Se connecter / S'enregistrer
Votre question

Trojan.Vundo

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Novembre 2008 13:22:33

Bonjour,

J'ai attraper je ne sais comment un Trojan.Vundo détecté via Norton Internet Security. Tous les éléments sont là: Popup intempestifs, blocage du service MàJ auto de Windows,...

J'ai fais un vundofix, un combofix et un hijackthis mais sa ne résous tjs rien. Voici les logs:

<gras>VUNDOFIX</gras>

VundoFix V7.0.6

Scan started at 19:57:44 4/11/2008

Listing files found while scanning....

C:\Windows\system32\btyhkshb.dll
C:\Windows\system32\doopslup.dll
C:\Windows\system32\stplaglh.dll

Beginning removal...

Attempting to delete C:\Windows\system32\btyhkshb.dll
C:\Windows\system32\btyhkshb.dll Has been deleted!

Attempting to delete C:\Windows\system32\doopslup.dll
C:\Windows\system32\doopslup.dll Has been deleted!

Attempting to delete C:\Windows\system32\stplaglh.dll
C:\Windows\system32\stplaglh.dll Has been deleted!

Performing Repairs to the registry.
Done!

<gras>COMBOFIX</gras>
ComboFix 08-11-04.02 - Propriétaire 2008-11-04 22:07:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.532 [GMT 1:00]
Lancé depuis: c:\vundo\ComboFix.exe
Commutateurs utilisés :: c:\vundo\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\chgbucid.ini
c:\windows\system32\cMVwwyay.ini
c:\windows\system32\cMVwwyay.ini2
c:\windows\system32\dicubghc.dll
c:\windows\system32\huyagg.dll
c:\windows\system32\ibmftloe.ini
c:\windows\system32\iuqfsyha.ini
c:\windows\system32\mcqlrbku.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdm.exe
c:\windows\system32\MSINET.oca
c:\windows\system32\nluygcfc.dll
c:\windows\system32\uetqkbgp.ini
c:\windows\system32\uniripyc.dll
c:\windows\system32\xslshdhn.ini
c:\windows\system32\yaywwVMc.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 ))))))))))))))))))))))))))))))))))))
.

2008-11-04 19:57 . 2008-11-04 20:23 <REP> d-------- C:\VundoFix Backups
2008-11-04 19:53 . 2008-11-04 21:42 <REP> d-------- C:\vundo
2008-10-31 15:26 . 2008-10-31 15:26 <REP> d-------- c:\program files\Common Files
2008-10-31 15:26 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-10-31 15:26 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-10-31 15:10 . 2008-10-31 15:10 <REP> d-------- c:\program files\Games-Masters.com
2008-10-30 17:32 . 2008-10-30 17:35 <REP> d-------- c:\program files\De Blob
2008-10-26 20:51 . 2008-10-26 20:51 <REP> d-------- c:\program files\Uniblue
2008-10-26 20:41 . 2008-10-26 20:41 <REP> d-------- c:\program files\Trend Micro
2008-10-25 14:07 . 2008-10-25 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-10-25 14:07 . 2008-10-25 14:07 971,232 --a------ c:\windows\system32\drivers\tdrpm147.sys
2008-10-25 14:07 . 2008-10-25 14:07 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2008-10-25 14:07 . 2008-10-25 14:07 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2008-10-25 14:05 . 2008-10-25 14:37 <REP> d-------- c:\program files\Fichiers communs\Acronis
2008-10-25 13:22 . 2008-10-25 13:22 <REP> d-------- C:\TYPSoft FTP Server
2008-10-22 19:10 . 2008-10-22 19:10 <REP> d-------- c:\program files\SoftChris
2008-10-20 15:41 . 2008-10-20 15:47 <REP> d-------- c:\program files\Wolfenstein - Enemy Territory
2008-10-19 17:12 . 2008-10-19 17:12 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2008-10-18 10:31 . 2008-10-18 10:30 687,120 --a------ c:\windows\unins000.exe
2008-10-18 10:31 . 2008-10-18 10:31 770 --a------ c:\windows\unins000.dat
2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 20:47 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-04 20:45 --------- d-----w c:\program files\lynx
2008-11-04 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-25 14:21 --------- d-----w c:\documents and settings\Propriétaire\Application Data\BitTorrent
2008-10-25 12:59 --------- d-----w c:\program files\eMule
2008-10-25 08:04 --------- d-----w c:\documents and settings\Propriétaire\Application Data\tunebite
2008-10-22 09:27 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 19:00 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Xfire
2008-10-21 05:53 --------- d-----w c:\program files\Google
2008-10-19 16:47 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Skype
2008-10-19 14:49 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-19 14:33 --------- d-----w c:\documents and settings\Propriétaire\Application Data\GSC
2008-10-19 13:41 --------- d-----w c:\program files\Xfire
2008-10-17 18:44 --------- d-----w c:\documents and settings\Propriétaire\Application Data\XnView
2008-10-15 06:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-10 16:59 --------- d-----w c:\documents and settings\Propriétaire\Application Data\FileZilla
2008-10-03 13:14 39,984 ----a-w c:\windows\system32\drivers\symids.sys
2008-10-03 13:14 37,936 ----a-w c:\windows\system32\drivers\symndisv.sys
2008-10-03 13:14 35,120 ----a-w c:\windows\system32\drivers\symndis.sys
2008-10-03 13:14 27,696 ----a-w c:\windows\system32\drivers\symredrv.sys
2008-10-03 13:14 187,952 ----a-w c:\windows\system32\drivers\symtdi.sys
2008-10-03 13:14 146,096 ----a-w c:\windows\system32\drivers\symfw.sys
2008-10-03 13:14 12,848 ----a-w c:\windows\system32\drivers\symdns.sys
2008-10-03 13:14 10,804 ----a-w c:\windows\system32\drivers\SymRedir.cat
2008-10-03 13:14 1,358 ----a-w c:\windows\system32\drivers\SymRedir.inf
2008-10-01 09:35 --------- d-----w c:\program files\Norton Internet Security
2008-09-24 18:49 --------- d-----w c:\documents and settings\Propriétaire\Application Data\TortoiseSVN
2008-09-24 18:46 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Subversion
2008-09-24 18:45 --------- d-----w c:\program files\TortoiseSVN
2008-09-24 18:45 --------- d-----w c:\program files\Fichiers communs\TortoiseOverlays
2008-09-23 18:29 --------- d-----w c:\program files\MSN Messenger
2008-09-23 18:23 --------- d-----w c:\program files\Windows Live
2008-09-23 18:22 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-23 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-23 18:21 --------- d-----r c:\program files\Skype
2008-09-23 18:18 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-23 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-23 18:17 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-23 18:10 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-09-23 18:06 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-09-23 18:03 --------- d-----w c:\program files\Picasa2
2008-09-23 17:55 --------- d-----w c:\program files\FileZilla
2008-09-23 17:48 --------- d-----w c:\program files\filehippo.com
2008-09-23 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-23 15:13 --------- d-----w c:\program files\Fichiers communs\Bcgsoft
2008-09-23 15:10 --------- d-----w c:\program files\The Game Creators
2008-09-20 18:23 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-17 13:09 --------- d-----w c:\program files\VerbaPuces
2008-09-16 15:24 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Audacity
2008-09-16 15:23 --------- d-----w c:\program files\Free Audio Pack
2008-09-15 14:41 --------- d-----w c:\program files\Game Cam V2
2008-09-15 14:22 --------- d-----w c:\program files\Fraps
2008-09-14 11:26 --------- d-----w c:\program files\iTunes
2008-09-14 11:26 --------- d-----w c:\program files\iPod
2008-09-14 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 11:24 --------- d-----w c:\program files\Bonjour
2008-09-14 11:23 --------- d-----w c:\program files\QuickTime
2008-09-14 11:22 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-13 14:21 --------- d-----w c:\program files\RADVideo
2008-09-11 20:30 --------- d-----w c:\program files\GSC
2008-09-10 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-07 15:56 --------- d-----w c:\program files\Microsoft Games
2008-09-07 11:00 --------- d-----w c:\program files\Futuremark
2008-09-07 08:23 --------- d-----w c:\documents and settings\Propriétaire\Application Data\SPORE Creature Creator
2008-09-07 08:21 --------- d-----w c:\program files\Electronic Arts
2008-09-07 08:11 --------- d-----w c:\program files\UDPixel
2008-09-06 18:58 --------- d-----w c:\program files\id Software
2008-09-06 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2008-09-04 17:00 --------- d-----w c:\program files\Ubisoft
2005-06-05 11:01 284 ----a-w c:\documents and settings\Propriétaire\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2007-11-13 03:08 599552 --a------ c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-03-14 116328]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" /P Belgacom

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [2004-11-27 76288]
R2 PStrip;PSTRIP;c:\windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S2 gupdate1c90f7f9a997502;Google Update Service (gupdate1c90f7f9a997502);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-05 133104]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys [2002-08-09 110179]
S3 AtmElan;Réseau émulant ATM;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 AtmLane;Émulation réseau ATM;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-04 55936]
S3 DynDNS_Updater_Service;DynDNS Updater Service;c:\program files\DynDNS Updater\DynDNS.exe [2006-09-17 1352704]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-12-28 13352]
S3 IBG_gds_db;InterBase 7.5 Guardian gds_db;c:\program files\Borland\InterBase\bin\ibguard.exe [2005-05-24 36864]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe [2005-05-24 2027520]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-05 18:48]

2008-11-04 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Propri []

2008-11-01 c:\windows\Tasks\Norton Internet Security - Analyse système complète - Propriétaire.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 22:38]

2008-11-04 c:\windows\Tasks\User_Feed_Synchronization-{FF26A157-827A-4C4D-8375-5C0705E8AF46}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{249AC412-EF2A-4FE3-A11F-4DC4C633E2EF} - c:\windows\system32\yaywwVMc.dll
HKLM-RunServices-RunAlert - c:\program files\MSI\PC Alert III\AService.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\hrrt1gx8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#General
FF -: plugin - c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\BitTorrent_DNA\npbtdna.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 22:16:32
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe
c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Fichiers communs\Symantec Shared\CCPROXY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\fxssvc.exe
c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-04 22:58:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-04 21:58:04

Avant-CF: 55.322.136.576 octets libres
Après-CF: 55,201,693,696 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

330 --- E O F --- 2008-10-24 05:56:18

<gras>HIJACKTHIS</gras>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:57, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\program files\trend micro\HijackThis\CMM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netvibes.com/#General
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.167.187.187:3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Google Bloc-notes - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--459311038.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {D079D1F0-2290-4964-8393-AAE9EEA2B651} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://public.service.citroen.com
O15 - Trusted Zone: http://service.citroen.com
O15 - Trusted Zone: http://estim.citroen.inetpsa.com
O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://service.citroen.inetpsa.com
O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
O15 - Trusted Zone: http://spotlightdance.olympe-network.com
O15 - Trusted Zone: http://public.servicebox.peugeot.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/U...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/e...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAF8C09D-EA75-4173-B417-FA56077C0D04}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate1c90f7f9a997502) (gupdate1c90f7f9a997502) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase 7.5 Guardian gds_db (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15537 bytes

(Le programme a été renommé en CMM.exe pour afficher les lignes qui seraient masquée.)

Help me please :-s

Autres pages sur : trojan vundo

a b 8 Sécurité
5 Novembre 2008 13:30:08

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS