problème avec win32.trojandownloader.conhook

Bonjour


Plusieurs infections.


$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...


$$ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.


$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt

Je te remercie de te préoccuper de mon problème. Voilà, après avoir fait toutes les manips, j'en suis au m^^eme point, toujours une quantité de pub et un pc ralentit.

voici le report.txt de SDFix :

SDFix: Version 1.79

Run by Muichkine - 26/04/2007 - 22:59:48,26

Microsoft Windows XP [version 5.1.2600]

Running From: D:\DOCUME~1\MUICHK~1\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
kprof
NDnet1
ntldr.sys
poof
Runtime

ImagePath:
\??\D:\WINDOWS\system32\kprof
\??\D:\WINDOWS\system32\ksys.sys
\??\C:\ntldr.sys
\??\D:\WINDOWS\system32\poof
\??\D:\WINDOWS\System32\drivers\runtime.sys

kprof - Deleted
NDnet1 - Deleted
ntldr.sys - Deleted
poof - Deleted
Runtime - Deleted

Killing PID 152 'smss.exe'
Killing PID 228 'winlogon.exe'

ndis.sys Infected!

Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...

Original ndis.sys Restored


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

D:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Deleted
D:\DOCUME~1\MUICHK~1\LOCALS~1\Temp\abc123.pid - Deleted
D:\WINDOWS\system32\5_exception.nls - Deleted
D:\WINDOWS\system32\koos.exe - Deleted
D:\WINDOWS\system32\kprof - Deleted
D:\WINDOWS\system32\ksys.sys - Deleted
D:\WINDOWS\system32\poof - Deleted
D:\WINDOWS\system32\rpcc.exe - Deleted
D:\WINDOWS\system32\RunOnce2.t__ - Deleted
D:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
D:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
D:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------




Remaining Files:
---------------
D:\Documents and Settings\All Users\Documents\Settings\partnership.dll Found
D:\DOCUME~1\MUICHK~1\LOCALS~1\Temp\abc123.pid Found
D:\WINDOWS\system32\ksys.sys Found
D:\WINDOWS\system32\rpcc.exe Found
D:\WINDOWS\system32\RunOnce2.t__ Found
D:\WINDOWS\Temp\removalfile.bat Found

Backups Folder: - D:\DOCUME~1\MUICHK~1\Bureau\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

D:\Documents and Settings\All Users\Documents\Settings\partnership.dll
D:\WINDOWS\system32\vtstq.dll
D:\Program Files\AOL 9.0\aolphx.exe
D:\Program Files\AOL 9.0\aoltray.exe
D:\Program Files\AOL 9.0\RBM.exe
D:\Program Files\AOL 9.0c\aolphx.exe
D:\Program Files\AOL 9.0c\aoltray.exe
D:\Program Files\AOL 9.0c\RBM.exe
D:\Program Files\Fichiers communs\Y1220OU.exe
D:\WINDOWS\system32\config\default.tmp.LOG
D:\WINDOWS\system32\config\software.tmp.LOG
D:\WINDOWS\system32\config\system.tmp.LOG

Finished


et le nouveau Hijackthis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:45:30, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Documents and Settings\ie_updater.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\AOL\1155687321\ee\AOLSoftware.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\AOL 9.0c\aoltray.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
d:\program files\fichiers communs\aol\1155687321\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
d:\program files\fichiers communs\aol\1155687321\ee\aolsoftware.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Muichkine\Bureau\anti antiti\HiJackThis_v2.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
D:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bluesquad.fr/trial.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9282BD73-7BC8-7E16-9D84-012220F97CB2} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {0056ff29-5b46-4369-860c-d3593a9d4b6a} - D:\WINDOWS\system32\dpvdit.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {249D0220-AFF0-4B62-A810-244B38E58526} - D:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {556C7B98-BAAA-4C03-8568-EDB3BD67E8D4} - D:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {5846EAA1-B174-4106-A8F5-CA92E974D1F6} - D:\WINDOWS\system32\geeda.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9A5183A3-EBAD-4490-8781-8084EC073CE2} - D:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {BC63E018-7DDF-0C7F-8E8E-5517C88509C5} - D:\WINDOWS\System32\lfmuqc.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - D:\WINDOWS\system32\rtryugcw.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Fichiers communs\AOL\1155687321\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [22420540.exe] D:\WINDOWS\system32\22420540.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "D:\WINDOWS\wvwusq.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WindowsHive] D:\WINDOWS\system32\rpcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Xtskpggj] D:\PROGRA~1\SMANTE~1\XPLORE~1.EXE
O4 - HKCU\..\Run: [Uaut] "D:\WINDOWS\System32\ASEMBL~1\dllhost.exe" -vt ndrv
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [PowerBar] "D:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0c\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\jhmlk.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0...
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dpvdit - dpvdit.dll (file missing)
O20 - Winlogon Notify: geeda - D:\WINDOWS\system32\geeda.dll
O20 - Winlogon Notify: partnershipreg - D:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: rpcc1 - D:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: tuvuron - D:\WINDOWS\SYSTEM32\tuvuron.dll
O20 - Winlogon Notify: winonn32 - winonn32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSIEUpdater_2 (Microsoft IE Updater_2) - Unknown owner - D:\Documents and Settings\ie_updater.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - D:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - D:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - D:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 12558 bytes


et aussi le rapport de vundofix.txt

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 19:35:56 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\exvbpbpt.dll
D:\WINDOWS\system32\ilkkj.bak1
D:\WINDOWS\system32\ilkkj.bak2
D:\WINDOWS\system32\ilkkj.ini
D:\WINDOWS\system32\jkkli.dll
D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\xvtkyrlf.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\exvbpbpt.dll
D:\WINDOWS\system32\exvbpbpt.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.bak1
D:\WINDOWS\system32\ilkkj.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.bak2
D:\WINDOWS\system32\ilkkj.bak2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.ini
D:\WINDOWS\system32\ilkkj.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\jkkli.dll
D:\WINDOWS\system32\jkkli.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\tuvuurs.dll Could not be deleted.

Attempting to delete D:\WINDOWS\system32\xvtkyrlf.dll
D:\WINDOWS\system32\xvtkyrlf.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 21:52:09 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\npqss.bak1
D:\WINDOWS\system32\npqss.ini
D:\WINDOWS\system32\ssqpn.dll
D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\wvuuurr.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\npqss.bak1
D:\WINDOWS\system32\npqss.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\npqss.ini
D:\WINDOWS\system32\npqss.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\ssqpn.dll
D:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\tuvuurs.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvuuurr.dll
D:\WINDOWS\system32\wvuuurr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 22:46:17 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\bgmigeie.dll
D:\WINDOWS\system32\ddcdcyv.dll
D:\WINDOWS\system32\oqstv.bak1
D:\WINDOWS\system32\oqstv.ini
D:\WINDOWS\system32\vtsqo.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\bgmigeie.dll
D:\WINDOWS\system32\bgmigeie.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ddcdcyv.dll
D:\WINDOWS\system32\ddcdcyv.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\oqstv.bak1
D:\WINDOWS\system32\oqstv.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\oqstv.ini
D:\WINDOWS\system32\oqstv.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\vtsqo.dll
D:\WINDOWS\system32\vtsqo.dll Has been deleted!

Performing Repairs to the registry.
Done!


Voilà, j'espère que celà va permettre de pouvoir règler le problème.

Re


SDFix et Vundofix ont fait du ménage, mais il en reste.

Double-clique VundoFix.exe afin de le lancer.
[***]Ne clique pas sur "Scan for Vundo"

Fais un clic droit dans la fenêtre blanche et clique "Add more files?"

Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

D:\WINDOWS\system32\geeda.dll

Copie/colle le chemin du fichier suivant dans la seconde case (au centre):

D:\WINDOWS\system32\adeeg.*

Copie/colle le chemin du fichier suivant dans la toisième case (en bas):

D:\WINDOWS\system32\rtryugcw.dll

Clique sur le bouton "Add File(s)"

Clique sur le bouton "Close Window"

Clique à nouveau sur "Remove Vundo"

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Double-clique VundoFix.exe afin de le lancer.
[***]Ne clique pas sur "Scan for Vundo"

Fais un clic droit dans la fenêtre blanche et clique "Add more files?"

Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

D:\WINDOWS\wvwusq.dll

Copie/colle le chemin du fichier suivant dans la seconde case (au centre):

D:\Documents and Settings\All Users\Documents\Settings\partnership.dll

Copie/colle le chemin du fichier suivant dans la toisième case (en bas):

D:\WINDOWS\SYSTEM32\tuvuron.dll

Clique sur le bouton "Add File(s)"

Clique sur le bouton "Close Window"

Clique à nouveau sur "Remove Vundo"

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.



Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt.

Re re je crois que c pas trop mal là mais reste encore des trucs je pense....

Voilà ce que tu m'as demandé :

rapport Combofix

"Muichkine" - 07-04-27 0:56:20 Service Pack 2
ComboFix 07-04-25.4V - Running from: "D:\Documents and Settings\Muichkine\Bureau\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
D:\qoobox\purity\D\DOCUME~1
D:\qoobox\purity\D\DOCUME~1\MUICHK~1
D:\qoobox\purity\D\DOCUME~1\MUICHK~1\APPLIC~1
D:\qoobox\purity\D\DOCUME~1\MUICHK~1\APPLIC~1\SKS~1
D:\qoobox\purity\D\WINDOWS\MBOLS~1
D:\qoobox\purity\D\WINDOWS\system32\ASEMBL~1
D:\qoobox\purity\D\WINDOWS\system32\ASEMBL~1\a?sembly
D:\qoobox\purity\D\WINDOWS\system32\ASEMBL~1\bak


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_POOF


((((((((((((((((((((((((((((((( Files Created from 2007-03-27 to 2007-04-27 ))))))))))))))))))))))))))))))))))


2007-04-27 00:55 21,504 --a------ D:\WINDOWS\system32\sfnfsfrmokmvc.dll
2007-04-27 00:44 21,504 --a------ D:\WINDOWS\system32\qvr.dll
2007-04-27 00:39 21,504 --a------ D:\WINDOWS\system32\ggpokyo.dll
2007-04-27 00:30 21,504 --a------ D:\WINDOWS\system32\cipgzef.dll
2007-04-26 23:59 21,504 --a------ D:\WINDOWS\system32\wen.dll
2007-04-26 23:58 1,404,732 ---hs---- D:\WINDOWS\system32\adeeg.ini2
2007-04-26 23:58 1,402,404 ---hs---- D:\WINDOWS\system32\adeeg.bak2
2007-04-26 23:17 21,504 --a------ D:\WINDOWS\system32\dfsrupj.dll
2007-04-26 23:16 107,012 --a------ D:\WINDOWS\system32\winupd_KB04546852.exe
2007-04-26 23:15 <REP> d--hs---- D:\WINDOWS\system32\wsnpoem
2007-04-26 22:12 39,424 --a------ D:\WINDOWS\system32\winupd_KB77461293.exe
2007-04-26 22:12 39,225 --a------ D:\WINDOWS\system32\winupd_KB59112154.exe
2007-04-26 22:12 21,504 --a------ D:\WINDOWS\system32\pjekamq.dll
2007-04-26 22:09 21,504 --a------ D:\WINDOWS\system32\j.dll
2007-04-26 21:49 21,504 --a------ D:\WINDOWS\system32\wditeai.dll
2007-04-26 19:35 <REP> d-------- D:\VundoFix Backups
2007-04-26 19:25 21,504 --a------ D:\WINDOWS\system32\jhmlk.dll
2007-04-26 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Viewpoint
2007-04-26 10:04 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-26 10:03 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-26 10:03 <REP> dr------- D:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-04-26 10:03 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-04-26 10:03 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-04-26 10:03 <REP> d--h----- D:\DOCUME~1\ADMINI~1\ModŠles
2007-04-26 10:03 <REP> d-------- D:\DOCUME~1\ADMINI~1\Mes documents
2007-04-26 10:03 <REP> d-------- D:\DOCUME~1\ADMINI~1\Favoris
2007-04-26 10:03 <REP> d-------- D:\DOCUME~1\ADMINI~1\Bureau
2007-04-26 01:18 <REP> d-------- D:\Program Files\Lavasoft
2007-04-26 01:13 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-26 00:08 132,660 --a------ D:\WINDOWS\system32\lllsweai.dll
2007-04-25 19:00 30,720 --a------ D:\WINDOWS\system32\rpcc1.dll
2007-04-25 12:07 <REP> d-------- D:\DOCUME~1\MUICHK~1\APPLIC~1\Viewpoint
2007-04-24 11:33 11,776 --a------ D:\WINDOWS\system32\winupd_KB74910283.exe
2007-04-24 11:33 11,776 --a------ D:\WINDOWS\system32\winupd_KB74910283(2).exe
2007-04-24 10:28 107,012 --a------ D:\WINDOWS\system32\winupd_KB11215421.exe
2007-04-24 09:41 106,767 --a------ D:\WINDOWS\yaabxx(2).dll
2007-04-24 09:31 32,341 --a------ D:\WINDOWS\system32\rpcc(2).exe
2007-04-24 09:31 <REP> dr------- D:\DOCUME~1\LOCALS~1\Favoris
2007-04-24 09:30 22,016 --a------ D:\WINDOWS\system32\winupd_KB68731342.exe
2007-04-19 23:55 65,536 --a------ D:\WINDOWS\wanmpsvc.exe
2007-04-19 21:38 <REP> d-------- D:\DOCUME~1\MUICHK~1\APPLIC~1\Lavasoft
2007-04-19 21:34 <REP> d-a------ D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-19 21:33 <REP> d-------- D:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-04-19 21:30 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-19 21:25 <REP> d-------- D:\WINDOWS\system32\GroupPolicy
2007-04-19 21:24 <REP> d-------- D:\Program Files\Hitman Pro
2007-04-19 21:12 <REP> d-------- D:\WINDOWS\McAfee.com
2007-04-18 19:03 106,767 --a------ D:\WINDOWS\awwxyv.dll
2007-04-18 19:03 106,767 --a------ D:\WINDOWS\awwxyv(2).dll
2007-04-18 19:03 <REP> d-------- D:\DOCUME~1\MUICHK~1\APPLIC~1\McAfee
2007-04-01 21:19 <REP> d-------- D:\Program Files\LastChaosUSA


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-27 00:54 -------- d-------- D:\DOCUME~1\MUICHK~1\APPLIC~1\openoffice.org2
2007-04-26 23:16 281348 --a------ D:\WINDOWS\system32\drivers\ndis.sys
2007-04-26 21:51 48856 --a------ D:\WINDOWS\system32\perfc00c.dat
2007-04-26 21:51 368076 --a------ D:\WINDOWS\system32\perfh00c.dat
2007-04-26 13:36 -------- d-------- D:\Program Files\emule
2007-04-26 00:52 82944 --a------ D:\WINDOWS\system32\ws2_32.dll
2007-04-26 00:48 82944 --a------ D:\WINDOWS\system32\ws2_32(4).dll
2007-04-24 23:56 82944 --a------ D:\WINDOWS\system32\ws2_32(2).dll
2007-04-24 23:53 506368 --a------ D:\WINDOWS\system32\winlogon(2).exe
2007-04-08 11:56 -------- d-------- D:\Program Files\aol 9.0c
2007-04-06 19:29 -------- d-------- D:\Program Files\quicktime
2007-04-06 19:28 36952 --a------ D:\WINDOWS\system32\nvraidservice.exe
2007-04-03 19:30 3308 --a------ D:\DOCUME~1\MUICHK~1\APPLIC~1\wklnhst.dat
2007-04-01 21:19 -------- d--h----- D:\Program Files\installshield installation information
2007-03-23 17:46 1901 --a------ D:\WINDOWS\panose.bin
2007-02-03 12:58 81920 --a------ D:\WINDOWS\system32\w32n50.dll
2007-02-03 12:58 17134 --a------ D:\WINDOWS\system32\pcandis5.sys
2007-02-02 22:06 23056 --a------ D:\WINDOWS\system32\emptyregdb.dat
2007-01-12 13:56 39456 --a------ D:\DOCUME~1\MUICHK~1\APPLIC~1\gdipfontcachev1.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0056ff29-5b46-4369-860c-d3593a9d4b6a} D:\WINDOWS\system32\dpvdit.dll [x]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{249D0220-AFF0-4B62-A810-244B38E58526} D:\WINDOWS\system32\vtsqo.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{556C7B98-BAAA-4C03-8568-EDB3BD67E8D4} D:\WINDOWS\system32\jkkli.dll [x]
{5846EAA1-B174-4106-A8F5-CA92E974D1F6} D:\WINDOWS\system32\geeda.dll [x]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9A5183A3-EBAD-4490-8781-8084EC073CE2} D:\WINDOWS\system32\ssqpn.dll [x]
{BC63E018-7DDF-0C7F-8E8E-5517C88509C5} D:\WINDOWS\System32\lfmuqc.dll [x]
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} D:\WINDOWS\system32\rtryugcw.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MCUpdateExe"="D:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="d:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"VSOCheckTask"="\"d:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"d:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"D:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"nwiz"="nwiz.exe /install"
"NVRaidService"="D:\\WINDOWS\\System32\\nvraidservice.exe"
"NVMixerTray"="\"D:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"NvMediaCenter"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HostManager"="D:\\Program Files\\Fichiers communs\\AOL\\1155687321\\ee\\AOLSoftware.exe"
"AOLDialer"="D:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"
"22420540.exe"="D:\\WINDOWS\\system32\\22420540.exe"
"InfoData"="rundll32.exe \"D:\\WINDOWS\\wvwusq.dll\",realset"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Xtskpggj"="D:\\PROGRA~1\\SMANTE~1\\XPLORE~1.EXE"
"Uaut"="\"D:\\WINDOWS\\System32\\ASEMBL~1\\dllhost.exe\" -vt ndrv"
"NBJ"="\"D:\\Program Files\\Ahead\\Nero BackItUp\\nbj.exe\""
"PowerBar"="\"D:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"userinit"="D:\\WINDOWS\\system32\\ntos.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"userinit"="D:\\WINDOWS\\system32\\ntos.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dpvdit
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc1
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winonn32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ \0:\WINDOWS\system32\srrstr.dll\0\0\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\Recherche de mises … jour sur McAfee.com (NONAME-Muichkine).job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-27 01:03:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdcorkstation

HKLM\SYSTEM\CurrentControlSet\Services\ldapfdc

HKLM\SYSTEM\CurrentControlSet\Services\LmHostsService

HKLM\SYSTEM\CurrentControlSet\Services\mdmxsdkr.exe

HKLM\SYSTEM\CurrentControlSet\Services\mnmddsoft IE Updater_2

HKLM\SYSTEM\CurrentControlSet\Services\Modemvc

HKLM\SYSTEM\CurrentControlSet\Services\mouhidss

HKLM\SYSTEM\CurrentControlSet\Services\mraid35xce

HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV5x

HKLM\SYSTEM\CurrentControlSet\Services\MSDTCb

HKLM\SYSTEM\CurrentControlSet\Services\MSDVC

HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRVer

HKLM\SYSTEM\CurrentControlSet\Services\MSPQMOCK

HKLM\SYSTEM\CurrentControlSet\Services\MSTEEios

HKLM\SYSTEM\CurrentControlSet\Services\MupEE

HKLM\SYSTEM\CurrentControlSet\Services\NDISSFEC

HKLM\SYSTEM\CurrentControlSet\Services\Ndisuioi

HKLM\SYSTEM\CurrentControlSet\Services\NetBTOS

HKLM\SYSTEM\CurrentControlSet\Services\Netlogondm

HKLM\SYSTEM\CurrentControlSet\Services\Netmanon

HKLM\SYSTEM\CurrentControlSet\Services\Nla1394

HKLM\SYSTEM\CurrentControlSet\Services\NullSvc

HKLM\SYSTEM\CurrentControlSet\Services\nvll

HKLM\SYSTEM\CurrentControlSet\Services\nvraidus

HKLM\SYSTEM\CurrentControlSet\Services\NVSvcd

HKLM\SYSTEM\CurrentControlSet\Services\osei1394

HKLM\SYSTEM\CurrentControlSet\Services\ParVdmr

HKLM\SYSTEM\CurrentControlSet\Services\PCINDIS5

HKLM\SYSTEM\CurrentControlSet\Services\PCIIdep

HKLM\SYSTEM\CurrentControlSet\Services\PDRELIE

HKLM\SYSTEM\CurrentControlSet\Services\perc2AME

HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk

HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt

HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc

HKLM\SYSTEM\CurrentControlSet\Services\Processorort

HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage

HKLM\SYSTEM\CurrentControlSet\Services\PtilinkedStorage

HKLM\SYSTEM\CurrentControlSet\Services\ql1080k

HKLM\SYSTEM\CurrentControlSet\Services\ql12400

HKLM\SYSTEM\CurrentControlSet\Services\ql12800

HKLM\SYSTEM\CurrentControlSet\Services\RasManp

HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe

HKLM\SYSTEM\CurrentControlSet\Services\Rdbssioe

HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD

HKLM\SYSTEM\CurrentControlSet\Services\rdpdrD

HKLM\SYSTEM\CurrentControlSet\Services\redbookgr

HKLM\SYSTEM\CurrentControlSet\Services\Rksamplegistry

HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry

HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator

HKLM\SYSTEM\CurrentControlSet\Services\RSVPscator

HKLM\SYSTEM\CurrentControlSet\Services\Secdrvrt

HKLM\SYSTEM\CurrentControlSet\Services\SENSogon

HKLM\SYSTEM\CurrentControlSet\Services\serenumn

HKLM\SYSTEM\CurrentControlSet\Services\Serialm

HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection

HKLM\SYSTEM\CurrentControlSet\Services\SLIPadWDetection

HKLM\SYSTEM\CurrentControlSet\Services\SoftFaxncm

HKLM\SYSTEM\CurrentControlSet\Services\SONYPVU1cm

HKLM\SYSTEM\CurrentControlSet\Services\Sparrow1

HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr

HKLM\SYSTEM\CurrentControlSet\Services\sroolerr

HKLM\SYSTEM\CurrentControlSet\Services\Srvervice

HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRVce

HKLM\SYSTEM\CurrentControlSet\Services\stisvcV

HKLM\SYSTEM\CurrentControlSet\Services\swenumip

HKLM\SYSTEM\CurrentControlSet\Services\swmidiip

HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi

HKLM\SYSTEM\CurrentControlSet\Services\swwdvi

HKLM\SYSTEM\CurrentControlSet\Services\sym_hix

HKLM\SYSTEM\CurrentControlSet\Services\sym_u3x

HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog

HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprvog

HKLM\SYSTEM\CurrentControlSet\Services\TDPIPEv

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE

HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice

HKLM\SYSTEM\CurrentControlSet\Services\TlntSvrvice

HKLM\SYSTEM\CurrentControlSet\Services\Tonesvr

HKLM\SYSTEM\CurrentControlSet\Services\TosIder

HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs

HKLM\SYSTEM\CurrentControlSet\Services\UdfsDs

HKLM\SYSTEM\CurrentControlSet\Services\UPSphost

HKLM\SYSTEM\CurrentControlSet\Services\usbehcit

HKLM\SYSTEM\CurrentControlSet\Services\usbhubi

HKLM\SYSTEM\CurrentControlSet\Services\usbscant

HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt

HKLM\SYSTEM\CurrentControlSet\Services\V124RNDIS

HKLM\SYSTEM\CurrentControlSet\Services\VgaSaveIS

HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee

HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap

HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme

HKLM\SYSTEM\CurrentControlSet\Services\Wanarpe

HKLM\SYSTEM\CurrentControlSet\Services\WDICAniportService

HKLM\SYSTEM\CurrentControlSet\Services\wdmaudiportService

HKLM\SYSTEM\CurrentControlSet\Services\winachsft

HKLM\SYSTEM\CurrentControlSet\Services\winmgmtft

HKLM\SYSTEM\CurrentControlSet\Services\Winsockf

HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN

HKLM\SYSTEM\CurrentControlSet\Services\WS2IFSLv

HKLM\SYSTEM\CurrentControlSet\Services\wscsvcLv

HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv

HKLM\SYSTEM\CurrentControlSet\Services\xmlprovv

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 101
hidden files: 0


********************************************************************

Completion time: 07-04-27 1:03:41
D:\ComboFix-quarantined-files.txt ... 07-04-27 01:03


RApport Hijackthis


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:07:27, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Documents and Settings\ie_updater.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\AOL\1155687321\ee\AOLSoftware.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\AOL 9.0c\aoltray.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
d:\program files\fichiers communs\aol\1155687321\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
d:\program files\fichiers communs\aol\1155687321\ee\aolsoftware.exe
D:\Documents and Settings\Muichkine\Bureau\HiJackThis_v2.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bluesquad.fr/trial.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9282BD73-7BC8-7E16-9D84-012220F97CB2} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {0056ff29-5b46-4369-860c-d3593a9d4b6a} - D:\WINDOWS\system32\dpvdit.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {249D0220-AFF0-4B62-A810-244B38E58526} - D:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {556C7B98-BAAA-4C03-8568-EDB3BD67E8D4} - D:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {5846EAA1-B174-4106-A8F5-CA92E974D1F6} - D:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9A5183A3-EBAD-4490-8781-8084EC073CE2} - D:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {BC63E018-7DDF-0C7F-8E8E-5517C88509C5} - D:\WINDOWS\System32\lfmuqc.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - D:\WINDOWS\system32\rtryugcw.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Fichiers communs\AOL\1155687321\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [22420540.exe] D:\WINDOWS\system32\22420540.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "D:\WINDOWS\wvwusq.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Xtskpggj] D:\PROGRA~1\SMANTE~1\XPLORE~1.EXE
O4 - HKCU\..\Run: [Uaut] "D:\WINDOWS\System32\ASEMBL~1\dllhost.exe" -vt ndrv
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [PowerBar] "D:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [userinit] D:\WINDOWS\system32\ntos.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0c\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0...
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dpvdit - dpvdit.dll (file missing)
O20 - Winlogon Notify: partnershipreg - D:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: rpcc1 - D:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: winonn32 - winonn32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSIEUpdater_2 (Microsoft IE Updater_2) - Unknown owner - D:\Documents and Settings\ie_updater.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - D:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - D:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - D:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 11443 bytes


et rapport vundofix

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 19:35:56 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\exvbpbpt.dll
D:\WINDOWS\system32\ilkkj.bak1
D:\WINDOWS\system32\ilkkj.bak2
D:\WINDOWS\system32\ilkkj.ini
D:\WINDOWS\system32\jkkli.dll
D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\xvtkyrlf.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\exvbpbpt.dll
D:\WINDOWS\system32\exvbpbpt.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.bak1
D:\WINDOWS\system32\ilkkj.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.bak2
D:\WINDOWS\system32\ilkkj.bak2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.ini
D:\WINDOWS\system32\ilkkj.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\jkkli.dll
D:\WINDOWS\system32\jkkli.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\tuvuurs.dll Could not be deleted.

Attempting to delete D:\WINDOWS\system32\xvtkyrlf.dll
D:\WINDOWS\system32\xvtkyrlf.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 21:52:09 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\npqss.bak1
D:\WINDOWS\system32\npqss.ini
D:\WINDOWS\system32\ssqpn.dll
D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\wvuuurr.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\npqss.bak1
D:\WINDOWS\system32\npqss.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\npqss.ini
D:\WINDOWS\system32\npqss.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\ssqpn.dll
D:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\tuvuurs.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvuuurr.dll
D:\WINDOWS\system32\wvuuurr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 22:46:17 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\bgmigeie.dll
D:\WINDOWS\system32\ddcdcyv.dll
D:\WINDOWS\system32\oqstv.bak1
D:\WINDOWS\system32\oqstv.ini
D:\WINDOWS\system32\vtsqo.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\bgmigeie.dll
D:\WINDOWS\system32\bgmigeie.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ddcdcyv.dll
D:\WINDOWS\system32\ddcdcyv.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\oqstv.bak1
D:\WINDOWS\system32\oqstv.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\oqstv.ini
D:\WINDOWS\system32\oqstv.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\vtsqo.dll
D:\WINDOWS\system32\vtsqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\geeda.dll
D:\WINDOWS\system32\geeda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\geeda.dll
D:\WINDOWS\system32\geeda.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\Documents and settings\All Users\Documents\Settings\partnership.dll
D:\Documents and settings\All Users\Documents\Settings\partnership.dll Has been deleted!

Attempting to delete D:\WINDOWS\SYSTEM32\tuvuron.dll
D:\WINDOWS\SYSTEM32\tuvuron.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\SYSTEM32\tuvuron.dll
D:\WINDOWS\SYSTEM32\tuvuron.dll Has been deleted!

Performing Repairs to the registry.
Done!

J'ai l'impression que mon pc va un peu plus vite ...

bonjour,

C'était qu'une impression Arf...

Bonjour

On continue

$$ Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.


$$ Double-clique VundoFix.exe afin de le lancer.
[***]Ne clique pas sur "Scan for Vundo"

Fais un clic droit dans la fenêtre blanche et clique "Add more files?"

Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

D:\WINDOWS\wvwusq.dl

Copie/colle le chemin du fichier suivant dans la seconde case (au centre):

D:\WINDOWS\system32\rpcc1.dll

Clique sur le bouton "Add File(s)"

Clique sur le bouton "Close Window"

Clique à nouveau sur "Remove Vundo"

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK


$$ Redémarre en mode sans échec.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Choisis l'option 2
Enregistre le rapport une fois le scan terminé


Redémarre normalement.

Poste le contenu du rapport situé dans C:\vundofix.txt avec le rapport qui se trouve ici C:\rapport_clean.txt et un nouveau rapport HijackThis.

Re Allons y ,

Le rapport vundofix.txt :


VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 19:35:56 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\exvbpbpt.dll
D:\WINDOWS\system32\ilkkj.bak1
D:\WINDOWS\system32\ilkkj.bak2
D:\WINDOWS\system32\ilkkj.ini
D:\WINDOWS\system32\jkkli.dll
D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\xvtkyrlf.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\exvbpbpt.dll
D:\WINDOWS\system32\exvbpbpt.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.bak1
D:\WINDOWS\system32\ilkkj.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.bak2
D:\WINDOWS\system32\ilkkj.bak2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\ilkkj.ini
D:\WINDOWS\system32\ilkkj.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\jkkli.dll
D:\WINDOWS\system32\jkkli.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\tuvuurs.dll Could not be deleted.

Attempting to delete D:\WINDOWS\system32\xvtkyrlf.dll
D:\WINDOWS\system32\xvtkyrlf.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 21:52:09 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\npqss.bak1
D:\WINDOWS\system32\npqss.ini
D:\WINDOWS\system32\ssqpn.dll
D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\wvuuurr.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\npqss.bak1
D:\WINDOWS\system32\npqss.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\npqss.ini
D:\WINDOWS\system32\npqss.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\ssqpn.dll
D:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\tuvuurs.dll
D:\WINDOWS\system32\tuvuurs.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvuuurr.dll
D:\WINDOWS\system32\wvuuurr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 22:46:17 26/04/2007

Listing files found while scanning....

D:\WINDOWS\system32\bgmigeie.dll
D:\WINDOWS\system32\ddcdcyv.dll
D:\WINDOWS\system32\oqstv.bak1
D:\WINDOWS\system32\oqstv.ini
D:\WINDOWS\system32\vtsqo.dll

Beginning removal...

Attempting to delete D:\WINDOWS\system32\bgmigeie.dll
D:\WINDOWS\system32\bgmigeie.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\ddcdcyv.dll
D:\WINDOWS\system32\ddcdcyv.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\oqstv.bak1
D:\WINDOWS\system32\oqstv.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\oqstv.ini
D:\WINDOWS\system32\oqstv.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\vtsqo.dll
D:\WINDOWS\system32\vtsqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\geeda.dll
D:\WINDOWS\system32\geeda.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\system32\geeda.dll
D:\WINDOWS\system32\geeda.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\Documents and settings\All Users\Documents\Settings\partnership.dll
D:\Documents and settings\All Users\Documents\Settings\partnership.dll Has been deleted!

Attempting to delete D:\WINDOWS\SYSTEM32\tuvuron.dll
D:\WINDOWS\SYSTEM32\tuvuron.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete D:\WINDOWS\SYSTEM32\tuvuron.dll
D:\WINDOWS\SYSTEM32\tuvuron.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 02:12:39 27/04/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete D:\WINDOWS\system32\rpcc1.dll
D:\WINDOWS\system32\rpcc1.dll Has been deleted!

Performing Repairs to the registry.
Done!

Le rapport de clean :


Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 27/04/2007 a 10:49:13,40

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans D:

*** Suppression des fichiers dans D:\WINDOWS\

*** Suppression des fichiers dans D:\WINDOWS\system32
tentative de suppression de D:\WINDOWS\system32\mcrh.tmp
tentative de suppression de D:\WINDOWS\system32\SpoonUninstall.exe

*** Suppression des fichiers dans D:\Program Files
tentative de suppression de "D:\Program Files\Fichiers communs\Y1220OU.exe"
tentative de suppression de "D:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

et le rapport HJT :


Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 27/04/2007 a 10:49:13,40

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans D:

*** Suppression des fichiers dans D:\WINDOWS\

*** Suppression des fichiers dans D:\WINDOWS\system32
tentative de suppression de D:\WINDOWS\system32\mcrh.tmp
tentative de suppression de D:\WINDOWS\system32\SpoonUninstall.exe

*** Suppression des fichiers dans D:\Program Files
tentative de suppression de "D:\Program Files\Fichiers communs\Y1220OU.exe"
tentative de suppression de "D:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Et le rapport de HJT :


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:01:32, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Documents and Settings\ie_updater.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Fichiers communs\AOL\Loader\aolload.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\AOL\1155687321\ee\AOLSoftware.exe
D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\AOL 9.0c\aoltray.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
d:\program files\fichiers communs\aol\1155687321\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
d:\program files\fichiers communs\aol\1155687321\ee\aolsoftware.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Muichkine\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bluesquad.fr/trial.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9282BD73-7BC8-7E16-9D84-012220F97CB2} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {0056ff29-5b46-4369-860c-d3593a9d4b6a} - D:\WINDOWS\system32\dpvdit.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {249D0220-AFF0-4B62-A810-244B38E58526} - D:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {556C7B98-BAAA-4C03-8568-EDB3BD67E8D4} - D:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {5846EAA1-B174-4106-A8F5-CA92E974D1F6} - D:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9A5183A3-EBAD-4490-8781-8084EC073CE2} - D:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {BC63E018-7DDF-0C7F-8E8E-5517C88509C5} - D:\WINDOWS\System32\lfmuqc.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - D:\WINDOWS\system32\rtryugcw.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Fichiers communs\AOL\1155687321\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [22420540.exe] D:\WINDOWS\system32\22420540.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "D:\WINDOWS\wvwusq.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Xtskpggj] D:\PROGRA~1\SMANTE~1\XPLORE~1.EXE
O4 - HKCU\..\Run: [Uaut] "D:\WINDOWS\System32\ASEMBL~1\dllhost.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = D:\Program Files\AOL 9.0c\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0...
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dpvdit - dpvdit.dll (file missing)
O20 - Winlogon Notify: partnershipreg - D:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: winonn32 - winonn32.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSIEUpdater_2 (Microsoft IE Updater_2) - Unknown owner - D:\Documents and Settings\ie_updater.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - D:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - D:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - D:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 10621 bytes


Je crois qu'il en reste encore  

Re

Oui, il en reste encore.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.