Sujet Précédent Sujet Suivant

Ralentissements, pubs et sites indisponibles

Montspy Messages postés 24 Statut Membre -  
 Montspy -
Bonjour tout le monde,
J'ai un (des) problème(s) avec mon ordinateur qui est devenu excessivement lent depuis quelques jours.
Les mises-à-jour automatiques se désactivent toutes seules (Windows XP me le signale à chaque démarrage), j'ai des pop-ups qui donnent sur un site "LiveTV" ou quelque chose du genre alors que ne IE ni Mozilla 3.0.0 ne sont lancés et lorsque je les lance, certaines pages et certains sites sont inaccessible tel que google.fr (qeulement après avoir lancé une recherche), tous les autres moteurs de recherches, dev-fr.org certaines pages de wow-europe.com/fr, etc...

J'ai fait un hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:08, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\Programmes\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {74b2bed3-d124-9f4b-c374-fcdfd1ae0e2a} - {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} - C:\WINDOWS\system32\olhvzc.dll
O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\WINDOWS\system32\fccaYspM.dll (file missing)
O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [c0385189] rundll32.exe "C:\WINDOWS\system32\drqkjeni.dll",b
O4 - HKLM\..\Run: [BMc30b6215] Rundll32.exe "C:\WINDOWS\system32\cfeakyis.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: fccaYspM - fccaYspM.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
A voir également:

6 réponses

Réponse 1 / 6
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

en effet tu as quelques infections..

Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

ensuite :

Télécharge sur le bureau virtumundobegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

déconnecte internet et désactive ton antivirus le temps de la manipulation

=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

ensuite :

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Et refais un nouveau rapport hijackthis stp
0
Montspy Messages postés 24 Statut Membre
 
Salut et merci de ton aide je lance ceci tout de suite et je poste les rapports dès la fin des scans / tests.

Montspy
0
Montspy Messages postés 24 Statut Membre > Montspy Messages postés 24 Statut Membre
 
Re voila tout est fini donc je poste:

Malwarebytes' Anti-Malware :

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 907
Windows 5.1.2600 Service Pack 2

16:28:24 30/06/2008
mbam-log-6-30-2008 (16-28-19).txt

Type de recherche: Examen complet (C:\|F:\|G:\|)
Eléments examinés: 239124
Temps écoulé: 40 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0385189 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc30b6215 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\inejkqrd.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\6789ABUV\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7D74D21-BDE3-4AFE-853F-38833BCCD996}\RP87\A0044340.dll (Trojan.Vundo) -> No action taken.
F:\RECYCLER\S-1-5-21-1085031214-1078145449-839522115-1003\Df375\Nero 8.× Keygen.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12467.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12777.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\id (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cfeakyis.dll (Trojan.Agent) -> No action taken.


VirtumundoBeGone :

[06/30/2008, 16:29:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
[06/30/2008, 16:29:42] - Detected System Information:
[06/30/2008, 16:29:42] - Windows Version: 5.1.2600, Service Pack 2
[06/30/2008, 16:29:42] - Current Username: Propriétaire (Admin)
[06/30/2008, 16:29:42] - Windows is in NORMAL mode.
[06/30/2008, 16:29:42] - Searching for Browser Helper Objects:
[06/30/2008, 16:29:42] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/30/2008, 16:29:42] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/30/2008, 16:29:42] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/30/2008, 16:29:42] - BHO 4: {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} ()
[06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\olhvzc


[06/30/2008, 16:29:42] - Key not found: HKLM\...\Winlogon\Notify\olhvzc, continuing.
[06/30/2008, 16:29:42] - BHO 5: {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} ()
[06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\fccaYspM
[06/30/2008, 16:29:42] - Found: HKLM\...\Winlogon\Notify\fccaYspM - This is probably Virtumundo.
[06/30/2008, 16:29:42] - Assigning {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} MSEvents Object
[06/30/2008, 16:29:42] - BHO list has been changed! Starting over...
[06/30/2008, 16:29:42] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/30/2008, 16:29:42] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/30/2008, 16:29:42] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/30/2008, 16:29:42] - BHO 4: {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} ()
[06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\olhvzc
[06/30/2008, 16:29:42] - Key not found: HKLM\...\Winlogon\Notify\olhvzc, continuing.
[06/30/2008, 16:29:42] - BHO 5: {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} (MSEvents Object)
[06/30/2008, 16:29:42] - ALERT: Found MSEvents Object!
[06/30/2008, 16:29:42] - BHO 6: {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} ()
[06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\ddcYrOfe
[06/30/2008, 16:29:42] - Key not found: HKLM\...\Winlogon\Notify\ddcYrOfe, continuing.
[06/30/2008, 16:29:42] - BHO 7: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[06/30/2008, 16:29:42] - Finished Searching Browser Helper Objects
[06/30/2008, 16:29:42] - *** Detected MSEvents Object
[06/30/2008, 16:29:42] - Trying to remove MSEvents Object...
[06/30/2008, 16:29:43] - Terminating Process: IEXPLORE.EXE
[06/30/2008, 16:29:44] - Terminating Process: RUNDLL32.EXE
[06/30/2008, 16:29:44] - Disabling Automatic Shell Restart
[06/30/2008, 16:29:44] - Terminating Process: EXPLORER.EXE
[06/30/2008, 16:29:45] - Suspending the NT Session Manager System Service
[06/30/2008, 16:29:45] - Terminating Windows NT Logon/Logoff Manager
[06/30/2008, 16:29:46] - Re-enabling Automatic Shell Restart
[06/30/2008, 16:29:46] - File to disable: C:\WINDOWS\system32\fccaYspM.dll
[06/30/2008, 16:29:47] - Removing HKLM\...\Browser Helper Objects\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}
[06/30/2008, 16:29:47] - Removing HKCR\CLSID\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}
[06/30/2008, 16:29:47] - Adding Kill Bit for ActiveX for GUID: {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}
[06/30/2008, 16:29:47] - Deleting ATLEvents/MSEvents Registry entries
[06/30/2008, 16:29:47] - Removing HKLM\...\Winlogon\Notify\fccaYspM
[06/30/2008, 16:29:47] - Searching for Browser Helper Objects:
[06/30/2008, 16:29:47] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/30/2008, 16:29:47] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/30/2008, 16:29:47] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/30/2008, 16:29:47] - BHO 4: {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} ()
[06/30/2008, 16:29:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/30/2008, 16:29:47] - Checking for HKLM\...\Winlogon\Notify\olhvzc
[06/30/2008, 16:29:47] - Key not found: HKLM\...\Winlogon\Notify\olhvzc, continuing.
[06/30/2008, 16:29:47] - BHO 5: {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} ()
[06/30/2008, 16:29:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/30/2008, 16:29:47] - Checking for HKLM\...\Winlogon\Notify\ddcYrOfe
[06/30/2008, 16:29:47] - Key not found: HKLM\...\Winlogon\Notify\ddcYrOfe, continuing.
[06/30/2008, 16:29:47] - BHO 6: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[06/30/2008, 16:29:47] - Finished Searching Browser Helper Objects
[06/30/2008, 16:29:47] - Finishing up...
[06/30/2008, 16:29:47] - A restart is needed.
[06/30/2008, 16:29:47] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/30/2008, 16:30:05] - Attempting to Restart via STOP error (Blue Screen!)


ComboFix :

ComboFix 08-06-20.4 - Propriétaire 2008-06-30 16:33:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.659 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12467.dll
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12777.dll
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\id
C:\WINDOWS\BMc30b6215.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\efOrYcdd.ini
C:\WINDOWS\system32\efOrYcdd.ini2
C:\WINDOWS\system32\inejkqrd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\xrxnvvkd.ini
C:\WINDOWS\system32\yquyidrk.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.

2008-06-30 15:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-30 15:45 . 2008-06-30 15:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 15:45 . 2008-06-30 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 15:45 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-29 20:47 . 2008-06-29 21:01 153 --a------ C:\WINDOWS\wininit.ini
2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp\Bluebeam Software
2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp
2008-06-29 20:01 . 2008-06-29 20:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-29 20:01 . 2008-06-29 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 11:03 . 2008-06-29 11:03 82,432 --a------ C:\WINDOWS\system32\drqkjeni.dll
2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\olhvzc.dll
2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\emlxsjnm.dll
2008-06-29 11:00 . 2008-06-29 11:00 90,624 --a------ C:\WINDOWS\system32\cfeakyis.dll
2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\jximvi.dll
2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\bjutfktp.dll
2008-06-28 10:57 . 2008-06-28 10:57 90,624 --a------ C:\WINDOWS\system32\qlkkarwy.dll
2008-06-26 06:26 . 2008-06-26 06:26 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp
2008-06-24 22:44 . 2008-06-24 22:44 <REP> d-------- C:\WINDOWS\Applian FLV Player
2008-06-22 19:56 . 2008-06-22 19:58 26 --a------ C:\WINDOWS\memory.vbs
2008-06-22 11:41 . 2008-06-22 11:42 30 --a------ C:\WINDOWS\prefetchCleanUp.bat
2008-06-21 09:53 . 2008-06-21 09:53 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-06-21 09:50 . 2004-05-21 10:59 283,392 -ra------ C:\WINDOWS\system32\drivers\GPlus.sys
2008-06-21 09:50 . 2004-05-21 10:59 83,024 -ra------ C:\WINDOWS\system32\drivers\FwRad16.bin
2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\D-Link
2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\ANI
2008-06-21 09:40 . 2003-05-31 20:10 651,264 -ra------ C:\WINDOWS\system32\libeay32.dll
2008-06-21 09:40 . 2003-05-31 20:10 450,560 -ra------ C:\WINDOWS\system32\AegisE5.dll
2008-06-21 09:40 . 2003-05-31 20:10 327,680 -ra------ C:\WINDOWS\system32\AegisE2.dll
2008-06-21 09:40 . 2003-05-31 20:10 147,456 -ra------ C:\WINDOWS\system32\ssleay32.dll
2008-06-21 09:40 . 2003-10-28 10:34 114,688 --a------ C:\WINDOWS\system32\athcfg10.dll
2008-06-21 08:47 . 2008-06-22 11:59 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-06-20 20:16 . 2004-05-21 10:59 84,644 -ra------ C:\WINDOWS\system32\drivers\FwRad17.bin
2008-06-20 20:16 . 2004-08-20 19:09 62,865 --a------ C:\WINDOWS\system32\drivers\odysseyIM3.sys
2008-06-20 20:16 . 2004-08-20 19:09 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
2008-06-20 20:16 . 2004-08-20 19:09 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-06-15 19:36 . 2008-06-15 19:41 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-06-15 19:36 . 2007-04-20 02:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-06-15 16:46 . 2008-06-15 16:46 <REP> d-------- C:\Program Files\DNA
2008-06-15 10:45 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-15 10:40 . 2008-06-15 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-06-14 21:06 . 2008-06-14 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-06-12 18:57 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-12 18:53 . 2008-06-12 18:53 <REP> d-------- C:\Intel
2008-06-11 11:26 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:26 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 19:30 . 2008-06-26 06:23 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
2008-06-09 19:27 . 2008-06-25 22:48 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2008-06-09 19:24 . 2008-06-26 06:27 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-06-09 19:20 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-06-09 19:19 . 2008-06-26 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-06-09 19:19 . 2007-07-11 14:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-06-09 19:19 . 2008-06-09 19:19 53 --a------ C:\WINDOWS\wb.ini
2008-06-08 19:43 . 2008-06-08 19:43 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-07 19:13 . 2008-06-22 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 19:13 . 2008-06-07 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 18:30 . 2008-06-06 18:30 <REP> d-------- C:\WINDOWS\Drivers
2008-06-06 18:26 . 2008-06-24 16:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-02 17:32 . 2008-06-02 17:32 122 --a------ C:\WINDOWS\Winchat.ini
2008-06-02 17:29 . 2008-06-02 17:29 <REP> d--h----- C:\Documents and Settings\NetworkService\Voisinage r‚seau
2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Bureau
2008-06-01 18:49 . 2008-06-02 17:17 <REP> d-------- C:\Program Files\Audacity
2008-05-28 13:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-28 13:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 13:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 22:31 . 2008-05-27 22:31 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-27 19:48 . 2007-02-28 18:02 2,182,400 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-27 19:48 . 2007-02-28 18:02 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-27 19:48 . 2007-02-28 18:02 2,059,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-27 19:48 . 2007-02-28 18:02 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-27 18:06 . 2006-06-01 20:48 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-05-27 18:06 . 2006-06-01 20:48 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-05-27 18:03 . 2004-08-19 22:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-27 18:03 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-27 18:02 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-27 17:56 . 2008-06-12 18:57 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 17:49 . 2008-06-20 18:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 17:49 . 2008-05-27 17:56 <REP> d-------- C:\Program Files\Windows Live
2008-05-27 17:49 . 2008-05-27 17:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-24 19:35 . 2008-05-24 19:35 1,061,188 --a------ C:\WINDOWS\system32\ah.mx1
2008-05-24 19:35 . 2008-05-24 19:35 564,736 --a------ C:\WINDOWS\system32\ah.scr
2008-05-24 19:35 . 2008-05-24 19:35 45,056 --a------ C:\WINDOWS\system32\sstunst3.exe
2008-05-24 19:35 . 2008-05-24 19:35 20,610 --a------ C:\WINDOWS\system32\ah.ibx
2008-05-24 11:54 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-24 11:54 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-23 20:51 . 2008-05-23 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-23 20:37 . 2008-05-23 20:37 <REP> d-------- C:\Program Files\Bonjour
2008-05-23 20:28 . 2008-05-23 20:28 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-21 19:03 . 2008-05-21 20:51 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 12:29 . 2008-05-21 12:29 <REP> d-------- C:\Program Files\MSBuild
2008-05-21 12:26 . 2008-05-21 12:26 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-21 12:25 . 2008-05-21 12:25 <REP> d-------- C:\Program Files\Reference Assemblies
2008-05-21 12:25 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-21 11:30 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-05-21 11:30 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-05-21 11:30 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll
2008-05-21 11:30 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-21 11:30 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-05-21 11:30 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-05-21 11:30 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-21 11:30 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-05-21 11:30 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-05-21 11:30 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-05-21 11:29 . 2008-05-21 11:29 <REP> d-------- C:\Program Files\eRightSoft
2008-05-21 09:32 . 2008-05-21 09:32 <REP> d-------- C:\Program Files\DLDIrc
2008-05-17 10:19 . 2008-05-17 10:19 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared
2008-05-17 10:07 . 2008-05-17 10:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
2008-05-17 01:36 . 2008-05-17 01:36 <REP> d-------- C:\Program Files\CubeTwister 1.0.3.1
2008-05-17 01:35 . 2008-05-17 01:36 <REP> d--h----- C:\Program Files\Zero G Registry
2008-05-16 18:16 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-05-16 18:16 . 2004-05-10 14:19 639,052 --a------ C:\WINDOWS\system32\BBPDFPortMon.dll
2008-05-16 18:16 . 2008-05-16 18:16 23 --ah----- C:\WINDOWS\yacht.xws
2008-05-16 18:12 . 2008-05-17 10:19 <REP> d-------- C:\Program Files\Fichiers communs\Bluebeam Software
2008-05-16 18:10 . 2008-05-16 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Solidworks Data
2008-05-16 18:08 . 2008-05-16 18:08 42 --a------ C:\WINDOWS\trailer.xws
2008-05-15 20:44 . 2008-05-15 20:44 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-15 20:43 . 2008-05-15 20:43 <REP> d-------- C:\Program Files\MSXML 6.0
2008-05-15 20:43 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-13 19:27 . 2008-05-13 19:27 <REP> d-------- C:\WINDOWS\Sun
2008-05-12 10:09 . 2008-05-12 10:09 <REP> d-------- C:\Program Files\QuickTime
2008-05-12 10:08 . 2008-05-12 10:08 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-12 10:08 . 2008-05-12 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-12 10:08 . 2008-05-12 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 07:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-03 14:02 --------- d-----w C:\Program Files\Wanadoo
2008-05-03 09:13 --------- d-----w C:\Program Files\Securitoo
2008-05-03 09:00 --------- d-----w C:\Program Files\Intel
2008-05-03 09:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-03 09:00 --------- d-----w C:\Program Files\Alwil Software
2008-05-03 08:58 --------- d-----w C:\Program Files\Analog Devices
2008-05-03 08:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-03 08:44 --------- d-----w C:\Program Files\Services en ligne
2004-08-20 17:09 62,865 ----a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 ----a-w C:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 ----a-w C:\WINDOWS\inf\IM\odNetInstall.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
2008-06-29 11:00 103424 --a------ C:\WINDOWS\system32\olhvzc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E}]
C:\WINDOWS\system32\ddcYrOfe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-15 16:46 289088]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Steam"="g:\programmes\valve\steam\steam.exe" [2008-06-28 11:23 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"c0385189"="C:\WINDOWS\system32\drqkjeni.dll" [2008-06-29 11:03 82432]
"BMc30b6215"="C:\WINDOWS\system32\cfeakyis.dll" [2008-06-29 11:00 90624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 21:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYspM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
G:\Programmes\WindowBlinds\wbsrv.dll 2008-06-26 06:49 210168 G:\Programmes\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2007-01-19 11:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-12-12 15:52 454656 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G520+A]
--a------ 2007-10-25 10:28 1552384 C:\Program Files\D-Link\AirPlus G DWL-G520+A\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\\Valentin\\Program files\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Valentin\\Program files\\FileZilla FTP Client\\filezilla.exe"=
"F:\\Valentin\\Program files\\FlashGet\\flashget.exe"=
"G:\\Programmes\\eMule\\emule.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"G:\\Programmes\\BitTorrent\\bittorrent.exe"=
"G:\\Programmes\\Valve\\Steam\\SteamApps\\montspy\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25352:TCP"= 25352:TCP:uTorrent TCP
"25352:UDP"= 25352:UDP:uTorrent UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;G:\Programmes\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 10:59]
S3 wampapache;wampapache;"F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;"F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe" wampmysqld []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-22 10:00:00 C:\WINDOWS\Tasks\Prefetch.job"
- C:\WINDOWS\prefetchCleanUp.bat
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 16:36:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-30 16:41:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 14:40:48

Pre-Run: 10,119,110,656 octets libres
Post-Run: 10,455,552,000 octets libres

270 --- E O F --- 2008-06-20 16:01:00


Et enfin HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:04, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\Programmes\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {74b2bed3-d124-9f4b-c374-fcdfd1ae0e2a} - {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} - C:\WINDOWS\system32\olhvzc.dll
O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [c0385189] rundll32.exe "C:\WINDOWS\system32\drqkjeni.dll",b
O4 - HKLM\..\Run: [BMc30b6215] Rundll32.exe "C:\WINDOWS\system32\cfeakyis.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
0
Réponse 2 / 6
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
tu n as pas appliquer d actions avec malwarebytes :

refais une analyse et à la fin du scan, veille à ce que tout soit bien coché et cliquer sur supprimer la sélection...puis envois le rapport

ensuite :

Copie le texte en gras ci-dessous :

File::
c:\windows\pskt.ini
c:\windows\system32\drqkjeni.dll
c:\windows\system32\cfeakyis.dll
c:\windows\system32\smab0.dll

Folder::

Registry::

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

ensuite refais un nouveau rapport hijackthis pour vérifier stp
0
Réponse 3 / 6
Montspy Messages postés 24 Statut Membre
 
Salut !

Arf mince j'avais du remettre à jour la base de registre comme spybot me le demandait :s

Voila le rapport malwarebytes :

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 907
Windows 5.1.2600 Service Pack 2

12:13:01 01/07/2008
mbam-log-7-1-2008 (12-13-01).txt

Type de recherche: Examen complet (C:\|F:\|G:\|)
Eléments examinés: 219955
Temps écoulé: 37 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0385189 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc30b6215 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\inejkqrd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{D7D74D21-BDE3-4AFE-853F-38833BCCD996}\RP88\A0046795.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfeakyis.dll (Trojan.Agent) -> Delete on reboot.


Le rapport combofix :

ComboFix 08-06-20.4 - Propriétaire 2008-07-01 12:18:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.634 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color

FILE ::
c:\windows\pskt.ini
c:\windows\system32\cfeakyis.dll
c:\windows\system32\drqkjeni.dll
c:\windows\system32\smab0.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
c:\windows\system32\smab0.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))))))))
.

2008-06-30 16:42 . 2008-06-30 16:42 <REP> d-------- C:\Documents and Settings\PropriÚtaire
2008-06-30 16:41 . 2008-06-30 16:41 0 --a------ C:\WINDOWS\BMc30b6215.xml
2008-06-30 15:46 . 2008-06-30 15:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-06-30 15:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-30 15:45 . 2008-06-30 15:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 15:45 . 2008-06-30 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 15:45 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-29 20:47 . 2008-06-29 21:01 153 --a------ C:\WINDOWS\wininit.ini
2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp\Bluebeam Software
2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp
2008-06-29 20:01 . 2008-06-29 20:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-29 20:01 . 2008-06-29 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\olhvzc.dll
2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\emlxsjnm.dll
2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\jximvi.dll
2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\bjutfktp.dll
2008-06-28 10:57 . 2008-06-28 10:57 90,624 --a------ C:\WINDOWS\system32\qlkkarwy.dll
2008-06-26 06:26 . 2008-06-26 06:26 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp
2008-06-25 22:54 . 2008-06-28 22:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\codeblocks
2008-06-24 22:44 . 2008-06-24 22:44 <REP> d-------- C:\WINDOWS\Applian FLV Player
2008-06-22 19:56 . 2008-06-22 19:58 26 --a------ C:\WINDOWS\memory.vbs
2008-06-22 11:41 . 2008-06-22 11:42 30 --a------ C:\WINDOWS\prefetchCleanUp.bat
2008-06-21 09:53 . 2008-06-21 09:53 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-06-21 09:50 . 2004-05-21 10:59 283,392 -ra------ C:\WINDOWS\system32\drivers\GPlus.sys
2008-06-21 09:50 . 2004-05-21 10:59 83,024 -ra------ C:\WINDOWS\system32\drivers\FwRad16.bin
2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\D-Link
2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\ANI
2008-06-21 09:48 . 2008-06-21 09:48 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-06-21 09:40 . 2003-05-31 20:10 651,264 -ra------ C:\WINDOWS\system32\libeay32.dll
2008-06-21 09:40 . 2003-05-31 20:10 450,560 -ra------ C:\WINDOWS\system32\AegisE5.dll
2008-06-21 09:40 . 2003-05-31 20:10 327,680 -ra------ C:\WINDOWS\system32\AegisE2.dll
2008-06-21 09:40 . 2003-05-31 20:10 147,456 -ra------ C:\WINDOWS\system32\ssleay32.dll
2008-06-21 09:40 . 2003-10-28 10:34 114,688 --a------ C:\WINDOWS\system32\athcfg10.dll
2008-06-21 08:47 . 2008-06-22 11:59 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-06-20 20:16 . 2004-05-21 10:59 84,644 -ra------ C:\WINDOWS\system32\drivers\FwRad17.bin
2008-06-20 20:16 . 2004-08-20 19:09 62,865 --a------ C:\WINDOWS\system32\drivers\odysseyIM3.sys
2008-06-20 20:16 . 2004-08-20 19:09 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
2008-06-20 20:16 . 2004-08-20 19:09 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-06-15 19:36 . 2008-06-15 19:41 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-06-15 19:36 . 2007-04-20 02:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-06-15 16:46 . 2008-06-15 16:46 <REP> d-------- C:\Program Files\DNA
2008-06-15 16:46 . 2008-07-01 12:14 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DNA
2008-06-15 16:46 . 2008-06-15 16:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2008-06-15 10:45 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-06-15 10:40 . 2008-06-15 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-06-14 21:06 . 2008-06-14 21:06 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Songbird2
2008-06-14 21:06 . 2008-06-14 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-06-12 18:57 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-12 18:53 . 2008-06-12 18:53 <REP> d-------- C:\Intel
2008-06-11 11:26 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:26 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 19:30 . 2008-06-26 06:23 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
2008-06-09 19:27 . 2008-06-25 22:48 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2008-06-09 19:24 . 2008-06-26 06:27 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-06-09 19:20 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-06-09 19:19 . 2008-06-26 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-06-09 19:19 . 2007-07-11 14:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-06-09 19:19 . 2008-06-09 19:19 53 --a------ C:\WINDOWS\wb.ini
2008-06-08 19:43 . 2008-06-08 19:43 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-07 19:13 . 2008-06-22 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-07 19:13 . 2008-06-07 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 18:30 . 2008-06-06 18:30 <REP> d-------- C:\WINDOWS\Drivers
2008-06-06 18:26 . 2008-06-24 16:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-02 17:32 . 2008-06-02 17:32 122 --a------ C:\WINDOWS\Winchat.ini
2008-06-02 17:29 . 2008-06-02 17:29 <REP> d--h----- C:\Documents and Settings\NetworkService\Voisinage réseau
2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Menu Démarrer
2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Bureau
2008-06-01 18:49 . 2008-06-02 17:17 <REP> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 22:05 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-06-21 07:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 18:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\CDBurnerXP_Soft
2008-06-08 10:11 --------- d-----w C:\Program Files\World of Warcraft
2008-05-31 11:33 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\FileZilla
2008-05-27 20:31 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-27 15:56 --------- d-----w C:\Program Files\Windows Live
2008-05-27 15:55 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-26 16:46 --------- d-----w C:\Program Files\Notepad++
2008-05-24 17:35 564,736 ----a-w C:\WINDOWS\system32\ah.scr
2008-05-24 17:35 45,056 ----a-w C:\WINDOWS\system32\sstunst3.exe
2008-05-23 18:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-23 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-23 18:37 --------- d-----w C:\Program Files\Bonjour
2008-05-23 18:28 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-21 18:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 17:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Publish Providers
2008-05-21 17:03 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Sony
2008-05-21 10:29 --------- d-----w C:\Program Files\MSBuild
2008-05-21 10:25 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-21 10:20 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Sony Setup
2008-05-21 09:29 --------- d-----w C:\Program Files\eRightSoft
2008-05-21 07:32 --------- d-----w C:\Program Files\DLDIrc
2008-05-19 15:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\SolidWorks
2008-05-17 08:23 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\DWGeditor
2008-05-17 08:19 --------- d-----w C:\Program Files\Fichiers communs\SolidWorks Shared
2008-05-17 08:19 --------- d-----w C:\Program Files\Fichiers communs\Bluebeam Software
2008-05-17 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluebeam Software
2008-05-16 23:36 --------- d--h--w C:\Program Files\Zero G Registry
2008-05-16 23:36 --------- d-----w C:\Program Files\CubeTwister 1.0.3.1
2008-05-16 16:10 --------- d-----w C:\Program Files\Fichiers communs\Solidworks Data
2008-05-15 18:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-15 18:43 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-12 08:09 --------- d-----w C:\Program Files\QuickTime
2008-05-12 08:08 --------- d-----w C:\Program Files\Apple Software Update
2008-05-12 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-12 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-09 15:01 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-09 15:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\NCH Swift Sound
2008-05-09 10:08 --------- d-----w C:\Program Files\WowCartographe
2008-05-08 15:01 --------- d-----w C:\Program Files\VideoLAN
2008-05-08 15:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-05-08 12:53 --------- d-----w C:\Program Files\Java
2008-05-08 12:52 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 09:14 --------- d-----w C:\Program Files\VIAudioi
2008-05-08 09:13 --------- d-----w C:\Program Files\VIA
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 15:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Notepad++
2008-05-05 16:45 --------- d-----w C:\Program Files\uTorrent
2008-05-03 16:12 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-05-03 14:02 --------- d-----w C:\Program Files\Wanadoo
2008-05-03 14:01 --------- d-----w C:\Program Files\SAGEM
2008-05-03 09:13 --------- d-----w C:\Program Files\Securitoo
2008-05-03 09:00 --------- d-----w C:\Program Files\Intel
2008-05-03 09:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-03 09:00 --------- d-----w C:\Program Files\Alwil Software
2008-05-03 08:58 --------- d-----w C:\Program Files\Analog Devices
2008-05-03 08:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-03 08:44 --------- d-----w C:\Program Files\Services en ligne
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2004-08-20 17:09 62,865 ----a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 ----a-w C:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 ----a-w C:\WINDOWS\inf\IM\odNetInstall.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-30_16.40.22.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 14:35:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 10:15:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 19:14:25 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-01 10:15:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
2008-06-29 11:00 103424 --a------ C:\WINDOWS\system32\olhvzc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E}]
C:\WINDOWS\system32\ddcYrOfe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-15 16:46 289088]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="g:\programmes\valve\steam\steam.exe" [2008-06-28 11:23 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"BMc30b6215"="C:\WINDOWS\system32\cfeakyis.dll" [ ]
"c0385189"="C:\WINDOWS\system32\drqkjeni.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 21:57 15360]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-06-09 19:19:42 2074360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYspM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
G:\Programmes\WindowBlinds\wbsrv.dll 2008-06-26 06:49 210168 G:\Programmes\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2007-01-19 11:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-12-12 15:52 454656 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G520+A]
--a------ 2007-10-25 10:28 1552384 C:\Program Files\D-Link\AirPlus G DWL-G520+A\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\\Valentin\\Program files\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Valentin\\Program files\\FileZilla FTP Client\\filezilla.exe"=
"F:\\Valentin\\Program files\\FlashGet\\flashget.exe"=
"G:\\Programmes\\eMule\\emule.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"G:\\Programmes\\BitTorrent\\bittorrent.exe"=
"G:\\Programmes\\Valve\\Steam\\SteamApps\\montspy\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25352:TCP"= 25352:TCP:uTorrent TCP
"25352:UDP"= 25352:UDP:uTorrent UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;G:\Programmes\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 10:59]
S3 wampapache;wampapache;"F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;"F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe" wampmysqld []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-22 10:00:00 C:\WINDOWS\Tasks\Prefetch.job"
- C:\WINDOWS\prefetchCleanUp.bat
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 12:20:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-01 12:21:13
ComboFix-quarantined-files.txt 2008-07-01 10:20:56
ComboFix2.txt 2008-06-30 14:41:01

Pre-Run: 12,651,134,976 octets libres
Post-Run: 12,644,143,104 octets libres

256 --- E O F --- 2008-06-20 16:01:00


Et le HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:55, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\Programmes\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {74b2bed3-d124-9f4b-c374-fcdfd1ae0e2a} - {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} - C:\WINDOWS\system32\olhvzc.dll
O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMc30b6215] Rundll32.exe "C:\WINDOWS\system32\cfeakyis.dll",s
O4 - HKLM\..\Run: [c0385189] rundll32.exe "C:\WINDOWS\system32\drqkjeni.dll",b
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
0
Réponse 4 / 6
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

télécharge OtMoveIt

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

c:\windows\system32\olhvzc.dll
c:\windows\system32\cfeakyis.dll
c:\windows\system32\drqkjeni.dll

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BMc30b6215"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"c0385189"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

ensuite refais un nouveau rapport hijackthis stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Montspy Messages postés 24 Statut Membre
 
Alors voici ce qui est demandé :

MoveIt! :

DllUnregisterServer procedure not found in c:\windows\system32\olhvzc.dll
c:\windows\system32\olhvzc.dll NOT unregistered.
c:\windows\system32\olhvzc.dll moved successfully.
File/Folder c:\windows\system32\cfeakyis.dll not found.
File/Folder c:\windows\system32\drqkjeni.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_130905

HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:23, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\Programmes\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
0
Réponse 6 / 6
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
je ne vois plus d infections dans ton rapport...tu peux faire ceci :

relance hijackthis en cliquant sur scan only et coches cette ligne :

O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)

ensuite cliques sur fix checked.

est ce que tu as encore des problemes??
0
Montspy
 
Oki je fais le hijackthis sinon aucuns problèmes merci !

Montspy.
0

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton
Crokino -
Crokino -

6 réponses
services d'annuaire active directory actuellement indisponibles
Berto -
palindromc -

13 réponses