Pub intempestive et lenteur sur le net Résolu/Fermé

Question

Bonjour,
depuis quelques jours mon PC est infecté par le virus TR /vundo.
J'ai bien essayé de suivre les différents tuto parlant de son éviction mais hélas il semble qu'il résiste à toutes mes tentatives. Aussi je fais appel à votre expertise pour m'aider à ma sortir de ce mauvais pas.
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35, on 2008-07-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings
oulpette\Bureau	est.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - G:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: (no name) - {A26A9EED-7D58-49FE-B55E-308953838945} - C:\WINDOWS\system32\ddayw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BF49BB21-A4DE-4E8B-847B-2CEA1C165531} - C:\WINDOWS\system32\xxyxWNEt.dll
O2 - BHO: {e8c96c2e-a742-3f19-d614-4f5dad02625c} - {c52620da-d5f4-416d-91f3-247ae2c69c8e} - C:\WINDOWS\system32\cnipxj.dll
O2 - BHO: (no name) - {E8D4167F-972F-48BE-B351-F16C32FE2262} - C:\WINDOWS\system32\jkhff.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - G:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BM3b8a7a52] Rundll32.exe "C:\WINDOWS\system32\fooeqeho.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "G:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Convertir en Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O20 - Winlogon Notify: vtuttro - vtuttro.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - G:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

E..T · Answer

Bonjour,

* Télécharge MalwareByte's Anti-Malware (by RubbeR DuckY) :
*http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
* Installe le programme sur le bureau :

o S'il manque le fichier COMCTL32.OCX,  télécharge le ici

* Fais les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)

* Démarre en mode sans échec

* Lance le MalwareByte's Anti-Malware, clique sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs

* Une fois le scan terminé, clique sur supprimer (si un message te demande de redémarrer le PC, accepte.
* Un rapport sera généré, enregistre le de manière à le retrouver et poste le ici.

@++

lolive · Answer

Bonjour, 
Tout d'abord merci ET de te pencher sur mon cas :)
Donc, j'ai bien fait tout ce que tu as demandé et voici le rapport de MalwareByte's Anti-Malware :


Malwarebytes' Anti-Malware 1.20
Database version: 963
Windows 5.1.2600 Service Pack 2

13:24:21 18/07/2008
mbam-log-7-18-2008 (13-24-10).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 249235
Time elapsed: 1 hour(s), 18 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\xxyxWNEt.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da52e20f-2a0c-40bf-8e98-cd47202bc492} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da52e20f-2a0c-40bf-8e98-cd47202bc492} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3b8a7a52 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxwnet -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxwnet  -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\xxyxWNEt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32	ENWxyxx.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32	ENWxyxx.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vujbvfvg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gvfvbjuv.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings
oulpette\Local Settings\Temporary Internet Files\Content.IE5\KHFVO2VN\AV2009Install_77052204[1].exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\fooeqeho.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\BM3b8a7a52.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM3b8a7a52.txt (Trojan.Vundo) -> No action taken.

@++
NB: pour l'instant le PC est toujours infecté.

jlpjlp · Answer

slt,

pour avancer E.T

scan avec:
virtumondebegone

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe­


____________

Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t12­1.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

lolive · Answer

slt jlpjlp,
donc voici tout d'abord le rapport de virtumondebegone  :

[07/18/2008, 0:20:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings
oulpette\Bureau\VirtumundoBeGone.exe" )
[07/18/2008, 0:20:07] - Detected System Information:
[07/18/2008, 0:20:07] -  Windows Version: 5.1.2600, Service Pack 2
[07/18/2008, 0:20:07] -  Current Username: noulpette (Admin)
[07/18/2008, 0:20:07] -  Windows is in NORMAL mode.
[07/18/2008, 0:20:07] - Searching for Browser Helper Objects:
[07/18/2008, 0:20:07] -  BHO 1: {6DDFC182-DD36-4D0A-924F-030FBB487DD8} ()
[07/18/2008, 0:20:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:07] -  Checking for HKLM\...\Winlogon\Notify\xxyxWNEt
[07/18/2008, 0:20:07] -  Key not found: HKLM\...\Winlogon\Notify\xxyxWNEt, continuing.
[07/18/2008, 0:20:07] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/18/2008, 0:20:07] -  BHO 3: {82336A8D-6CD0-4647-B791-75FCA8CF2B39} ()
[07/18/2008, 0:20:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:07] -  Checking for HKLM\...\Winlogon\Notify	uvUNgGA
[07/18/2008, 0:20:07] -  Found: HKLM\...\Winlogon\Notify	uvUNgGA - This is probably Virtumundo.
[07/18/2008, 0:20:07] -  Assigning {82336A8D-6CD0-4647-B791-75FCA8CF2B39} MSEvents Object
[07/18/2008, 0:20:07] - BHO list has been changed! Starting over...
[07/18/2008, 0:20:07] -  BHO 1: {6DDFC182-DD36-4D0A-924F-030FBB487DD8} ()
[07/18/2008, 0:20:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:07] -  Checking for HKLM\...\Winlogon\Notify\xxyxWNEt
[07/18/2008, 0:20:07] -  Key not found: HKLM\...\Winlogon\Notify\xxyxWNEt, continuing.
[07/18/2008, 0:20:07] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/18/2008, 0:20:07] -  BHO 3: {82336A8D-6CD0-4647-B791-75FCA8CF2B39} (MSEvents Object)
[07/18/2008, 0:20:07] - ALERT: Found MSEvents Object!
[07/18/2008, 0:20:07] -  BHO 4: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance CM-CIC)
[07/18/2008, 0:20:07] -  BHO 5: {A26A9EED-7D58-49FE-B55E-308953838945} ()
[07/18/2008, 0:20:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:07] -  Checking for HKLM\...\Winlogon\Notify\ddayw
[07/18/2008, 0:20:07] -  Key not found: HKLM\...\Winlogon\Notify\ddayw, continuing.
[07/18/2008, 0:20:07] -  BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/18/2008, 0:20:07] -  BHO 7: {c52620da-d5f4-416d-91f3-247ae2c69c8e} ()
[07/18/2008, 0:20:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:07] -  Checking for HKLM\...\Winlogon\Notify\cnipxj
[07/18/2008, 0:20:07] -  Key not found: HKLM\...\Winlogon\Notify\cnipxj, continuing.
[07/18/2008, 0:20:07] -  BHO 8: {E8D4167F-972F-48BE-B351-F16C32FE2262} ()
[07/18/2008, 0:20:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:07] -  Checking for HKLM\...\Winlogon\Notify\jkhff
[07/18/2008, 0:20:08] -  Key not found: HKLM\...\Winlogon\Notify\jkhff, continuing.
[07/18/2008, 0:20:08] - Finished Searching Browser Helper Objects
[07/18/2008, 0:20:08] - *** Detected MSEvents Object
[07/18/2008, 0:20:08] - Trying to remove MSEvents Object...
[07/18/2008, 0:20:09] -    Terminating Process: IEXPLORE.EXE
[07/18/2008, 0:20:09] -    Terminating Process: RUNDLL32.EXE
[07/18/2008, 0:20:09] -    Disabling Automatic Shell Restart
[07/18/2008, 0:20:09] -    Terminating Process: EXPLORER.EXE
[07/18/2008, 0:20:09] -    Suspending the NT Session Manager System Service
[07/18/2008, 0:20:10] -    Terminating Windows NT Logon/Logoff Manager
[07/18/2008, 0:20:10] -    Re-enabling Automatic Shell Restart
[07/18/2008, 0:20:10] -   File to disable: C:\WINDOWS\system32	uvUNgGA.dll
[07/18/2008, 0:20:10] -  Renaming C:\WINDOWS\system32	uvUNgGA.dll -> C:\WINDOWS\system32	uvUNgGA.dll.vir
[07/18/2008, 0:20:10] -  File successfully renamed!
[07/18/2008, 0:20:10] -   Removing HKLM\...\Browser Helper Objects\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}
[07/18/2008, 0:20:10] -   Removing HKCR\CLSID\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}
[07/18/2008, 0:20:10] -   Adding Kill Bit for ActiveX for GUID: {82336A8D-6CD0-4647-B791-75FCA8CF2B39}
[07/18/2008, 0:20:10] -   Deleting ATLEvents/MSEvents Registry entries
[07/18/2008, 0:20:10] -   Removing HKLM\...\Winlogon\Notify	uvUNgGA
[07/18/2008, 0:20:10] - Searching for Browser Helper Objects:
[07/18/2008, 0:20:10] -  BHO 1: {6DDFC182-DD36-4D0A-924F-030FBB487DD8} ()
[07/18/2008, 0:20:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:10] -  Checking for HKLM\...\Winlogon\Notify\xxyxWNEt
[07/18/2008, 0:20:10] -  Key not found: HKLM\...\Winlogon\Notify\xxyxWNEt, continuing.
[07/18/2008, 0:20:10] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/18/2008, 0:20:10] -  BHO 3: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance CM-CIC)
[07/18/2008, 0:20:10] -  BHO 4: {A26A9EED-7D58-49FE-B55E-308953838945} ()
[07/18/2008, 0:20:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:10] -  Checking for HKLM\...\Winlogon\Notify\ddayw
[07/18/2008, 0:20:10] -  Key not found: HKLM\...\Winlogon\Notify\ddayw, continuing.
[07/18/2008, 0:20:10] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/18/2008, 0:20:10] -  BHO 6: {c52620da-d5f4-416d-91f3-247ae2c69c8e} ()
[07/18/2008, 0:20:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:10] -  Checking for HKLM\...\Winlogon\Notify\cnipxj
[07/18/2008, 0:20:10] -  Key not found: HKLM\...\Winlogon\Notify\cnipxj, continuing.
[07/18/2008, 0:20:10] -  BHO 7: {E8D4167F-972F-48BE-B351-F16C32FE2262} ()
[07/18/2008, 0:20:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 0:20:10] -  Checking for HKLM\...\Winlogon\Notify\jkhff
[07/18/2008, 0:20:10] -  Key not found: HKLM\...\Winlogon\Notify\jkhff, continuing.
[07/18/2008, 0:20:10] - Finished Searching Browser Helper Objects
[07/18/2008, 0:20:10] - Finishing up...
[07/18/2008, 0:20:10] - A restart is needed.
[07/18/2008, 0:20:20] - Attempting to Restart via STOP error (Blue Screen!)

[07/18/2008, 19:28:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings
oulpette\Bureau\VirtumundoBeGone.exe" )
[07/18/2008, 19:28:14] - Detected System Information:
[07/18/2008, 19:28:14] -  Windows Version: 5.1.2600, Service Pack 2
[07/18/2008, 19:28:14] -  Current Username: noulpette (Admin)
[07/18/2008, 19:28:14] -  Windows is in NORMAL mode.
[07/18/2008, 19:28:14] - Searching for Browser Helper Objects:
[07/18/2008, 19:28:14] -  BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/18/2008, 19:28:14] -  BHO 2: {7E996727-F743-4451-9C2B-901BF1C4F404} ()
[07/18/2008, 19:28:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 19:28:14] -  Checking for HKLM\...\Winlogon\Notify\xxyxWNEt
[07/18/2008, 19:28:14] -  Key not found: HKLM\...\Winlogon\Notify\xxyxWNEt, continuing.
[07/18/2008, 19:28:14] -  BHO 3: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance CM-CIC)
[07/18/2008, 19:28:14] -  BHO 4: {A26A9EED-7D58-49FE-B55E-308953838945} ()
[07/18/2008, 19:28:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 19:28:14] -  Checking for HKLM\...\Winlogon\Notify\ddayw
[07/18/2008, 19:28:14] -  Key not found: HKLM\...\Winlogon\Notify\ddayw, continuing.
[07/18/2008, 19:28:14] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/18/2008, 19:28:14] -  BHO 6: {c52620da-d5f4-416d-91f3-247ae2c69c8e} ()
[07/18/2008, 19:28:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 19:28:14] -  Checking for HKLM\...\Winlogon\Notify\cnipxj
[07/18/2008, 19:28:14] -  Key not found: HKLM\...\Winlogon\Notify\cnipxj, continuing.
[07/18/2008, 19:28:14] -  BHO 7: {E8D4167F-972F-48BE-B351-F16C32FE2262} ()
[07/18/2008, 19:28:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/18/2008, 19:28:14] -  Checking for HKLM\...\Winlogon\Notify\jkhff
[07/18/2008, 19:28:14] -  Key not found: HKLM\...\Winlogon\Notify\jkhff, continuing.
[07/18/2008, 19:28:14] - Finished Searching Browser Helper Objects
[07/18/2008, 19:28:14] - Finishing up...
[07/18/2008, 19:28:14] - Nothing found! Exiting...
Voilou, si ça peut aider ^^
Je repars tout de suite lancer combofix, et je reviens poster le rapport :)
Olivier

lolive · Answer

Voilà le rapport de combofix
ComboFix 08-07-14.2 - noulpette 2008-07-18 19:36:13.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1602 [GMT 2:00]
Endroit: C:\Documents and Settings\noulpette\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnpxobbg.ini
C:\WINDOWS\system32\tENWxyxx.ini
C:\WINDOWS\system32\tENWxyxx.ini2
C:\WINDOWS\system32\vquateqt.ini
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\sehwwqgw.ini
C:\WINDOWS\system32\tENWxyxx.ini
C:\WINDOWS\system32\tENWxyxx.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))))))))
.

2008-07-18 11:57 . 2008-07-18 11:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-18 11:51 . 2008-07-18 11:51 <REP> d-------- C:\Documents and Settings\noulpette\Application Data\Malwarebytes
2008-07-18 11:51 . 2008-07-18 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 11:51 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-18 11:51 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 10:24 . 2008-07-18 10:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-18 10:22 . 2008-07-18 10:22 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-18 10:22 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-18 00:02 . 2008-07-18 00:02 105,200 --a------ C:\WINDOWS\system32\xfcjkfyl.dll
2008-07-18 00:02 . 2008-07-18 00:02 105,200 --a------ C:\WINDOWS\system32\cnipxj.dll
2008-07-17 23:57 . 2008-07-17 23:57 69,120 --a------ C:\WINDOWS\system32\ofnqqdfk.dll
2008-07-17 00:08 . 2008-07-17 00:08 38 --a------ C:\WINDOWS\avisplitter.INI
2008-07-16 23:55 . 2008-07-16 23:55 105,264 --a------ C:\WINDOWS\system32\xbefjq.dll
2008-07-16 23:55 . 2008-07-16 23:55 105,264 --a------ C:\WINDOWS\system32\wawkeqjs.dll
2008-07-16 23:54 . 2008-07-16 23:55 91,440 --a------ C:\WINDOWS\system32\erhtoiaf.dll
2008-07-15 23:54 . 2008-07-15 23:54 105,232 --a------ C:\WINDOWS\system32\nhsunmpd.dll
2008-07-15 23:54 . 2008-07-15 23:54 105,232 --a------ C:\WINDOWS\system32\jvbaug.dll
2008-07-15 23:53 . 2008-07-15 23:53 91,440 --a------ C:\WINDOWS\system32\gkajfrbt.dll
2008-07-15 23:46 . 2008-07-15 23:46 294 ---hs---- C:\WINDOWS\system32\sehwwqgw.ini
2008-07-15 17:33 . 2008-07-15 17:33 <REP> d-------- C:\VundoFix Backups
2008-07-15 16:51 . 2008-07-15 16:50 25,294,781 --a------ C:\WINDOWS\LPT$VPN.407
2008-07-15 16:50 . 2008-07-15 16:50 25,294,781 --a------ C:\WINDOWS\VPTNFILE.407
2008-07-15 16:49 . 2008-07-15 16:50 <REP> d-------- C:\WINDOWS\AU_Temp
2008-07-15 16:17 . 2008-07-15 16:17 105,232 --a------ C:\WINDOWS\system32\tyuppr.dll
2008-07-15 16:17 . 2008-07-15 16:17 105,232 --a------ C:\WINDOWS\system32\tpctjuea.dll
2008-07-15 16:14 . 2008-07-15 16:14 91,440 --a------ C:\WINDOWS\system32\rodpjqhe.dll
2008-07-15 16:09 . 2008-07-15 16:09 294 ---hs---- C:\WINDOWS\system32\nftjfwwr.ini
2008-07-15 12:32 . 2008-07-15 01:54 2,613,152 --a------ C:\ComboFix.exe
2008-07-15 12:28 . 2008-07-15 12:28 105,232 --a------ C:\WINDOWS\system32\uoimzo.dll
2008-07-15 12:28 . 2008-07-15 12:28 105,232 --a------ C:\WINDOWS\system32\surwuhot.dll
2008-07-15 12:28 . 2008-07-15 12:28 91,440 --a------ C:\WINDOWS\system32\wxobecbj.dll
2008-07-15 12:27 . 2008-07-15 12:27 91,440 --a------ C:\WINDOWS\system32\hnwskbwg.dll
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-15 00:42 . 2007-09-19 08:47 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-15 00:42 . 2007-07-04 01:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-15 00:42 . 2008-07-18 13:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-15 00:42 . 2008-07-15 00:42 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-14 21:42 . 2008-07-14 21:42 105,264 --a------ C:\WINDOWS\system32\mybrvivq.dll
2008-07-14 21:42 . 2008-07-14 21:42 105,264 --a------ C:\WINDOWS\system32\bfltlv.dll
2008-07-14 21:40 . 2008-07-14 21:40 90,944 --a------ C:\WINDOWS\system32\jqoskxsw.dll
2008-07-14 21:40 . 2008-07-14 21:40 81,168 --a------ C:\WINDOWS\system32\rjhiygwe.dll
2008-07-14 21:39 . 2008-07-14 21:39 314,672 --------- C:\WINDOWS\system32\xxyxWNEt.dll
2008-07-14 21:35 . 2008-07-14 21:35 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 14:50 91,744 -c--a-w C:\WINDOWS\BPMNT.dll
2008-07-15 14:50 71,749 -c--a-w C:\WINDOWS\hcextoutput.dll
2008-07-15 14:50 333,576 -c--a-w C:\WINDOWS\tsc.exe
2008-07-15 14:50 1,213,784 -c--a-w C:\WINDOWS\vsapi32.dll
2008-07-15 08:46 --------- d-----w C:\Documents and Settings\noulpette\Application Data\OpenOffice.org2
2008-06-22 09:43 --------- d-----w C:\Program Files\Java
2008-06-15 14:28 --------- d-----w C:\Program Files\Fichiers communs\BioWare
.

((((((((((((((((((((((((((((( snapshot@2008-07-15_12.25.11.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-12 00:06:56 71,749 -c--a-w C:\WINDOWS\AU_Temp\1\27\hcextoutput.dll
+ 2008-07-02 00:51:48 71,749 ----a-w C:\WINDOWS\AU_Temp\1\27\hcextoutput.dll
- 2007-12-12 00:06:56 267,845 -c--a-w C:\WINDOWS\AU_Temp\1\27\tsc.exe
+ 2008-07-02 00:51:48 333,576 ----a-w C:\WINDOWS\AU_Temp\1\27\TSC.exe
- 2005-11-09 19:05:12 86,094 -c--a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2006-11-22 15:48:28 91,744 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
- 2007-06-12 17:49:28 1,163,344 -c--a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 2008-03-30 16:55:22 1,213,784 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
- 1999-07-23 09:53:20 129,536 -c--a-w C:\WINDOWS\AuHCcup1.dll
+ 1999-07-23 08:53:20 129,536 -c--a-w C:\WINDOWS\AuHCcup1.dll
+ 2007-08-13 16:39:20 71,680 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2006-09-23 11:12:56 1,022,976 -c----w C:\WINDOWS\ie7\browseui.dll
+ 2004-08-04 04:54:24 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2007-08-13 16:54:10 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2007-08-13 16:18:02 60,416 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-08-13 16:44:02 69,120 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2007-08-13 16:45:18 78,336 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-08-13 16:54:10 191,488 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2007-08-13 16:39:12 55,296 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2007-08-13 16:36:06 36,352 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-08-13 16:39:02 92,672 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-08-13 16:38:04 491,520 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2007-08-13 16:44:18 40,960 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2007-08-13 16:32:30 45,568 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2007-08-13 16:01:12 48,128 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2007-08-13 16:54:10 156,160 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-09-23 11:12:56 1,497,088 -c----w C:\WINDOWS\ie7\shdocvw.dll
+ 2006-09-23 11:12:56 474,624 -c----w C:\WINDOWS\ie7\shlwapi.dll
+ 2007-09-26 16:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 16:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 15:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 15:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2007-08-13 16:54:10 413,696 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-08-13 16:54:10 765,952 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7\wininet.dll
- 2004-08-04 04:54:22 61,440 -c--a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 16:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 04:54:22 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 16:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-04 04:54:22 1,017,344 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-23 11:12:56 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 04:54:24 35,328 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 16:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
- 2004-08-04 04:54:22 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-04 04:54:22 101,888 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 16:39:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-04 04:54:22 1,017,344 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2006-09-23 11:12:56 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 04:54:24 35,328 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 16:42:54 17,408 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-08-04 04:54:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 16:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2004-08-04 04:54:24 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 16:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2004-08-04 04:54:24 201,728 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-13 16:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 04:54:26 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 16:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 04:54:28 38,912 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 16:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2004-08-04 04:54:52 34,304 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-13 16:39:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-04 04:54:28 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-13 16:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-04 04:54:28 221,696 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2002-09-07 00:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-08-13 15:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2004-08-04 04:54:28 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2004-08-04 04:54:52 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 16:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 04:54:28 81,920 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2004-08-04 04:54:28 249,344 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 04:54:28 49,152 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 16:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2004-08-04 04:54:28 63,488 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-04 04:54:52 93,184 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 16:43:56 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-04 04:54:30 35,840 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2004-08-04 04:54:30 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-04 04:54:30 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-04 04:54:30 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 04:54:30 22,528 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-04 04:54:58 29,184 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2004-08-04 04:54:34 3,003,392 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-13 16:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2004-08-04 04:54:34 448,512 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 16:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 04:53:16 57,344 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2002-09-07 00:00:00 146,432 -c----w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2004-08-04 04:54:36 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-13 16:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 04:54:36 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-13 16:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 04:54:36 97,280 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-08-13 16:44:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2004-08-04 04:54:38 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 16:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 04:54:40 1,483,776 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-23 11:12:56 1,497,088 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-04 04:54:40 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2006-09-23 11:12:56 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 04:54:44 37,888 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-08-13 16:44:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2004-08-04 04:54:44 603,136 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 16:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 04:54:44 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2004-08-04 04:54:44 848,384 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2004-08-04 04:54:46 281,600 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-13 16:54:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2004-08-04 04:54:46 660,480 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-13 16:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-21 16:44:34 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-07-17 21:04:10 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2004-08-04 04:54:24 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 16:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 04:54:24 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-13 16:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 04:54:26 55,808 -c--a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 16:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 16:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 06:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-04 04:54:52 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-13 16:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 04:54:28 139,264 -c--a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-13 16:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 04:54:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-13 16:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2002-09-07 00:00:00 245,760 -c--a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-13 15:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-02-12 14:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-07-11 10:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 04:54:28 323,584 -c--a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-13 16:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 04:54:28 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 16:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 16:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
- 2004-08-04 04:54:28 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 16:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 04:54:28 49,152 -c--a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 16:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 16:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 04:54:28 63,488 -c--a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 16:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 16:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 16:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 04:54:30 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 16:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2004-08-04 04:54:30 96,768 -c--a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 16:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 04:54:30 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 16:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 04:54:30 15,872 -c--a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-13 16:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 04:54:30 22,528 -c--a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 16:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 16:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-13 16:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 16:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-04 04:54:58 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 16:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2004-08-04 04:54:34 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-13 16:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 04:54:34 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-13 16:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 04:53:16 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 16:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2002-09-07 00:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 16:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2004-08-04 04:54:36 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-13 16:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 04:54:36 530,432 -c--a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-13 16:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 15:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 06:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-04 04:54:36 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-13 16:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
- 2004-08-04 04:54:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 16:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 04:54:40 1,483,776 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-09-23 11:12:56 1,497,088 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 04:54:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2006-09-23 11:12:56 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2005-05-04 12:45:28 14,560 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-06 15:43:28 15,072 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-04 04:54:44 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-13 16:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2004-08-04 04:54:44 603,136 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-13 16:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 04:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 16:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 04:54:46 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 16:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 16:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2004-08-04 04:54:46 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-13 16:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E996727-F743-4451-9C2B-901BF1C4F404}]
2008-07-14 21:39 314672 --------- C:\WINDOWS\system32\xxyxWNEt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26A9EED-7D58-49FE-B55E-308953838945}]
C:\WINDOWS\system32\ddayw.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c52620da-d5f4-416d-91f3-247ae2c69c8e}]
2008-07-18 00:02 105200 --a------ C:\WINDOWS\system32\cnipxj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8D4167F-972F-48BE-B351-F16C32FE2262}]
C:\WINDOWS\system32\jkhff.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"DAEMON Tools Pro Agent"="G:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17 1448448]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 23:04 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuttro]
vtuttro.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^noulpette^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\noulpette\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\38b949ce]
--a------ 2008-07-14 21:40 81168 C:\WINDOWS\system32\rjhiygwe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--------- 2007-05-10 22:46 624248 G:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 15:18 94208 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3b8a7a52]
--a------ 2008-07-14 21:40 90944 C:\WINDOWS\system32\jqoskxsw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"G:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\eMule\\emule.exe"=
"G:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"G:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2003-12-24 12:43]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;G:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 19:40:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-18 19:48:57 - machine was rebooted [noulpette]
ComboFix-quarantined-files.txt 2008-07-18 17:47:55
ComboFix2.txt 2008-07-15 11:06:31

Pre-Run: 2,071,773,184 octets libres
Post-Run: 2,174,238,720 octets libres

407
J'espère que cela va faire avancer le schmilblick ;)

Merci à vous,
Olivier

jlpjlp · Answer

analyse ces fichiers sur virus total et si inféctés ou de  taille ZERO (zero syzes) tu les rajoutes dans la partie " file :: "de la procedure suivante:  https://www.virustotal.com/gui/

C:\WINDOWS\system32\xfcjkfyl.dll
C:\WINDOWS\system32\ofnqqdfk.dll
C:\WINDOWS\system32\xbefjq.dll
C:\WINDOWS\system32\wawkeqjs.dll
C:\WINDOWS\system32\erhtoiaf.dll
C:\WINDOWS\system32
hsunmpd.dll
C:\WINDOWS\system32\jvbaug.dll
C:\WINDOWS\system32\gkajfrbt.dll
C:\WINDOWS\system32\sehwwqgw.ini
C:\WINDOWS\system32	yuppr.dll
C:\WINDOWS\system32	pctjuea.dll
C:\WINDOWS\system32odpjqhe.dll
C:\WINDOWS\system32
ftjfwwr.ini
C:\WINDOWS\system32\uoimzo.dll
C:\WINDOWS\system32\surwuhot.dll
C:\WINDOWS\system32\wxobecbj.dll
C:\WINDOWS\system32\hnwskbwg.dll
C:\WINDOWS\system32\mybrvivq.dll
C:\WINDOWS\system32\bfltlv.dll

_______________



pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


____________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :







File::

C:\WINDOWS\system32\ddayw.dll 
C:\WIDOWS\system32\xxyxWNEt.dll
C:\WINDOWS\system32\cnipxj.dll
C:\WINDOWS\system32\jkhff.dll 
C:\WINDOWS\system32\jqoskxsw.dll
C:\WINDOWS\system32jhiygwe.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E996727-F743-4451-9C2B-901BF1C4F404}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26A9EED-7D58-49FE-B55E-308953838945}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c52620da-d5f4-416d-91f3-247ae2c69c8e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8D4167F-972F-48BE-B351-F16C32FE2262}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\vtuttro]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\38b949ce]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3b8a7a52]





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

E..T · Answer

Salut vous deux, merci jlpjlp de ton passage et bien tu sais quoi je te le laisse la place ;-)) 
Je suis avec attention.
Bon courage à vous deux.

@++

lolive · Answer

SLT,
Tous les fichier que tu m'a proposé étaient infecté (excepté les .ini) !!!
Je les ais donc rajouté ds CFscript et lancer combofix sur ce fichier dont voici le rappor :
ComboFix 08-07-14.2 - noulpette 2008-07-18 21:53:42.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1629 [GMT 2:00]
Endroit: C:\Documents and Settings\noulpette\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\noulpette\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WIDOWS\system32\xxyxWNEt.dll
C:\WINDOWS\system32\bfltlv.dll
C:\WINDOWS\system32\cnipxj.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\erhtoiaf.dll
C:\WINDOWS\system32\gkajfrbt.dll
C:\WINDOWS\system32\hnwskbwg.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jqoskxsw.dll
C:\WINDOWS\system32\jvbaug.dll
C:\WINDOWS\system32\mybrvivq.dll
C:\WINDOWS\system32\nhsunmpd.dll
C:\WINDOWS\system32\ofnqqdfk.dll
C:\WINDOWS\system32\rjhiygwe.dll
C:\WINDOWS\system32\rodpjqhe.dll
C:\WINDOWS\system32\surwuhot.dll
C:\WINDOWS\system32\tpctjuea.dll
C:\WINDOWS\system32\tyuppr.dll
C:\WINDOWS\system32\uoimzo.dll
C:\WINDOWS\system32\wawkeqjs.dll
C:\WINDOWS\system32\wxobecbj.dll
C:\WINDOWS\system32\xbefjq.dll
C:\WINDOWS\system32\xfcjkfyl.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bfltlv.dll
C:\WINDOWS\system32\cnipxj.dll
C:\WINDOWS\system32\erhtoiaf.dll
C:\WINDOWS\system32\gkajfrbt.dll
C:\WINDOWS\system32\hnwskbwg.dll
C:\WINDOWS\system32\jqoskxsw.dll
C:\WINDOWS\system32\jvbaug.dll
C:\WINDOWS\system32\mybrvivq.dll
C:\WINDOWS\system32\nhsunmpd.dll
C:\WINDOWS\system32\ofnqqdfk.dll
C:\WINDOWS\system32\rjhiygwe.dll
C:\WINDOWS\system32\rodpjqhe.dll
C:\WINDOWS\system32\surwuhot.dll
C:\WINDOWS\system32\tpctjuea.dll
C:\WINDOWS\system32\tyuppr.dll
C:\WINDOWS\system32\uoimzo.dll
C:\WINDOWS\system32\wawkeqjs.dll
C:\WINDOWS\system32\wxobecbj.dll
C:\WINDOWS\system32\xbefjq.dll
C:\WINDOWS\system32\xfcjkfyl.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))))))))
.

2008-07-18 11:57 . 2008-07-18 11:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-18 11:51 . 2008-07-18 11:51 <REP> d-------- C:\Documents and Settings\noulpette\Application Data\Malwarebytes
2008-07-18 11:51 . 2008-07-18 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 11:51 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-18 11:51 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 10:24 . 2008-07-18 10:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-18 10:22 . 2008-07-18 10:22 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-18 10:22 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-17 00:08 . 2008-07-17 00:08 38 --a------ C:\WINDOWS\avisplitter.INI
2008-07-15 23:46 . 2008-07-15 23:46 294 ---hs---- C:\WINDOWS\system32\sehwwqgw.ini
2008-07-15 17:33 . 2008-07-15 17:33 <REP> d-------- C:\VundoFix Backups
2008-07-15 16:51 . 2008-07-15 16:50 25,294,781 --a------ C:\WINDOWS\LPT$VPN.407
2008-07-15 16:50 . 2008-07-15 16:50 25,294,781 --a------ C:\WINDOWS\VPTNFILE.407
2008-07-15 16:49 . 2008-07-15 16:50 <REP> d-------- C:\WINDOWS\AU_Temp
2008-07-15 16:09 . 2008-07-15 16:09 294 ---hs---- C:\WINDOWS\system32\nftjfwwr.ini
2008-07-15 12:32 . 2008-07-15 01:54 2,613,152 --a------ C:\ComboFix.exe
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-15 00:42 . 2007-09-19 08:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-15 00:42 . 2007-07-04 01:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-15 00:42 . 2007-07-04 01:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-15 00:42 . 2008-07-18 13:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-15 00:42 . 2008-07-15 00:42 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-14 21:39 . 2008-07-14 21:39 314,672 --------- C:\WINDOWS\system32\xxyxWNEt.dll
2008-07-14 21:35 . 2008-07-14 21:35 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 14:50 91,744 -c--a-w C:\WINDOWS\BPMNT.dll
2008-07-15 14:50 71,749 -c--a-w C:\WINDOWS\hcextoutput.dll
2008-07-15 14:50 333,576 -c--a-w C:\WINDOWS\tsc.exe
2008-07-15 14:50 1,213,784 -c--a-w C:\WINDOWS\vsapi32.dll
2008-07-15 08:46 --------- d-----w C:\Documents and Settings\noulpette\Application Data\OpenOffice.org2
2008-06-22 09:43 --------- d-----w C:\Program Files\Java
2008-06-15 14:28 --------- d-----w C:\Program Files\Fichiers communs\BioWare
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"DAEMON Tools Pro Agent"="G:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17 1448448]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 23:04 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^noulpette^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\noulpette\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--------- 2007-05-10 22:46 624248 G:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 15:18 94208 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"G:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\eMule\\emule.exe"=
"G:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"G:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2003-12-24 12:43]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;G:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 21:54:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-18 21:55:56

Et voici celui de Hijackthis :

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:08, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\noulpette\Bureau\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - G:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - G:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "G:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Convertir en Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - G:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

jlpjlp · Answer

parfait!!!
vire combofix 
et virtuebeogone de ton ordi

_________
installe 

SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...


https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

___________


désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis redemarre ton ordi puis réactive la



______________

colle un rapport antivir pour verifier

si rien c'est bon!!!















pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français   ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version 
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) 

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

 https://forum.pcastuces.com/sujet.asp?f=25&s=35606 
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus  touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/

_____________

lolive · Answer

Merci beaucoup, c'est du tout bon !
Olivier

Pub intempestive et lenteur sur le net

10 réponses

Discussions similaires