Ralentissements, pubs et sites indisponibles

Montspy Messages postés 24 Statut Membre -  
 Montspy -
Bonjour tout le monde,
J'ai un (des) problème(s) avec mon ordinateur qui est devenu excessivement lent depuis quelques jours.
Les mises-à-jour automatiques se désactivent toutes seules (Windows XP me le signale à chaque démarrage), j'ai des pop-ups qui donnent sur un site "LiveTV" ou quelque chose du genre alors que ne IE ni Mozilla 3.0.0 ne sont lancés et lorsque je les lance, certaines pages et certains sites sont inaccessible tel que google.fr (qeulement après avoir lancé une recherche), tous les autres moteurs de recherches, dev-fr.org certaines pages de wow-europe.com/fr, etc...

J'ai fait un hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:08, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\Programmes\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {74b2bed3-d124-9f4b-c374-fcdfd1ae0e2a} - {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} - C:\WINDOWS\system32\olhvzc.dll
O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\WINDOWS\system32\fccaYspM.dll (file missing)
O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [c0385189] rundll32.exe "C:\WINDOWS\system32\drqkjeni.dll",b
O4 - HKLM\..\Run: [BMc30b6215] Rundll32.exe "C:\WINDOWS\system32\cfeakyis.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
O20 - Winlogon Notify: fccaYspM - fccaYspM.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 7104 bytes


Voilà pour mes problèmes.
En attente de votre aide.

Montspy.
Configuration: Windows XP
Firefox 3.0 & IE 7.0
Avast!
Connecté à une Livebox Sagem par USB

6 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    en effet tu as quelques infections..

    Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

    = double-clic sur mbam-setup pour lancer l'installation
    = Installer simplement sans rien modifier
    = Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
    = Clic Rechercher
    = Eventuellement décocher les disque à ne pas analyser
    = Clic Lancer l'examen
    = En fin de scan , si infection trouvée
    ==> Clic Afficher résultat
    = Fermer vos applications en cours
    = Vérifier si tout est coché et clic Supprimer la sélection

    un rapport s'ouvre le copier et le coller dans la réponse

    Puis redémarrer le pc !!

    ensuite :

    Télécharge sur le bureau virtumundobegone :
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    déconnecte internet et désactive ton antivirus le temps de la manipulation

    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau

    ensuite :

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Et refais un nouveau rapport hijackthis stp
    0
    1. Montspy Messages postés 24 Statut Membre
       
      Salut et merci de ton aide je lance ceci tout de suite et je poste les rapports dès la fin des scans / tests.

      Montspy
      0
      1. Montspy Messages postés 24 Statut Membre > Montspy Messages postés 24 Statut Membre
         
        Re voila tout est fini donc je poste:

        Malwarebytes' Anti-Malware :

        Malwarebytes' Anti-Malware 1.19
        Version de la base de données: 907
        Windows 5.1.2600 Service Pack 2

        16:28:24 30/06/2008
        mbam-log-6-30-2008 (16-28-19).txt

        Type de recherche: Examen complet (C:\|F:\|G:\|)
        Eléments examinés: 239124
        Temps écoulé: 40 minute(s), 48 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 1
        Clé(s) du Registre infectée(s): 7
        Valeur(s) du Registre infectée(s): 3
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 1
        Fichier(s) infecté(s): 9

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> No action taken.

        Clé(s) du Registre infectée(s):
        HKEY_CLASSES_ROOT\CLSID\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0385189 (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc30b6215 (Trojan.Agent) -> No action taken.

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc (Trojan.Agent) -> No action taken.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> No action taken.
        C:\WINDOWS\system32\inejkqrd.ini (Trojan.Vundo) -> No action taken.
        C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\6789ABUV\kb456456[1] (Trojan.Vundo) -> No action taken.
        C:\System Volume Information\_restore{D7D74D21-BDE3-4AFE-853F-38833BCCD996}\RP87\A0044340.dll (Trojan.Vundo) -> No action taken.
        F:\RECYCLER\S-1-5-21-1085031214-1078145449-839522115-1003\Df375\Nero 8.× Keygen.exe (Trojan.Agent) -> No action taken.
        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12467.dll (Trojan.Agent) -> No action taken.
        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12777.dll (Trojan.Agent) -> No action taken.
        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\id (Trojan.Agent) -> No action taken.
        C:\WINDOWS\system32\cfeakyis.dll (Trojan.Agent) -> No action taken.



        VirtumundoBeGone :

        [06/30/2008, 16:29:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
        [06/30/2008, 16:29:42] - Detected System Information:
        [06/30/2008, 16:29:42] - Windows Version: 5.1.2600, Service Pack 2
        [06/30/2008, 16:29:42] - Current Username: Propriétaire (Admin)
        [06/30/2008, 16:29:42] - Windows is in NORMAL mode.
        [06/30/2008, 16:29:42] - Searching for Browser Helper Objects:
        [06/30/2008, 16:29:42] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
        [06/30/2008, 16:29:42] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [06/30/2008, 16:29:42] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
        [06/30/2008, 16:29:42] - BHO 4: {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} ()
        [06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\olhvzc


        [06/30/2008, 16:29:42] - Key not found: HKLM\...\Winlogon\Notify\olhvzc, continuing.
        [06/30/2008, 16:29:42] - BHO 5: {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} ()
        [06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\fccaYspM
        [06/30/2008, 16:29:42] - Found: HKLM\...\Winlogon\Notify\fccaYspM - This is probably Virtumundo.
        [06/30/2008, 16:29:42] - Assigning {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} MSEvents Object
        [06/30/2008, 16:29:42] - BHO list has been changed! Starting over...
        [06/30/2008, 16:29:42] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
        [06/30/2008, 16:29:42] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [06/30/2008, 16:29:42] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
        [06/30/2008, 16:29:42] - BHO 4: {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} ()
        [06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\olhvzc
        [06/30/2008, 16:29:42] - Key not found: HKLM\...\Winlogon\Notify\olhvzc, continuing.
        [06/30/2008, 16:29:42] - BHO 5: {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} (MSEvents Object)
        [06/30/2008, 16:29:42] - ALERT: Found MSEvents Object!
        [06/30/2008, 16:29:42] - BHO 6: {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} ()
        [06/30/2008, 16:29:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [06/30/2008, 16:29:42] - Checking for HKLM\...\Winlogon\Notify\ddcYrOfe
        [06/30/2008, 16:29:42] - Key not found: HKLM\...\Winlogon\Notify\ddcYrOfe, continuing.
        [06/30/2008, 16:29:42] - BHO 7: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
        [06/30/2008, 16:29:42] - Finished Searching Browser Helper Objects
        [06/30/2008, 16:29:42] - *** Detected MSEvents Object
        [06/30/2008, 16:29:42] - Trying to remove MSEvents Object...
        [06/30/2008, 16:29:43] - Terminating Process: IEXPLORE.EXE
        [06/30/2008, 16:29:44] - Terminating Process: RUNDLL32.EXE
        [06/30/2008, 16:29:44] - Disabling Automatic Shell Restart
        [06/30/2008, 16:29:44] - Terminating Process: EXPLORER.EXE
        [06/30/2008, 16:29:45] - Suspending the NT Session Manager System Service
        [06/30/2008, 16:29:45] - Terminating Windows NT Logon/Logoff Manager
        [06/30/2008, 16:29:46] - Re-enabling Automatic Shell Restart
        [06/30/2008, 16:29:46] - File to disable: C:\WINDOWS\system32\fccaYspM.dll
        [06/30/2008, 16:29:47] - Removing HKLM\...\Browser Helper Objects\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}
        [06/30/2008, 16:29:47] - Removing HKCR\CLSID\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}
        [06/30/2008, 16:29:47] - Adding Kill Bit for ActiveX for GUID: {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}
        [06/30/2008, 16:29:47] - Deleting ATLEvents/MSEvents Registry entries
        [06/30/2008, 16:29:47] - Removing HKLM\...\Winlogon\Notify\fccaYspM
        [06/30/2008, 16:29:47] - Searching for Browser Helper Objects:
        [06/30/2008, 16:29:47] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
        [06/30/2008, 16:29:47] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [06/30/2008, 16:29:47] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
        [06/30/2008, 16:29:47] - BHO 4: {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} ()
        [06/30/2008, 16:29:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [06/30/2008, 16:29:47] - Checking for HKLM\...\Winlogon\Notify\olhvzc
        [06/30/2008, 16:29:47] - Key not found: HKLM\...\Winlogon\Notify\olhvzc, continuing.
        [06/30/2008, 16:29:47] - BHO 5: {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} ()
        [06/30/2008, 16:29:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [06/30/2008, 16:29:47] - Checking for HKLM\...\Winlogon\Notify\ddcYrOfe
        [06/30/2008, 16:29:47] - Key not found: HKLM\...\Winlogon\Notify\ddcYrOfe, continuing.
        [06/30/2008, 16:29:47] - BHO 6: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
        [06/30/2008, 16:29:47] - Finished Searching Browser Helper Objects
        [06/30/2008, 16:29:47] - Finishing up...
        [06/30/2008, 16:29:47] - A restart is needed.
        [06/30/2008, 16:29:47] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
        [06/30/2008, 16:30:05] - Attempting to Restart via STOP error (Blue Screen!)


        ComboFix :

        ComboFix 08-06-20.4 - Propriétaire 2008-06-30 16:33:05.1 - NTFSx86
        Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.659 [GMT 2:00]
        Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
        * Création d'un nouveau point de restauration

        [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc
        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12467.dll
        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\12777.dll
        C:\Documents and Settings\Propriétaire\Application Data\Microsoft\dtsc\id
        C:\WINDOWS\BMc30b6215.xml
        C:\WINDOWS\pskt.ini
        C:\WINDOWS\system32\efOrYcdd.ini
        C:\WINDOWS\system32\efOrYcdd.ini2
        C:\WINDOWS\system32\inejkqrd.ini
        C:\WINDOWS\system32\mcrh.tmp
        C:\WINDOWS\system32\xrxnvvkd.ini
        C:\WINDOWS\system32\yquyidrk.ini

        .
        ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
        .

        2008-06-30 15:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
        2008-06-30 15:45 . 2008-06-30 15:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
        2008-06-30 15:45 . 2008-06-30 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-06-30 15:45 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
        2008-06-29 20:47 . 2008-06-29 21:01 153 --a------ C:\WINDOWS\wininit.ini
        2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp\Bluebeam Software
        2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp
        2008-06-29 20:01 . 2008-06-29 20:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
        2008-06-29 20:01 . 2008-06-29 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-06-29 11:03 . 2008-06-29 11:03 82,432 --a------ C:\WINDOWS\system32\drqkjeni.dll
        2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\olhvzc.dll
        2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\emlxsjnm.dll
        2008-06-29 11:00 . 2008-06-29 11:00 90,624 --a------ C:\WINDOWS\system32\cfeakyis.dll
        2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\jximvi.dll
        2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\bjutfktp.dll
        2008-06-28 10:57 . 2008-06-28 10:57 90,624 --a------ C:\WINDOWS\system32\qlkkarwy.dll
        2008-06-26 06:26 . 2008-06-26 06:26 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp
        2008-06-24 22:44 . 2008-06-24 22:44 <REP> d-------- C:\WINDOWS\Applian FLV Player
        2008-06-22 19:56 . 2008-06-22 19:58 26 --a------ C:\WINDOWS\memory.vbs
        2008-06-22 11:41 . 2008-06-22 11:42 30 --a------ C:\WINDOWS\prefetchCleanUp.bat
        2008-06-21 09:53 . 2008-06-21 09:53 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
        2008-06-21 09:50 . 2004-05-21 10:59 283,392 -ra------ C:\WINDOWS\system32\drivers\GPlus.sys
        2008-06-21 09:50 . 2004-05-21 10:59 83,024 -ra------ C:\WINDOWS\system32\drivers\FwRad16.bin
        2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\D-Link
        2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\ANI
        2008-06-21 09:40 . 2003-05-31 20:10 651,264 -ra------ C:\WINDOWS\system32\libeay32.dll
        2008-06-21 09:40 . 2003-05-31 20:10 450,560 -ra------ C:\WINDOWS\system32\AegisE5.dll
        2008-06-21 09:40 . 2003-05-31 20:10 327,680 -ra------ C:\WINDOWS\system32\AegisE2.dll
        2008-06-21 09:40 . 2003-05-31 20:10 147,456 -ra------ C:\WINDOWS\system32\ssleay32.dll
        2008-06-21 09:40 . 2003-10-28 10:34 114,688 --a------ C:\WINDOWS\system32\athcfg10.dll
        2008-06-21 08:47 . 2008-06-22 11:59 <REP> d-------- C:\WINDOWS\system32\NtmsData
        2008-06-20 20:16 . 2004-05-21 10:59 84,644 -ra------ C:\WINDOWS\system32\drivers\FwRad17.bin
        2008-06-20 20:16 . 2004-08-20 19:09 62,865 --a------ C:\WINDOWS\system32\drivers\odysseyIM3.sys
        2008-06-20 20:16 . 2004-08-20 19:09 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
        2008-06-20 20:16 . 2004-08-20 19:09 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
        2008-06-15 19:36 . 2008-06-15 19:41 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
        2008-06-15 19:36 . 2007-04-20 02:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
        2008-06-15 16:46 . 2008-06-15 16:46 <REP> d-------- C:\Program Files\DNA
        2008-06-15 10:45 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
        2008-06-15 10:40 . 2008-06-15 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
        2008-06-14 21:06 . 2008-06-14 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
        2008-06-12 18:57 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
        2008-06-12 18:53 . 2008-06-12 18:53 <REP> d-------- C:\Intel
        2008-06-11 11:26 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
        2008-06-11 11:26 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
        2008-06-09 19:30 . 2008-06-26 06:23 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
        2008-06-09 19:27 . 2008-06-25 22:48 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
        2008-06-09 19:24 . 2008-06-26 06:27 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
        2008-06-09 19:20 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
        2008-06-09 19:19 . 2008-06-26 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
        2008-06-09 19:19 . 2007-07-11 14:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
        2008-06-09 19:19 . 2008-06-09 19:19 53 --a------ C:\WINDOWS\wb.ini
        2008-06-08 19:43 . 2008-06-08 19:43 <REP> d-------- C:\Program Files\AviSynth 2.5
        2008-06-07 19:13 . 2008-06-22 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-06-07 19:13 . 2008-06-07 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-06-06 18:30 . 2008-06-06 18:30 <REP> d-------- C:\WINDOWS\Drivers
        2008-06-06 18:26 . 2008-06-24 16:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
        2008-06-02 17:32 . 2008-06-02 17:32 122 --a------ C:\WINDOWS\Winchat.ini
        2008-06-02 17:29 . 2008-06-02 17:29 <REP> d--h----- C:\Documents and Settings\NetworkService\Voisinage r‚seau
        2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
        2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
        2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
        2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Bureau
        2008-06-01 18:49 . 2008-06-02 17:17 <REP> d-------- C:\Program Files\Audacity
        2008-05-28 13:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
        2008-05-28 13:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
        2008-05-28 13:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
        2008-05-27 22:31 . 2008-05-27 22:31 <REP> d-------- C:\Program Files\MSXML 4.0
        2008-05-27 19:48 . 2007-02-28 18:02 2,182,400 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
        2008-05-27 19:48 . 2007-02-28 18:02 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
        2008-05-27 19:48 . 2007-02-28 18:02 2,059,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
        2008-05-27 19:48 . 2007-02-28 18:02 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
        2008-05-27 18:06 . 2006-06-01 20:48 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
        2008-05-27 18:06 . 2006-06-01 20:48 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
        2008-05-27 18:03 . 2004-08-19 22:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
        2008-05-27 18:03 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
        2008-05-27 18:02 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
        2008-05-27 17:56 . 2008-06-12 18:57 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
        2008-05-27 17:49 . 2008-06-20 18:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
        2008-05-27 17:49 . 2008-05-27 17:56 <REP> d-------- C:\Program Files\Windows Live
        2008-05-27 17:49 . 2008-05-27 17:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
        2008-05-24 19:35 . 2008-05-24 19:35 1,061,188 --a------ C:\WINDOWS\system32\ah.mx1
        2008-05-24 19:35 . 2008-05-24 19:35 564,736 --a------ C:\WINDOWS\system32\ah.scr
        2008-05-24 19:35 . 2008-05-24 19:35 45,056 --a------ C:\WINDOWS\system32\sstunst3.exe
        2008-05-24 19:35 . 2008-05-24 19:35 20,610 --a------ C:\WINDOWS\system32\ah.ibx
        2008-05-24 11:54 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
        2008-05-24 11:54 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
        2008-05-23 20:51 . 2008-05-23 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
        2008-05-23 20:37 . 2008-05-23 20:37 <REP> d-------- C:\Program Files\Bonjour
        2008-05-23 20:28 . 2008-05-23 20:28 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
        2008-05-21 19:03 . 2008-05-21 20:51 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
        2008-05-21 12:29 . 2008-05-21 12:29 <REP> d-------- C:\Program Files\MSBuild
        2008-05-21 12:26 . 2008-05-21 12:26 <REP> d-------- C:\WINDOWS\system32\XPSViewer
        2008-05-21 12:25 . 2008-05-21 12:25 <REP> d-------- C:\Program Files\Reference Assemblies
        2008-05-21 12:25 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
        2008-05-21 11:30 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
        2008-05-21 11:30 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
        2008-05-21 11:30 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll
        2008-05-21 11:30 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
        2008-05-21 11:30 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
        2008-05-21 11:30 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
        2008-05-21 11:30 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
        2008-05-21 11:30 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
        2008-05-21 11:30 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
        2008-05-21 11:30 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
        2008-05-21 11:29 . 2008-05-21 11:29 <REP> d-------- C:\Program Files\eRightSoft
        2008-05-21 09:32 . 2008-05-21 09:32 <REP> d-------- C:\Program Files\DLDIrc
        2008-05-17 10:19 . 2008-05-17 10:19 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared
        2008-05-17 10:07 . 2008-05-17 10:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
        2008-05-17 01:36 . 2008-05-17 01:36 <REP> d-------- C:\Program Files\CubeTwister 1.0.3.1
        2008-05-17 01:35 . 2008-05-17 01:36 <REP> d--h----- C:\Program Files\Zero G Registry
        2008-05-16 18:16 . 2004-11-05 11:08 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
        2008-05-16 18:16 . 2004-05-10 14:19 639,052 --a------ C:\WINDOWS\system32\BBPDFPortMon.dll
        2008-05-16 18:16 . 2008-05-16 18:16 23 --ah----- C:\WINDOWS\yacht.xws
        2008-05-16 18:12 . 2008-05-17 10:19 <REP> d-------- C:\Program Files\Fichiers communs\Bluebeam Software
        2008-05-16 18:10 . 2008-05-16 18:10 <REP> d-------- C:\Program Files\Fichiers communs\Solidworks Data
        2008-05-16 18:08 . 2008-05-16 18:08 42 --a------ C:\WINDOWS\trailer.xws
        2008-05-15 20:44 . 2008-05-15 20:44 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
        2008-05-15 20:43 . 2008-05-15 20:43 <REP> d-------- C:\Program Files\MSXML 6.0
        2008-05-15 20:43 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
        2008-05-13 19:27 . 2008-05-13 19:27 <REP> d-------- C:\WINDOWS\Sun
        2008-05-12 10:09 . 2008-05-12 10:09 <REP> d-------- C:\Program Files\QuickTime
        2008-05-12 10:08 . 2008-05-12 10:08 <REP> d-------- C:\Program Files\Apple Software Update
        2008-05-12 10:08 . 2008-05-12 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
        2008-05-12 10:08 . 2008-05-12 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-06-21 07:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
        2008-05-03 14:02 --------- d-----w C:\Program Files\Wanadoo
        2008-05-03 09:13 --------- d-----w C:\Program Files\Securitoo
        2008-05-03 09:00 --------- d-----w C:\Program Files\Intel
        2008-05-03 09:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
        2008-05-03 09:00 --------- d-----w C:\Program Files\Alwil Software
        2008-05-03 08:58 --------- d-----w C:\Program Files\Analog Devices
        2008-05-03 08:45 --------- d-----w C:\Program Files\microsoft frontpage
        2008-05-03 08:44 --------- d-----w C:\Program Files\Services en ligne
        2004-08-20 17:09 62,865 ----a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
        2004-08-20 17:09 45,056 ----a-w C:\WINDOWS\inf\IM\imdinst.exe
        2004-08-20 17:09 12,739 ----a-w C:\WINDOWS\inf\IM\odNetInstall.dll
        2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
        2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
        2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
        .

        ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
        2008-06-29 11:00 103424 --a------ C:\WINDOWS\system32\olhvzc.dll

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}]

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E}]
        C:\WINDOWS\system32\ddcYrOfe.dll

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-15 16:46 289088]
        "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
        "Steam"="g:\programmes\valve\steam\steam.exe" [2008-06-28 11:23 1271032]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
        "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
        "c0385189"="C:\WINDOWS\system32\drqkjeni.dll" [2008-06-29 11:03 82432]
        "BMc30b6215"="C:\WINDOWS\system32\cfeakyis.dll" [2008-06-29 11:00 90624]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 21:57 15360]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYspM]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
        G:\Programmes\WindowBlinds\wbsrv.dll 2008-06-26 06:49 210168 G:\Programmes\WindowBlinds\WbSrv.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=wbsys.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
        "vidc.I420"= i420vfw.dll
        "vidc.yv12"= yv12vfw.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
        --a------ 2007-01-19 11:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
        --a------ 2005-12-12 15:52 454656 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G520+A]
        --a------ 2007-10-25 10:28 1552384 C:\Program Files\D-Link\AirPlus G DWL-G520+A\AirGCFG.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
        --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
        --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\uTorrent\\uTorrent.exe"=
        "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "F:\\Valentin\\Program files\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
        "F:\\Valentin\\Program files\\FileZilla FTP Client\\filezilla.exe"=
        "F:\\Valentin\\Program files\\FlashGet\\flashget.exe"=
        "G:\\Programmes\\eMule\\emule.exe"=
        "C:\\Program Files\\DNA\\btdna.exe"=
        "G:\\Programmes\\BitTorrent\\bittorrent.exe"=
        "G:\\Programmes\\Valve\\Steam\\SteamApps\\montspy\\counter-strike\\hl.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "25352:TCP"= 25352:TCP:uTorrent TCP
        "25352:UDP"= 25352:UDP:uTorrent UDP

        R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
        R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
        R2 NMSAccessU;NMSAccessU;G:\Programmes\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
        R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 10:59]
        S3 wampapache;wampapache;"F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
        S3 wampmysqld;wampmysqld;"F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe" wampmysqld []

        .
        Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
        "2008-06-22 10:00:00 C:\WINDOWS\Tasks\Prefetch.job"
        - C:\WINDOWS\prefetchCleanUp.bat
        .
        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-30 16:36:27
        Windows 5.1.2600 Service Pack 2 NTFS

        Balayage processus cach‚s ...

        Balayage cach‚ autostart entries ...

        Balayage des fichiers cach‚s ...

        Scan termin‚ avec succŠs
        Les fichiers cach‚s: 0

        **************************************************************************
        .
        ------------------------ Other Running Processes ------------------------
        .
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\rundll32.exe
        G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
        C:\WINDOWS\system32\wscntfy.exe
        .
        **************************************************************************
        .
        Temps d'accomplissement: 2008-06-30 16:41:00 - machine was rebooted
        ComboFix-quarantined-files.txt 2008-06-30 14:40:48

        Pre-Run: 10,119,110,656 octets libres
        Post-Run: 10,455,552,000 octets libres

        270 --- E O F --- 2008-06-20 16:01:00


        Et enfin HiJackThis :

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 16:43:04, on 30/06/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        G:\Programmes\CDBurnerXP\NMSAccessU.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\Rundll32.exe
        C:\Program Files\DNA\btdna.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\explorer.exe
        C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: {74b2bed3-d124-9f4b-c374-fcdfd1ae0e2a} - {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} - C:\WINDOWS\system32\olhvzc.dll
        O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)
        O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [c0385189] rundll32.exe "C:\WINDOWS\system32\drqkjeni.dll",b
        O4 - HKLM\..\Run: [BMc30b6215] Rundll32.exe "C:\WINDOWS\system32\cfeakyis.dll",s
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
        O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
        O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
        O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
        O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
        O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
        O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
        O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
        O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\
        O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
        O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
        O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
        0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu n as pas appliquer d actions avec malwarebytes :

    refais une analyse et à la fin du scan, veille à ce que tout soit bien coché et cliquer sur supprimer la sélection...puis envois le rapport

    ensuite :

    Copie le texte en gras ci-dessous :

    File::
    c:\windows\pskt.ini
    c:\windows\system32\drqkjeni.dll
    c:\windows\system32\cfeakyis.dll
    c:\windows\system32\smab0.dll

    Folder::

    Registry::


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    ensuite refais un nouveau rapport hijackthis pour vérifier stp
    0
  3. Montspy Messages postés 24 Statut Membre
     
    Salut !

    Arf mince j'avais du remettre à jour la base de registre comme spybot me le demandait :s

    Voila le rapport malwarebytes :

    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 907
    Windows 5.1.2600 Service Pack 2

    12:13:01 01/07/2008
    mbam-log-7-1-2008 (12-13-01).txt

    Type de recherche: Examen complet (C:\|F:\|G:\|)
    Eléments examinés: 219955
    Temps écoulé: 37 minute(s), 57 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0385189 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc30b6215 (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\drqkjeni.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\inejkqrd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{D7D74D21-BDE3-4AFE-853F-38833BCCD996}\RP88\A0046795.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cfeakyis.dll (Trojan.Agent) -> Delete on reboot.


    Le rapport combofix :

    ComboFix 08-06-20.4 - Propriétaire 2008-07-01 12:18:26.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.634 [GMT 2:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color

    FILE ::
    c:\windows\pskt.ini
    c:\windows\system32\cfeakyis.dll
    c:\windows\system32\drqkjeni.dll
    c:\windows\system32\smab0.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pskt.ini
    c:\windows\system32\smab0.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-30 16:42 . 2008-06-30 16:42 <REP> d-------- C:\Documents and Settings\PropriÚtaire
    2008-06-30 16:41 . 2008-06-30 16:41 0 --a------ C:\WINDOWS\BMc30b6215.xml
    2008-06-30 15:46 . 2008-06-30 15:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
    2008-06-30 15:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-30 15:45 . 2008-06-30 15:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-30 15:45 . 2008-06-30 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-30 15:45 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-29 20:47 . 2008-06-29 21:01 153 --a------ C:\WINDOWS\wininit.ini
    2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp\Bluebeam Software
    2008-06-29 20:46 . 2008-06-29 20:46 <REP> d-------- C:\Temp
    2008-06-29 20:01 . 2008-06-29 20:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-29 20:01 . 2008-06-29 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\olhvzc.dll
    2008-06-29 11:00 . 2008-06-29 11:00 103,424 --a------ C:\WINDOWS\system32\emlxsjnm.dll
    2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\jximvi.dll
    2008-06-28 10:59 . 2008-06-28 10:59 103,424 --a------ C:\WINDOWS\system32\bjutfktp.dll
    2008-06-28 10:57 . 2008-06-28 10:57 90,624 --a------ C:\WINDOWS\system32\qlkkarwy.dll
    2008-06-26 06:26 . 2008-06-26 06:26 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp
    2008-06-25 22:54 . 2008-06-28 22:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\codeblocks
    2008-06-24 22:44 . 2008-06-24 22:44 <REP> d-------- C:\WINDOWS\Applian FLV Player
    2008-06-22 19:56 . 2008-06-22 19:58 26 --a------ C:\WINDOWS\memory.vbs
    2008-06-22 11:41 . 2008-06-22 11:42 30 --a------ C:\WINDOWS\prefetchCleanUp.bat
    2008-06-21 09:53 . 2008-06-21 09:53 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
    2008-06-21 09:50 . 2004-05-21 10:59 283,392 -ra------ C:\WINDOWS\system32\drivers\GPlus.sys
    2008-06-21 09:50 . 2004-05-21 10:59 83,024 -ra------ C:\WINDOWS\system32\drivers\FwRad16.bin
    2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\D-Link
    2008-06-21 09:49 . 2008-06-21 09:49 <REP> d-------- C:\Program Files\ANI
    2008-06-21 09:48 . 2008-06-21 09:48 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
    2008-06-21 09:40 . 2003-05-31 20:10 651,264 -ra------ C:\WINDOWS\system32\libeay32.dll
    2008-06-21 09:40 . 2003-05-31 20:10 450,560 -ra------ C:\WINDOWS\system32\AegisE5.dll
    2008-06-21 09:40 . 2003-05-31 20:10 327,680 -ra------ C:\WINDOWS\system32\AegisE2.dll
    2008-06-21 09:40 . 2003-05-31 20:10 147,456 -ra------ C:\WINDOWS\system32\ssleay32.dll
    2008-06-21 09:40 . 2003-10-28 10:34 114,688 --a------ C:\WINDOWS\system32\athcfg10.dll
    2008-06-21 08:47 . 2008-06-22 11:59 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-06-20 20:16 . 2004-05-21 10:59 84,644 -ra------ C:\WINDOWS\system32\drivers\FwRad17.bin
    2008-06-20 20:16 . 2004-08-20 19:09 62,865 --a------ C:\WINDOWS\system32\drivers\odysseyIM3.sys
    2008-06-20 20:16 . 2004-08-20 19:09 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
    2008-06-20 20:16 . 2004-08-20 19:09 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-06-15 19:36 . 2008-06-15 19:41 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-15 19:36 . 2007-04-20 02:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
    2008-06-15 16:46 . 2008-06-15 16:46 <REP> d-------- C:\Program Files\DNA
    2008-06-15 16:46 . 2008-07-01 12:14 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DNA
    2008-06-15 16:46 . 2008-06-15 16:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
    2008-06-15 10:45 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-06-15 10:40 . 2008-06-15 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-06-14 21:06 . 2008-06-14 21:06 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Songbird2
    2008-06-14 21:06 . 2008-06-14 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
    2008-06-12 18:57 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
    2008-06-12 18:53 . 2008-06-12 18:53 <REP> d-------- C:\Intel
    2008-06-11 11:26 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 11:26 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-09 19:30 . 2008-06-26 06:23 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
    2008-06-09 19:27 . 2008-06-25 22:48 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
    2008-06-09 19:24 . 2008-06-26 06:27 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
    2008-06-09 19:20 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
    2008-06-09 19:19 . 2008-06-26 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2008-06-09 19:19 . 2007-07-11 14:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
    2008-06-09 19:19 . 2008-06-09 19:19 53 --a------ C:\WINDOWS\wb.ini
    2008-06-08 19:43 . 2008-06-08 19:43 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-06-07 19:13 . 2008-06-22 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-07 19:13 . 2008-06-07 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-06 18:30 . 2008-06-06 18:30 <REP> d-------- C:\WINDOWS\Drivers
    2008-06-06 18:26 . 2008-06-24 16:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-06-02 17:32 . 2008-06-02 17:32 122 --a------ C:\WINDOWS\Winchat.ini
    2008-06-02 17:29 . 2008-06-02 17:29 <REP> d--h----- C:\Documents and Settings\NetworkService\Voisinage réseau
    2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
    2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Menu Démarrer
    2008-06-02 17:29 . 2008-06-02 17:29 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2008-06-02 17:29 . 2008-06-02 17:29 <REP> d-------- C:\Documents and Settings\NetworkService\Bureau
    2008-06-01 18:49 . 2008-06-02 17:17 <REP> d-------- C:\Program Files\Audacity

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-30 22:05 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
    2008-06-21 07:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-15 18:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\CDBurnerXP_Soft
    2008-06-08 10:11 --------- d-----w C:\Program Files\World of Warcraft
    2008-05-31 11:33 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\FileZilla
    2008-05-27 20:31 --------- d-----w C:\Program Files\MSXML 4.0
    2008-05-27 15:56 --------- d-----w C:\Program Files\Windows Live
    2008-05-27 15:55 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-05-26 16:46 --------- d-----w C:\Program Files\Notepad++
    2008-05-24 17:35 564,736 ----a-w C:\WINDOWS\system32\ah.scr
    2008-05-24 17:35 45,056 ----a-w C:\WINDOWS\system32\sstunst3.exe
    2008-05-23 18:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-23 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-05-23 18:37 --------- d-----w C:\Program Files\Bonjour
    2008-05-23 18:28 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-05-21 18:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-21 17:04 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Publish Providers
    2008-05-21 17:03 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Sony
    2008-05-21 10:29 --------- d-----w C:\Program Files\MSBuild
    2008-05-21 10:25 --------- d-----w C:\Program Files\Reference Assemblies
    2008-05-21 10:20 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Sony Setup
    2008-05-21 09:29 --------- d-----w C:\Program Files\eRightSoft
    2008-05-21 07:32 --------- d-----w C:\Program Files\DLDIrc
    2008-05-19 15:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\SolidWorks
    2008-05-17 08:23 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\DWGeditor
    2008-05-17 08:19 --------- d-----w C:\Program Files\Fichiers communs\SolidWorks Shared
    2008-05-17 08:19 --------- d-----w C:\Program Files\Fichiers communs\Bluebeam Software
    2008-05-17 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluebeam Software
    2008-05-16 23:36 --------- d--h--w C:\Program Files\Zero G Registry
    2008-05-16 23:36 --------- d-----w C:\Program Files\CubeTwister 1.0.3.1
    2008-05-16 16:10 --------- d-----w C:\Program Files\Fichiers communs\Solidworks Data
    2008-05-15 18:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-05-15 18:43 --------- d-----w C:\Program Files\MSXML 6.0
    2008-05-12 08:09 --------- d-----w C:\Program Files\QuickTime
    2008-05-12 08:08 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-12 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-12 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-09 15:01 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-05-09 15:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\NCH Swift Sound
    2008-05-09 10:08 --------- d-----w C:\Program Files\WowCartographe
    2008-05-08 15:01 --------- d-----w C:\Program Files\VideoLAN
    2008-05-08 15:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\vlc
    2008-05-08 12:53 --------- d-----w C:\Program Files\Java
    2008-05-08 12:52 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-08 09:14 --------- d-----w C:\Program Files\VIAudioi
    2008-05-08 09:13 --------- d-----w C:\Program Files\VIA
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-06 15:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Notepad++
    2008-05-05 16:45 --------- d-----w C:\Program Files\uTorrent
    2008-05-03 16:12 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-05-03 14:02 --------- d-----w C:\Program Files\Wanadoo
    2008-05-03 14:01 --------- d-----w C:\Program Files\SAGEM
    2008-05-03 09:13 --------- d-----w C:\Program Files\Securitoo
    2008-05-03 09:00 --------- d-----w C:\Program Files\Intel
    2008-05-03 09:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-03 09:00 --------- d-----w C:\Program Files\Alwil Software
    2008-05-03 08:58 --------- d-----w C:\Program Files\Analog Devices
    2008-05-03 08:45 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-03 08:44 --------- d-----w C:\Program Files\Services en ligne
    2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2004-08-20 17:09 62,865 ----a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
    2004-08-20 17:09 45,056 ----a-w C:\WINDOWS\inf\IM\imdinst.exe
    2004-08-20 17:09 12,739 ----a-w C:\WINDOWS\inf\IM\odNetInstall.dll
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-30_16.40.22.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-30 14:35:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-01 10:15:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-30 19:14:25 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
    - 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    + 2008-07-01 10:15:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
    2008-06-29 11:00 103424 --a------ C:\WINDOWS\system32\olhvzc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E}]
    C:\WINDOWS\system32\ddcYrOfe.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-15 16:46 289088]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "Steam"="g:\programmes\valve\steam\steam.exe" [2008-06-28 11:23 1271032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
    "BMc30b6215"="C:\WINDOWS\system32\cfeakyis.dll" [ ]
    "c0385189"="C:\WINDOWS\system32\drqkjeni.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 21:57 15360]

    C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    Alienware Dock.lnk - G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-06-09 19:19:42 2074360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYspM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    G:\Programmes\WindowBlinds\wbsrv.dll 2008-06-26 06:49 210168 G:\Programmes\WindowBlinds\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    --a------ 2007-01-19 11:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
    --a------ 2005-12-12 15:52 454656 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G520+A]
    --a------ 2007-10-25 10:28 1552384 C:\Program Files\D-Link\AirPlus G DWL-G520+A\AirGCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "F:\\Valentin\\Program files\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "F:\\Valentin\\Program files\\FileZilla FTP Client\\filezilla.exe"=
    "F:\\Valentin\\Program files\\FlashGet\\flashget.exe"=
    "G:\\Programmes\\eMule\\emule.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "G:\\Programmes\\BitTorrent\\bittorrent.exe"=
    "G:\\Programmes\\Valve\\Steam\\SteamApps\\montspy\\counter-strike\\hl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25352:TCP"= 25352:TCP:uTorrent TCP
    "25352:UDP"= 25352:UDP:uTorrent UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 NMSAccessU;NMSAccessU;G:\Programmes\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
    R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 10:59]
    S3 wampapache;wampapache;"F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;"F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe" wampmysqld []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-22 10:00:00 C:\WINDOWS\Tasks\Prefetch.job"
    - C:\WINDOWS\prefetchCleanUp.bat
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-01 12:20:01
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-01 12:21:13
    ComboFix-quarantined-files.txt 2008-07-01 10:20:56
    ComboFix2.txt 2008-06-30 14:41:01

    Pre-Run: 12,651,134,976 octets libres
    Post-Run: 12,644,143,104 octets libres

    256 --- E O F --- 2008-06-20 16:01:00


    Et le HiJackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:22:55, on 01/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    G:\Programmes\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {74b2bed3-d124-9f4b-c374-fcdfd1ae0e2a} - {a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47} - C:\WINDOWS\system32\olhvzc.dll
    O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BMc30b6215] Rundll32.exe "C:\WINDOWS\system32\cfeakyis.dll",s
    O4 - HKLM\..\Run: [c0385189] rundll32.exe "C:\WINDOWS\system32\drqkjeni.dll",b
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
    O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
    O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
    0
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    télécharge OtMoveIt

    Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    Double-clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

    c:\windows\system32\olhvzc.dll
    c:\windows\system32\cfeakyis.dll
    c:\windows\system32\drqkjeni.dll


    clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    Clique sur Exit pour fermer.
    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

    ensuite :

    Fix.reg

    Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2e0ea1d-fdcf-473c-b4f9-421d3deb2b47}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BMc30b6215"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "c0385189"=-


    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
    Puis click sur "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    ca doit ressembler a ca une fois enrregistré :

    http://img520.imageshack.us/img520/4251/screenshot005ps2.png

    double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    ensuite refais un nouveau rapport hijackthis stp
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Montspy Messages postés 24 Statut Membre
     
    Alors voici ce qui est demandé :

    MoveIt! :

    DllUnregisterServer procedure not found in c:\windows\system32\olhvzc.dll
    c:\windows\system32\olhvzc.dll NOT unregistered.
    c:\windows\system32\olhvzc.dll moved successfully.
    File/Folder c:\windows\system32\cfeakyis.dll not found.
    File/Folder c:\windows\system32\drqkjeni.dll not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_130905


    HiJackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:13:23, on 01/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    G:\Programmes\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Valentin\Program files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "g:\programmes\valve\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = G:\Programmes\AlienGUIse\AlienwareDock\ObjectDock.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - F:\Valentin\Program files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Valentin\Program files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28D58CCF-F453-417B-A3CF-51487D6AC9D6}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0187A1-EAF6-43B2-A26D-B8378D6A93B9}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E266B276-FCD0-4C3B-B2F4-08046DB6094F}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
    O17 - HKLM\System\CS3\Services\Tcpip\..\{1782C593-2E9B-49AF-BDD8-43607720EB2D}: NameServer = 80.10.246.2,80.10.246.129
    O20 - Winlogon Notify: fccaYspM - C:\WINDOWS\
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccessU - Unknown owner - G:\Programmes\CDBurnerXP\NMSAccessU.exe
    O23 - Service: wampapache - Apache Software Foundation - F:\Valentin\Program files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - F:\Valentin\Program files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
    0
  7. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    je ne vois plus d infections dans ton rapport...tu peux faire ceci :

    relance hijackthis en cliquant sur scan only et coches cette ligne :

    O2 - BHO: (no name) - {EA48B983-CAD0-4BB5-A7F1-0D63C472DE7E} - C:\WINDOWS\system32\ddcYrOfe.dll (file missing)

    ensuite cliques sur fix checked.

    est ce que tu as encore des problemes??
    0
    1. Montspy
       
      Oki je fais le hijackthis sinon aucuns problèmes merci !

      Montspy.
      0