virus/cheval de troie tres actif dans mon systeme
Forum Sécurité - Virus : virus/cheval de troie tres actif dans mon systeme
BONJOUR a tous !
voila je pense que je viens de mettre un coup de grace a mon ordinateur avec un énième virus 
j'ai tenter plusieurs action mais rien ni fait celui c'est un corriasse
je suis a bout d'idée je ne sait meme plus par ou commencer
s'il vous plait quelqu'un aurait une idée?
pour me venir en aide ?
un beau matin defender s'affole et me dit sa a propos d'un certain problème grave nommer win32/vundo :
erreur rencontrée : (sa commence bien 
)
Code 0x80508017. Certaines actions n’ont pas pu s’appliquer à des éléments potentiellement dangereux. Ces éléments peuvent être stockés dans un emplacement en lecture seule. Supprimez les fichiers ou dossiers contenant les éléments ou, pour plus d’informations sur la suppression des autorisations de lecture seule des fichiers et des dossiers, voir Aide et support.
Catégorie :
Cheval de Troie
Description :
Ce programme affiche des publicités et peut être difficile à supprimer.
Conseil :
Supprimer immédiatement ce logiciel. 
(je veux bien ) mais lui il veut pas !
Ressources :
regkey:
HKCU@S-1-5-21-2957246583-523689479-2008681203-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
runkey:
HKCU@S-1-5-21-2957246583-523689479-2008681203-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MSServer
file:
C:\Windows\system32\rqRKbYQH.dll
de plus spybot-S&D s'affole aussi et m'inonde de demande d'ecriture sur le registe par MSSERVER
mon Pc BLOQUE a certain moment et rien a fair pendant une heure! 
help me please! je sait soigner les humain a merveil mais mon Pc jai du mal avec encore !
pour aider voici un rapport hijackthis (si sa peu vous aider !) 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:26, on 26/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\schtasks.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EyeDefender] "C:\Program Files\EyeDefender\EyeDefender.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRKbYQH.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/g [...] ection.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 13009 bytes
PS: je suis prete a toute manip !! merci encore
bonjour desoler pour le temp de reponse mais mon ordi a ete hors d'usage toute la journee. 
hier soir un ecran bleu et apparue "windows doit arreter votre systeme pour eviter tout dommage"
suivie de "DRIVERs_IRQL_NOT_LESS_OR_EQUAL" 
je suis paumer
pour info j'etait en train de telecharger une demo jouable de commande and conquert sur jeux.video.com
voici le rapport de combo fix que tu ma demander:
(jai bien suivie les instruction!) 
ComboFix 08-08-26.02 - PyRoMaNuS² cHaCaLuS² 2008-08-27 17:31:45.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1227 [GMT 2:00]
Endroit: C:\Users\PyRoMaNuS² cHaCaLuS²\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\jusched.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 11:13 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-27 06:37 2,144,775,442 ----a-w C:\Windows\DUMP6e8a.tmp
2008-08-27 06:35 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\uTorrent
2008-08-26 22:04 --------- d-----w C:\Users\----PuBLiC-------\AppData\Roaming\Hewlett-Packard
2008-08-26 21:58 --------- d-----w C:\Users\----PuBLiC-------\AppData\Roaming\Grisoft
2008-08-26 21:58 --------- d-----w C:\Users\----PuBLiC-------\AppData\Roaming\ATI
2008-08-26 21:54 174 --sha-w C:\Program Files\desktop.ini
2008-08-26 21:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-26 21:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-26 21:44 --------- d-----w C:\Program Files\Windows Mail
2008-08-26 21:44 --------- d-----w C:\Program Files\Windows Journal
2008-08-26 21:44 --------- d-----w C:\Program Files\Windows Defender
2008-08-26 21:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-26 21:44 --------- d-----w C:\Program Files\Windows Calendar
2008-08-26 21:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-26 21:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-26 20:57 --------- d---a-w C:\ProgramData\TEMP
2008-08-26 20:12 --------- d-----w C:\Program Files\OO Software
2008-08-26 19:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-26 18:33 --------- d-----w C:\ProgramData\Google Updater
2008-08-26 18:14 --------- d-----w C:\Program Files\Spring
2008-08-26 16:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-26 15:43 --------- d-----w C:\Program Files\Trend Micro
2008-08-26 15:24 0 ----a-w C:\StarCodec_ver1.5897.0.exe
2008-08-26 15:13 0 ----a-w C:\wmcodec_update.exe
2008-08-26 14:30 --------- d-----w C:\Program Files\UltraISO
2008-08-26 14:30 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-08-26 14:06 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\Roxio
2008-08-26 14:06 --------- d-----w C:\ProgramData\Sonic
2008-08-26 09:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 09:23 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-26 09:18 --------- d-----w C:\ProgramData\Symantec
2008-08-24 22:03 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\Azureus
2008-08-24 21:58 --------- d-----w C:\ProgramData\Azureus
2008-08-24 17:35 --------- d-----w C:\Program Files\Bos Wars
2008-08-24 17:32 --------- d-----w C:\Program Files\Microsoft Games
2008-08-24 12:00 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\vlc
2008-08-24 09:33 --------- d-----w C:\Program Files\BitComet
2008-08-24 09:29 --------- d-----w C:\Program Files\EyeDefender
2008-08-24 09:20 --------- d-----w C:\Program Files\uTorrent
2008-08-24 09:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 09:13 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\Malwarebytes
2008-08-24 09:13 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-24 09:11 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\Grisoft
2008-08-24 09:11 --------- d-----w C:\ProgramData\Grisoft
2008-08-24 09:02 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-08-24 09:02 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-24 09:01 --------- d-----w C:\ProgramData\Messenger Plus!
2008-08-24 08:55 269,312 ----a-w C:\Windows\System32\es.dll
2008-08-24 08:42 --------- d-----w C:\Program Files\Sun
2008-08-24 08:40 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 08:40 --------- d-----w C:\Program Files\Java
2008-08-24 08:32 --------- d-----w C:\Program Files\Windows Live
2008-08-24 08:31 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-24 08:31 --------- d-----w C:\ProgramData\Skype
2008-08-24 08:31 --------- d-----w C:\Program Files\Skype
2008-08-24 08:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-24 08:30 --------- d-----w C:\Program Files\Real
2008-08-24 08:30 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-24 08:30 --------- d-----w C:\Program Files\Common Files\Real
2008-08-24 08:28 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\PC Tools
2008-08-24 08:27 --------- d-----w C:\Program Files\Picasa2
2008-08-24 08:27 --------- d-----w C:\Program Files\Google
2008-08-24 08:22 --------- d-----w C:\ProgramData\WLInstaller
2008-08-24 08:10 102,400 ----a-w C:\Windows\EarthView.scr
2008-08-24 08:10 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\DeskSoft
2008-08-24 08:10 --------- d-----w C:\Program Files\EarthView
2008-08-24 08:07 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-24 08:07 --------- d-----w C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\DAEMON Tools
2008-08-24 07:52 --------- d-----w C:\Program Files\Vuze
2008-08-24 07:49 --------- d-----w C:\Program Files\CCleaner
2008-08-24 07:46 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-24 07:46 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-08-24 07:46 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-24 07:46 --------- d-----w C:\Program Files\Symantec
2008-08-24 07:46 --------- d-----w C:\Program Files\PeerTV
2008-08-24 07:44 --------- d-----w C:\Program Files\Sunbelt Software
2008-08-24 07:43 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-24 07:42 --------- d-----w C:\Program Files\VideoLAN
2008-08-24 06:10 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-08-24 06:10 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-08-24 06:10 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-08-24 06:10 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-08-24 06:01 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-08-24 05:54 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-08-24 05:52 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-08-24 05:50 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-08-24 05:49 988,216 ----a-w C:\Windows\System32\winload.exe
2008-08-24 05:49 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-08-24 05:49 615,992 ----a-w C:\Windows\System32\ci.dll
2008-08-24 05:49 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-08-24 05:49 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-08-24 05:49 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-08-24 05:49 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-08-24 05:49 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-08-24 05:49 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-08-24 05:48 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-08-24 05:47 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-08-24 05:46 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-24 05:46 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-24 10:24 39408]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"EyeDefender"="C:\Program Files\EyeDefender\EyeDefender.exe" [2008-08-20 15:53 158208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-12-14 03:42 54672]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-24 10:25 29744]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\WINDOWS\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-24 10:30 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-07-06 13:06 4669440 C:\WINDOWS\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000004
"UpdatesDisableNotify"=dword:00000004
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2879C51B-4893-4AFE-A17C-34CCA0374599}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{14DEFFB2-2783-4FE8-B246-0F1DFBCAB5EF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{40095592-4BF7-4CF9-96F3-963DB5FBE428}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{DD8F21C9-D5F3-4FA5-BDD9-8AAB9FCA42E2}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{79B59097-69B2-4FA3-9A30-8A224CC5A968}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9FE534F8-4B43-4CE6-8B46-E1599586A399}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0E11A4EE-7B55-4576-9D6C-2895CCB0C74F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080825.001\IDSvix86.sys [2008-07-16 20:37]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys [2008-07-16 09:57]
R1 sbhips;Sunbelt HIPS Driver;C:\Windows\system32\drivers\sbhips.sys [2008-06-21 04:54]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys [2008-07-29 21:24]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 21:24]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 10:36]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 00:07]
R3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 09:32]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 10:36]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-24 10:25]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-26 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - PyRoMaNuS² cHaCaLuS².job
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 20:09]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\PyRoMaNuS² cHaCaLuS²\AppData\Roaming\Mozilla\Firefox\Profiles\v9mrfs6h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Google\Google Updater\2.3.1314.1135\npCIDetect12.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 17:39:16
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 17:42:39
ComboFix-quarantined-files.txt 2008-08-27 15:42:30
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 304,338,202,624 octets libres
225 --- E O F --- 2008-08-27 12:53:30
sa va mieux tu pense ?
et pour l'ecran bleu et le plantage c'est grave ?
merci encore de m'aider !
Euh je ne sais pas, jamais fait du dual boot.
Si tu n'y arrives pas, fais-le en mode normal
Répondre à XmichouX
Re,
Supprime les outils installés
Tu peux changer d'antivirus si tu veux, norton est à mon goût bien trop lourd.
En gratuit : AntiVir
Répondre à XmichouX
