIDIA
2008-07-11 15:48 --------- d–h--w C:\Users\M…\AppData\Roaming\OpenOffice.org2
2008-07-11 02:37 --------- d-----w C:\ProgramData\Ubisoft
2008-07-09 16:37 --------- d-----w C:\Program Files\Windows Mail
2008-07-02 13:49 --------- d-----w C:\Program Files\Tablet
2008-06-29 01:30 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-29 01:30 --------- d-----w C:\ProgramData\Media Center Programs
2008-06-17 16:08 --------- d-----w C:\Program Files\PeerTV
2008-06-15 15:55 --------- d-----w C:\Users\M…\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-06-11 00:06 --------- d-----w C:\Users\M…\AppData\Roaming\dvdcss
2008-06-11 00:01 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-10 23:58 --------- d-----w C:\Users\M…\AppData\Roaming\vlc
2008-06-10 23:57 --------- d-----w C:\Program Files\VideoLAN
2008-06-08 20:53 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-06-08 20:49 --------- d-----w C:\Program Files\ESET
2008-06-07 18:17 --------- d-----w C:\Program Files\Common Files\BioWare
2008-06-01 07:21 --------- d-----w C:\ProgramData\Codemasters
2008-05-27 18:11 --------- d-----w C:\Program Files\OpenAL
2008-03-20 06:08 174 --sha-w C:\Program Files\desktop.ini
2007-11-19 20:21 22,328 —ha-w C:\Users\M…\AppData\Roaming\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-04 00:29 165784]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 17:46 1460560]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 07:24 286720]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 20:51 39792]
“RivaTuner”=“C:\Program Files\RivaTuner v2.06\RivaTuner.exe” [2007-10-30 20:05 2650112]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“M-Audio Taskbar Icon”=“C:\Windows\System32\DeltaIITray.exe” [2007-12-03 12:21 236040]
“DeltaIITaskbarApp”=“C:\Windows\system32\DeltaIITray.exe” [2007-12-03 12:21 236040]
“RivaTunerStartupDaemon”=“C:\Program Files\RivaTuner v2.06\RivaTuner.exe” [2007-10-30 20:05 2650112]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2008-05-16 14:01 13535776]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2008-05-16 14:01 92704]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-02-12 10:06 262401]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

C:\Users\M. JOIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-17 18:40:59 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{E0733DD8-5CCB-433F-8D3B-655AE53FAC5E}”= UDP:15712:BitComet 15712 TCP
“{99F794B7-02E0-44E5-9FDF-645E698F50C1}”= TCP:15712:BitComet 15712 UDP
“TCP Query User{C8387378-7C67-4CD3-AF56-8DBF10197F5B}C:\program files\bitcomet\bitcomet.exe”= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“UDP Query User{09D0F87D-3E98-4168-95E2-F436D71A16C6}C:\program files\bitcomet\bitcomet.exe”= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“TCP Query User{3769C331-C689-49ED-B710-7A42B2D0B30D}C:\windows\system32\dllrun.exe”= UDP:C:\windows\system32\dllrun.exe:dllrun
“UDP Query User{529D23DD-3507-4B5C-9316-EDAB2F64E8FF}C:\windows\system32\dllrun.exe”= TCP:C:\windows\system32\dllrun.exe:dllrun
“TCP Query User{519040DE-6CF0-4063-B66A-8D78B1C1AE7B}C:\program files\internet explorer\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{13DFD21D-3239-4442-84D0-1AAF065459A6}C:\program files\internet explorer\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{1E2BD3A9-374F-47CB-B0D5-B87192045383}D:\jeux\test drive\testdriveunlimited.exe”= UDP:D:\jeux\test drive\testdriveunlimited.exe:Test Drive Unlimited
“UDP Query User{2B5460EC-D7A8-466A-8CFF-26FFAC87F9CC}D:\jeux\test drive\testdriveunlimited.exe”= TCP:D:\jeux\test drive\testdriveunlimited.exe:Test Drive Unlimited
“{4C2ECC03-FA0A-45BA-9B91-48578104B236}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{3C6316BD-4C95-45CB-A8C3-863952D3E3C4}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{AD5F3FEE-C48E-4940-9C54-9863C561A1BC}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{ABD845D6-BFB5-4AE9-9E70-4AFAD0B12939}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{FDC98472-5133-4F55-8F92-8E6F707F16E9}”= UDP:D:\JEUX\ennemi terry\etqwded.exe:etqwded.exe
“{6CCE0B6D-B583-4893-BC10-9576A955D644}”= TCP:D:\JEUX\ennemi terry\etqwded.exe:etqwded.exe
“{8E348C84-A281-4C83-BA2B-84C577F79640}”= UDP:D:\JEUX\ennemi terry\etqw.exe:Enemy Territory - QUAKE Wars™
“{CA41E4D6-D5EC-4503-B704-DA4092C269B1}”= TCP:D:\JEUX\ennemi terry\etqw.exe:Enemy Territory - QUAKE Wars™

“TCP Query User{1A225501-2014-48DB-A92E-FB191FBBC668}C:\program files\peertv\peercast.exe”= UDP:C:\program files\peertv\peercast.exe:PeerCast
“UDP Query User{44890537-4E4B-4EBE-A234-FF0C61AB0345}C:\program files\peertv\peercast.exe”= TCP:C:\program files\peertv\peercast.exe:PeerCast
“TCP Query User{97AD671B-3909-4AB3-AA0C-730B1250D7F9}C:\users\m. join\appdata\local\temp\electronicarts_patcher_000.exe”= UDP:C:\users\m. join\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
“UDP Query User{8B181CDB-E263-4CA9-8769-A4989AFB9FA6}C:\users\m. join\appdata\local\temp\electronicarts_patcher_000.exe”= TCP:C:\users\m. join\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
“{E5800141-5972-4E9A-9192-AB54E3EC5A4F}”= UDP:D:\JEUX\sins of a solar empire\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
“{A91C1223-36B6-4E9D-AE90-455C6CA2D33F}”= TCP:D:\JEUX\sins of a solar empire\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
“{92D3274D-848F-4111-84D6-CFD8DABA7D17}”= UDP:D:\JEUX\universe at war\UAWEA.exe:Universe at War Earth Assault
“{F8191CED-F3E3-4B64-BF41-7439533CC30C}”= TCP:D:\JEUX\universe at war\UAWEA.exe:Universe at War Earth Assault
“TCP Query User{E0CAA42F-E9EF-4FB6-9A1A-11B8954CB56F}D:\jeux\r6 vegas2\rainbow six vegas 2\binaries\r6vegas2_game.exe”= UDP:D:\jeux\r6 vegas2\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
“UDP Query User{B772508D-28F6-4954-8427-7AC244D2E9ED}D:\jeux\r6 vegas2\rainbow six vegas 2\binaries\r6vegas2_game.exe”= TCP:D:\jeux\r6 vegas2\rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game
“TCP Query User{87708B76-4E75-4C2B-839A-B44E693A700A}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe”= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
“UDP Query User{B6884BE0-39F3-4009-939F-6AB36C91AD83}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe”= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)

R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe [2008-06-06 08:08]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\Windows\system32\DRIVERS\deltaII.sys [2007-12-03 12:21]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2008-04-23 10:37]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 hercspud;Hercules ® WDM Audio Driver;C:\Windows\system32\drivers\hercspud.sys [2007-03-14 10:15]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2db2cc89-72e8-11dc-bdf8-0018f3466cdc}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dd605ba8-3bb1-11dd-a435-0018f3466cdc}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

.

        • ORPHANS REMOVED - - - -

BHO-{3242DF5E-D749-4785-856B-BB1AF4747685} - (no file)
ShellExecuteHooks-{8EA479BF-A910-4B14-8BB1-CD195871F947} - C:\Windows\system32\yaYSKASJ.dll
Notify-WBSrv - (no file)

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-17 23:20:38
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach?s …

Balayage cach? autostart entries …

Balayage des fichiers cach?s …

Scan termin? avec succ?s
Les fichiers cach?s: 0

.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\System32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\dllhost.exe
.

.
Temps d’accomplissement: 2008-07-17 23:24:07 - machine was rebooted [M…]
ComboFix-quarantined-files.txt 2008-07-17 21:23:57

Pre-Run: 12,851,888,128 octets libres
Post-Run: 12,662,947,840 octets libres

297 — E O F — 2008-07-16 14:59:07
Edité le 17/07/2008 à 23:42

10

Cela permet de supprimer des virus

Tu a antivir il me semble met le a jour

Puis va dans extra > configuration, coche expert mode.

Dans scanner > scan coche all files et dans additionnal setting coche tous sauf ignore offline files.
Dans scanner > scan > archive coche scan archives, all archive, smart extension et décoche limit recursion
Dans scanner > scan > heuristic coche high level

Dans général > Extended threat coche select all.

Apuis sur Ok et fait un complete scan

11

pour les fichier tenace regarde si tu peu lancer un scan au demarrage du pc
Avast le fait mais antivir je c’est pas

12

merci,
j’vous doit combien? uh,uh,uh…:stuck_out_tongue:

Le scan est en cours, avec les paramètres que vous m’avez conseillé : reste plus qu’ à défragmenter tout ça et le PC retrouvera sa sur-puissance légendaire!.

(bonne nuit…:sommeil:)
merci.

PS : j’arrive pas à mettre “résolu” dans le titre…
Edité le 17/07/2008 à 23:53

13

guigui14100 toi qui a l’air de bien connaitre antivir : on peu faire un scan au demarrage du pc avec ? ( juste pour info personnel )

[quote="neurosol"] merci, j'vous doit combien? uh,uh,uh...:p

Le scan est en cours, avec les paramètres que vous m’avez conseillé : reste plus qu’ à défragmenter tout ça et le PC retrouvera sa sur-puissance légendaire!.

(bonne nuit…:sommeil:)
merci.

PS : j’arrive pas à mettre “résolu” dans le titre…
[/quote]

de rien
les heures de nuit sont plus chere

pour le resolue regarde en face d’un des messages de guigui14100 par exemple tu doit avoir un rectangle avec resolue+1 en face clic dessus

14

Tu peut le programmé au login.

De rien et bonne nuit.

PS: Il se pourrait qu’il y aille des restes donc peut etre un test de contrôle après
Edité le 18/07/2008 à 00:03