Virus/spyware récalcitrant

mromain -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Cela fait plusieurs jours que je me bat contre un virus sous Vista. J'ai essayé plusieurs utilitaires mais sans succes. Je fait donc appel à la communauté.

Voici mon log:

Logfile of HijackThis v1.99.1
Scan saved at 19:29:55, on 20/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\udmbmtax\ujahwbyn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\epsvyzwj.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Temp\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Utils\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {3F717486-BE7D-4A1D-9436-50A11602D570} - C:\Windows\system32\pmnmjkLD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_12.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: dsktbwfe - {CDEB7105-9C60-41A2-81B8-6846529C7AAA} - C:\Windows\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {D021FDD7-07E9-4287-9C98-AC732E188594} - C:\Windows\ogxtsepr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Merci pour votre aide
Configuration: Windows vista
Internet Explorer 7.0

7 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    _______________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\pmnmjkLD.dll
    C:\Windows\system32\wbwnsjol.exe
    C:\Windows\system32\qzcjubcz.exe
    C:\Windows\system32\epsvyzwj.exe
    C:\Windows\system32\ipmnujsf.exe
    C:\Windows\ogxtsepr.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ____________________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
    0
  2. mromain
     
    Merci pour la réponse si rapide.
    J'ai suivi les indications à la lettre et voici le résultat:

    *** OTMoveIT2
    File/Folder C:\Windows\system32\pmnmjkLD.dll not found.
    C:\Windows\system32\wbwnsjol.exe moved successfully.
    File/Folder C:\Windows\system32\qzcjubcz.exe not found.
    C:\Windows\system32\epsvyzwj.exe moved successfully.
    C:\Windows\system32\ipmnujsf.exe moved successfully.
    File/Folder C:\Windows\ogxtsepr.dll not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04202008_220238

    ***SmitFraudFix
    SmitFraudFix v2.315

    Scan done at 22:05:11,52, 20/04/2008
    Run from C:\Users\Romain\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
    C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Romain\Desktop\OTMoveIt2.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Romain

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Romain\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Romain\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{17482C0D-2614-4DEC-BD6E-848F1FB32DE3}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{17482C0D-2614-4DEC-BD6E-848F1FB32DE3}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{17482C0D-2614-4DEC-BD6E-848F1FB32DE3}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End

    Par contre j'ai toujouts Internet Explorer qui pédale dans la choucroute :(
    Alors?
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu peux desisntaller smitfraud fix

    ____

    as tu le rapport combofix?

    ____________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ______________
    recolle un hijackhtis

    a plus
    0
  4. mromain
     
    *********************************************************
    Le rapport de combofix (desole pour l'oubli)

    ComboFix 08-04-20.2 - Romain 2008-04-20 21:52:42.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1344 [GMT 2:00]
    Endroit: C:\Users\Romain\Desktop\killBagle.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\PC-Cleaner
    C:\Windows\System32\DLkjmnmp.ini
    C:\Windows\System32\DLkjmnmp.ini2
    C:\Windows\System32\eddbvixa.ini
    C:\Windows\system32\ejelnrar.dll
    C:\Windows\System32\hiieyhii.ini
    C:\Windows\system32\pmnmjkLD.dll
    C:\Windows\System32\rarnleje.ini
    C:\Windows\system32bdn.com
    C:\Windows\system32hxiwlgpm.dat
    C:\Windows\system32ssvchost.com
    C:\Windows\system32taack.dat
    C:\Windows\system32VBIEWER.OCX

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier cr‚‚ dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-20 19:33 2,690 ----a-w C:\Windows\System32\tmp.reg
    2008-04-20 19:32 691 ----a-w C:\Users\Romain\AppData\Roaming\GetValue.vbs
    2008-04-20 19:32 35 ----a-w C:\Users\Romain\AppData\Roaming\SetValue.bat
    2008-04-20 17:51 184,320 ----a-w C:\Windows\System32\delnext.exe
    2008-04-20 17:47 --------- d-----w C:\ProgramData\udmbmtax
    2008-04-20 16:00 --------- d-----w C:\Program Files\Ad-Aware 2007
    2008-04-20 15:59 --------- d-----w C:\ProgramData\Lavasoft
    2008-04-20 15:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-20 13:58 102,400 ----a-w C:\Windows\System32\ipmnujsf.exe
    2008-04-20 13:34 102,400 ----a-w C:\Windows\System32\epsvyzwj.exe
    2008-04-19 22:07 --------- d-----w C:\Program Files\Enigma Software Group
    2008-04-19 20:19 --------- d-----w C:\ProgramData\Google Updater
    2008-04-16 21:36 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-04-16 21:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-13 21:57 --------- d-----w C:\Program Files\NeroInstall.bak
    2008-04-13 21:54 --------- d-----w C:\Users\Romain\AppData\Roaming\Nero
    2008-04-13 21:52 --------- d-----w C:\Program Files\Common Files\Nero
    2008-04-13 21:50 --------- d-----w C:\ProgramData\Nero
    2008-04-13 21:50 --------- d-----w C:\Program Files\Nero
    2008-04-13 21:44 90,112 ----a-w C:\Windows\System32\wbwnsjol.exe
    2008-04-12 13:32 --------- d-----w C:\Program Files\Synergy
    2008-04-09 22:05 --------- d-----w C:\Program Files\Windows Mail
    2008-03-30 11:14 --------- d-----w C:\ProgramData\Skyline
    2008-03-30 11:14 --------- d-----w C:\Program Files\Skyline
    2008-03-30 07:33 --------- d-----w C:\Program Files\Virtual Earth 3D
    2008-03-30 07:22 --------- d-----w C:\Program Files\Google
    2008-03-24 17:42 --------- d-----w C:\Program Files\JetBee
    2008-03-21 20:43 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2008-03-15 20:00 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
    2008-03-15 20:00 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys
    2008-03-09 20:56 --------- d-----w C:\Program Files\Fiddler
    2008-03-09 20:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-03-09 20:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-03-09 20:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-03-09 20:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-03-09 20:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-03-09 20:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-03-09 20:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-03-09 20:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-03-09 20:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-03-09 20:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-03-09 20:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-03-09 14:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-09 14:37 --------- d-----w C:\ProgramData\Media Center Programs
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
    2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
    2008-02-18 14:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
    2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
    2008-02-02 20:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2007-12-22 22:56 22,328 ----a-w C:\Users\Romain\AppData\Roaming\PnkBstrK.sys
    2007-12-22 22:39 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-02 22:00 1232896]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-19 22:13 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-13 00:14 1006264]
    "AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe" [2006-10-23 22:28 593920]
    "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe" [2006-10-19 19:55 364032]
    "Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-10-24 16:45 1418752]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-12-23 00:01 868352]
    "avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
    "PWRISOVM.EXE"="D:\Utils\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
    "MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-18 17:00:00 125624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "PVGAn30wer"= C:\ProgramData\udmbmtax\ujahwbyn.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dieegyyz]
    --a------ 2008-04-20 15:58 102400 C:\Windows\system32\ipmnujsf.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\grgzsouf]
    --a------ 2008-04-20 15:34 102400 C:\Windows\system32\epsvyzwj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oczhopzy]
    C:\Windows\system32\qzcjubcz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sjmybyud]
    --a------ 2008-04-13 23:44 90112 C:\Windows\system32\wbwnsjol.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{AF9E06A3-7DF4-4F4F-B43B-6C31DF858977}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
    "UDP Query User{A65831A5-F0E0-43EA-8CFB-44605617DAE6}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
    "TCP Query User{89C25A7C-8F04-4074-AF50-AB67BF9F5B1C}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
    "UDP Query User{CA6533BD-6FF4-4768-81B0-91F8E7BA5C88}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
    "{3D16AFB0-B028-482F-A6DF-29556CAFBF27}"= UDP:11668:BitComet 11668 TCP
    "{D0CAB02E-5B4B-4082-996D-E43D97557AC9}"= TCP:11668:BitComet 11668 UDP
    "TCP Query User{222C1839-802F-4D15-B885-5982D7747BDC}D:\\utils\\program files\\bitcomet\\bitcomet.exe"= UDP:D:\utils\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{6E06A576-7362-4C50-81A7-B766D7356249}D:\\utils\\program files\\bitcomet\\bitcomet.exe"= TCP:D:\utils\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{11830C7D-6C2C-484A-886C-75C5B1E1BD47}"= UDP:D:\Jeux\Program Files\Battlefield 2142\BF2142.exe:Battlefield 2
    "{11128D36-3469-4EE8-A781-6B8B401A454C}"= TCP:D:\Jeux\Program Files\Battlefield 2142\BF2142.exe:Battlefield 2
    "{4DB23772-50F5-4E74-A846-1B73A4988E1A}"= UDP:D:\Jeux\Program Files\Crysis\Bin32\Crysis.exe:Crysis_32
    "{9285BEED-6E17-493F-8D77-ED840820E82E}"= TCP:D:\Jeux\Program Files\Crysis\Bin32\Crysis.exe:Crysis_32
    "{DD0CE53F-879D-466F-94E2-5ADF407275EF}"= UDP:D:\Jeux\Program Files\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{93FC8537-1F2E-4266-A589-4CC91E79513F}"= TCP:D:\Jeux\Program Files\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{97AA7EEA-A9D2-460C-BDF2-D139B5676BDA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{74316C5A-164F-458B-9246-8925029A9643}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{C70B8156-EC36-48B7-BD07-AFC43D0FB94C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{BFB787FB-3734-40D6-B04C-ED25C9D5271C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 07:24]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 22:09]
    S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\Windows\system32\DRIVERS\xusb20.sys [2006-10-13 14:48]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\dvdcheck.exe
    \shell\directx\command - DirectX9\dxsetup.exe
    \shell\setup\command - F:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \shell\AutoRun\command - I:\CdAutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2d5f20-fb11-11db-9ccc-0018f36ba9a8}]
    \shell\AutoRun\command - I:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffb37d6-daed-11db-b93b-0018f36ba9a8}]
    \shell\AutoRun\command - G:\autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-19 20:20:28 C:\Windows\Tasks\User_Feed_Synchronization-{88C430F8-F40C-4AFF-BEF4-D9D7047CBCBA}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-20 21:58:12
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\IoctlSvc.exe
    C:\Windows\System32\PnkBstrA.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Program Files\Avast4\ashDisp.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-20 22:01:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-20 20:00:57

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

    211 --- E O F --- 2008-04-19 20:26:38

    *********************************************************
    Le rapport de Malwarebytes' (je n'ai fait qu'une recherche rapide, je vais relancer la recherche approfondie)
    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 663

    Type de recherche: Examen rapide
    Eléments examinés: 29396
    Temps écoulé: 3 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    *********************************************************
    Et notre amis HiJackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 22:57:00, on 20/04/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
    C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    D:\Temp\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Utils\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
    O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
    O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
    O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_12.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

    *********************************************************
    Par contre quand je vais dans MSCONFIG, il y a 4 entrées qui me paraissent douteuses dans l'onglet demarage:

    - sjmybyud
    - oczhopzy
    - grgzsouf
    - dieegyyz

    IL y a des choses étranges comme par exemple, l'cione IE dans le lancement rapide faisait planter IE alors que si je le lance depuis un autre raccourci ca marche

    Merci Encore

    ROmain
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mromain
     
    et voila le resultat de l'analyse complete. Il a trouver les virus dans les fichiers deplacé par OTmoveit, mais egalement un autre virus

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 663

    Type de recherche: Examen complet (C:\|D:\|H:\|)
    Eléments examinés: 213406
    Temps écoulé: 1 hour(s), 9 minute(s), 58 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\ProgramData\udmbmtax\ujahwbyn.exe.virus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\04202008_220238\Windows\system32\epsvyzwj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\04202008_220238\Windows\system32\ipmnujsf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\04202008_220238\Windows\system32\wbwnsjol.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    0
  7. mromain
     
    un dernier pour la route. Les problemens ont l'air d'être résolu, un grand merci !

    Logfile of HijackThis v1.99.1
    Scan saved at 00:30:28, on 21/04/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
    C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Temp\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Utils\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
    O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
    O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
    O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_12.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
    O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
    O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
    O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe

    ___________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\wbwnsjol.exe
    C:\Windows\system32\qzcjubcz.exe
    C:\Windows\system32\epsvyzwj.exe
    C:\Windows\system32\ipmnujsf.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _________________

    vire ce qui est dans moved fiels en allant dans poste de travail puis:

    C:\_OTMoveIt\MovedFiles

    __________________
    0