Sujet Précédent Sujet Suivant

Virus/spyware récalcitrant

mromain -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Cela fait plusieurs jours que je me bat contre un virus sous Vista. J'ai essayé plusieurs utilitaires mais sans succes. Je fait donc appel à la communauté.

Voici mon log:

Logfile of HijackThis v1.99.1
Scan saved at 19:29:55, on 20/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\udmbmtax\ujahwbyn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\epsvyzwj.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Temp\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Utils\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {3F717486-BE7D-4A1D-9436-50A11602D570} - C:\Windows\system32\pmnmjkLD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_12.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: dsktbwfe - {CDEB7105-9C60-41A2-81B8-6846529C7AAA} - C:\Windows\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {D021FDD7-07E9-4287-9C98-AC732E188594} - C:\Windows\ogxtsepr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Merci pour votre aide
A voir également:

7 réponses

Réponse 1 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

_______________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\pmnmjkLD.dll
C:\Windows\system32\wbwnsjol.exe
C:\Windows\system32\qzcjubcz.exe
C:\Windows\system32\epsvyzwj.exe
C:\Windows\system32\ipmnujsf.exe
C:\Windows\ogxtsepr.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
0
Réponse 2 / 7
mromain
 
Merci pour la réponse si rapide.
J'ai suivi les indications à la lettre et voici le résultat:

*** OTMoveIT2
File/Folder C:\Windows\system32\pmnmjkLD.dll not found.
C:\Windows\system32\wbwnsjol.exe moved successfully.
File/Folder C:\Windows\system32\qzcjubcz.exe not found.
C:\Windows\system32\epsvyzwj.exe moved successfully.
C:\Windows\system32\ipmnujsf.exe moved successfully.
File/Folder C:\Windows\ogxtsepr.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04202008_220238

***SmitFraudFix
SmitFraudFix v2.315

Scan done at 22:05:11,52, 20/04/2008
Run from C:\Users\Romain\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Romain\Desktop\OTMoveIt2.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Romain

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Romain\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Romain\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{17482C0D-2614-4DEC-BD6E-848F1FB32DE3}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{17482C0D-2614-4DEC-BD6E-848F1FB32DE3}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{17482C0D-2614-4DEC-BD6E-848F1FB32DE3}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Par contre j'ai toujouts Internet Explorer qui pédale dans la choucroute :(
Alors?
0
Réponse 3 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu peux desisntaller smitfraud fix

____

as tu le rapport combofix?

____________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________
recolle un hijackhtis

a plus
0
Réponse 4 / 7
mromain
 
*********************************************************
Le rapport de combofix (desole pour l'oubli)

ComboFix 08-04-20.2 - Romain 2008-04-20 21:52:42.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1344 [GMT 2:00]
Endroit: C:\Users\Romain\Desktop\killBagle.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PC-Cleaner
C:\Windows\System32\DLkjmnmp.ini
C:\Windows\System32\DLkjmnmp.ini2
C:\Windows\System32\eddbvixa.ini
C:\Windows\system32\ejelnrar.dll
C:\Windows\System32\hiieyhii.ini
C:\Windows\system32\pmnmjkLD.dll
C:\Windows\System32\rarnleje.ini
C:\Windows\system32bdn.com
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32ssvchost.com
C:\Windows\system32taack.dat
C:\Windows\system32VBIEWER.OCX

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 19:33 2,690 ----a-w C:\Windows\System32\tmp.reg
2008-04-20 19:32 691 ----a-w C:\Users\Romain\AppData\Roaming\GetValue.vbs
2008-04-20 19:32 35 ----a-w C:\Users\Romain\AppData\Roaming\SetValue.bat
2008-04-20 17:51 184,320 ----a-w C:\Windows\System32\delnext.exe
2008-04-20 17:47 --------- d-----w C:\ProgramData\udmbmtax
2008-04-20 16:00 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-04-20 15:59 --------- d-----w C:\ProgramData\Lavasoft
2008-04-20 15:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 13:58 102,400 ----a-w C:\Windows\System32\ipmnujsf.exe
2008-04-20 13:34 102,400 ----a-w C:\Windows\System32\epsvyzwj.exe
2008-04-19 22:07 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-19 20:19 --------- d-----w C:\ProgramData\Google Updater
2008-04-16 21:36 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-16 21:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-13 21:57 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-13 21:54 --------- d-----w C:\Users\Romain\AppData\Roaming\Nero
2008-04-13 21:52 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-13 21:50 --------- d-----w C:\ProgramData\Nero
2008-04-13 21:50 --------- d-----w C:\Program Files\Nero
2008-04-13 21:44 90,112 ----a-w C:\Windows\System32\wbwnsjol.exe
2008-04-12 13:32 --------- d-----w C:\Program Files\Synergy
2008-04-09 22:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-30 11:14 --------- d-----w C:\ProgramData\Skyline
2008-03-30 11:14 --------- d-----w C:\Program Files\Skyline
2008-03-30 07:33 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-03-30 07:22 --------- d-----w C:\Program Files\Google
2008-03-24 17:42 --------- d-----w C:\Program Files\JetBee
2008-03-21 20:43 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-03-15 20:00 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-15 20:00 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-14 06:04 46,652 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-03-09 20:56 --------- d-----w C:\Program Files\Fiddler
2008-03-09 20:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-09 20:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-09 20:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-09 20:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-09 20:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-09 20:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-09 20:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-09 20:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-09 20:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-09 20:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-09 20:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-09 14:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 14:37 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-18 14:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-02 20:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-22 22:56 22,328 ----a-w C:\Users\Romain\AppData\Roaming\PnkBstrK.sys
2007-12-22 22:39 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-02 22:00 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-19 22:13 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-13 00:14 1006264]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe" [2006-10-23 22:28 593920]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe" [2006-10-19 19:55 364032]
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-10-24 16:45 1418752]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-12-23 00:01 868352]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"PWRISOVM.EXE"="D:\Utils\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-18 17:00:00 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"PVGAn30wer"= C:\ProgramData\udmbmtax\ujahwbyn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dieegyyz]
--a------ 2008-04-20 15:58 102400 C:\Windows\system32\ipmnujsf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\grgzsouf]
--a------ 2008-04-20 15:34 102400 C:\Windows\system32\epsvyzwj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oczhopzy]
C:\Windows\system32\qzcjubcz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sjmybyud]
--a------ 2008-04-13 23:44 90112 C:\Windows\system32\wbwnsjol.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AF9E06A3-7DF4-4F4F-B43B-6C31DF858977}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{A65831A5-F0E0-43EA-8CFB-44605617DAE6}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{89C25A7C-8F04-4074-AF50-AB67BF9F5B1C}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{CA6533BD-6FF4-4768-81B0-91F8E7BA5C88}D:\\jeux\\program files\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{3D16AFB0-B028-482F-A6DF-29556CAFBF27}"= UDP:11668:BitComet 11668 TCP
"{D0CAB02E-5B4B-4082-996D-E43D97557AC9}"= TCP:11668:BitComet 11668 UDP
"TCP Query User{222C1839-802F-4D15-B885-5982D7747BDC}D:\\utils\\program files\\bitcomet\\bitcomet.exe"= UDP:D:\utils\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{6E06A576-7362-4C50-81A7-B766D7356249}D:\\utils\\program files\\bitcomet\\bitcomet.exe"= TCP:D:\utils\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{11830C7D-6C2C-484A-886C-75C5B1E1BD47}"= UDP:D:\Jeux\Program Files\Battlefield 2142\BF2142.exe:Battlefield 2
"{11128D36-3469-4EE8-A781-6B8B401A454C}"= TCP:D:\Jeux\Program Files\Battlefield 2142\BF2142.exe:Battlefield 2
"{4DB23772-50F5-4E74-A846-1B73A4988E1A}"= UDP:D:\Jeux\Program Files\Crysis\Bin32\Crysis.exe:Crysis_32
"{9285BEED-6E17-493F-8D77-ED840820E82E}"= TCP:D:\Jeux\Program Files\Crysis\Bin32\Crysis.exe:Crysis_32
"{DD0CE53F-879D-466F-94E2-5ADF407275EF}"= UDP:D:\Jeux\Program Files\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{93FC8537-1F2E-4266-A589-4CC91E79513F}"= TCP:D:\Jeux\Program Files\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{97AA7EEA-A9D2-460C-BDF2-D139B5676BDA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{74316C5A-164F-458B-9246-8925029A9643}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C70B8156-EC36-48B7-BD07-AFC43D0FB94C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BFB787FB-3734-40D6-B04C-ED25C9D5271C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 07:24]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 22:09]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\Windows\system32\DRIVERS\xusb20.sys [2006-10-13 14:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\dvdcheck.exe
\shell\directx\command - DirectX9\dxsetup.exe
\shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\CdAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2d5f20-fb11-11db-9ccc-0018f36ba9a8}]
\shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffb37d6-daed-11db-b93b-0018f36ba9a8}]
\shell\AutoRun\command - G:\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-19 20:20:28 C:\Windows\Tasks\User_Feed_Synchronization-{88C430F8-F40C-4AFF-BEF4-D9D7047CBCBA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 21:58:12
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 22:01:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 20:00:57

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

211 --- E O F --- 2008-04-19 20:26:38

*********************************************************
Le rapport de Malwarebytes' (je n'ai fait qu'une recherche rapide, je vais relancer la recherche approfondie)
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 663

Type de recherche: Examen rapide
Eléments examinés: 29396
Temps écoulé: 3 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

*********************************************************
Et notre amis HiJackthis
Logfile of HijackThis v1.99.1
Scan saved at 22:57:00, on 20/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
D:\Temp\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Utils\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_12.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

*********************************************************
Par contre quand je vais dans MSCONFIG, il y a 4 entrées qui me paraissent douteuses dans l'onglet demarage:

- sjmybyud
- oczhopzy
- grgzsouf
- dieegyyz

IL y a des choses étranges comme par exemple, l'cione IE dans le lancement rapide faisait planter IE alors que si je le lance depuis un autre raccourci ca marche

Merci Encore

ROmain
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
mromain
 
et voila le resultat de l'analyse complete. Il a trouver les virus dans les fichiers deplacé par OTmoveit, mais egalement un autre virus

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 663

Type de recherche: Examen complet (C:\|D:\|H:\|)
Eléments examinés: 213406
Temps écoulé: 1 hour(s), 9 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\ProgramData\udmbmtax\ujahwbyn.exe.virus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04202008_220238\Windows\system32\epsvyzwj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04202008_220238\Windows\system32\ipmnujsf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04202008_220238\Windows\system32\wbwnsjol.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 6 / 7
mromain
 
un dernier pour la route. Les problemens ont l'air d'être résolu, un grand merci !

Logfile of HijackThis v1.99.1
Scan saved at 00:30:28, on 21/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Temp\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Utils\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.09\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.09\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utils\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_12.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
0
Réponse 7 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O4 - HKCU\..\Run: [sjmybyud] C:\Windows\system32\wbwnsjol.exe
O4 - HKCU\..\Run: [oczhopzy] C:\Windows\system32\qzcjubcz.exe
O4 - HKCU\..\Run: [grgzsouf] C:\Windows\system32\epsvyzwj.exe
O4 - HKCU\..\Run: [dieegyyz] C:\Windows\system32\ipmnujsf.exe

___________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\wbwnsjol.exe
C:\Windows\system32\qzcjubcz.exe
C:\Windows\system32\epsvyzwj.exe
C:\Windows\system32\ipmnujsf.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________

vire ce qui est dans moved fiels en allant dans poste de travail puis:

C:\_OTMoveIt\MovedFiles

__________________
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses