bug\virus\system32 apparement touché(RESOLU) - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : bug\virus\system32 apparement touché(RESOLU)
 
nore-29
Profil : IDNaute
Plus d'informations
n°282061
17-02-2008 à 16:42:49

Bonjour
J’ai un ou plutôt plusieurs gros problèmes avec mon ordinateur, ça fait en gros une quinzaine de jours, je n’arrive pas à m’en sortir et ça commence à grandement m’inquiéter. Pitié venez à mon secours !! :(

Alors déjà tout commence au démarrage. En gros, mon ordinateur mets entre 15 et 20 minutes à démarrer (10 quand il est en forme). Quand il démarre, j’ai 2 fois ce message :
Important- Potential errors found in the system
During a scan of files at system startup potential errors in the system registry were found
p-07-0100irql :1fSYSVEROxff00024
KMODE_EXCEPTION_NOT_HANDLED
Après, j’ai un autre message (et celui-ci m’inquiète beaucoup) :
RUNDLL
Erreur de chargement de C:\WINDOWS\system32\omdhcbus.dll
Le module spécifié est introuvable.
Je ne sais pas si ça a une importance mais avant les lettres après « \system32\ » était différentes.
Ensuite, mon antivirus (antiviral) m’envoie un message :
A virus or unwanted program was found
C:\Documents and Settings\...\update.exe
The heuristic detected a suspicious file
Contain suspicious code HEUR/Malware
Quand j’avais avast (on m’a conseillé de changer pour antivir), lui aussi à chaque démarrage me trouver quelque chose, en l’occurrence un cheval de troie, le programme c’était Win32PurityScan.

Ensuite, quand je vais sur internet, j’ai des messages publicitaires intempestifs (non sollicités et indépendant de la navigation) qui s’affichent tout le temps. En plus, très régulièrement, j’ai pleins de fenêtres qui s’ouvrent les unes après les autres et je suis obligée d’éteindre mon ordi de force. Aussi, j’ai pleins de message publicitaires ou non de vrais/faux antivirus (je ne sais vraiment pas ce que c’est) qui me disent que je ne dois pas laisser la divulgation de mes informations privées gâcher ma vie, je dois donc télécharger ce programme pour supprimer les traces compromettantes (c’est bien mais je ne vais pas et je en suis jamais allée sur des sites qui pourrait compromettre quoique ce soit dans ma vie… :??: )

Apres sur mon ordinateur en lui-meme, il y a 17 000 petits fichiers qui ont des noms du genre pos1A0.tmp, pos1A0A.tmp qui sont apparus sur mon disque C. Et le même nombre de fichiers avec les mêmes noms sont également apparus dans Mes documents. Aussi, j’ai pleins de messages de sécurité bizarre du genre : « system warning. Windows performed illegal operation... » Et j’ai aussi un message qui fait complètement bugé mon ordinateur à chaque fois c’est :
Your system could become unstable
A potential problem has been detected and windows has been shut down buggy application to prevent damage to your computer
****WXYZ.SYS-AdressF73120AE-base at C00000, DateStamp36b072a3
Kernel Debugger Using : COM2(Port0x28f,Baud rate 19200)En gros, je dois souvent l’éteindre de force
Pour l’instant, depuis que ça a commencé, j’ai téléchargé :
-avast
-Ad-Aware
-Spybot
-Antivir (j’ai fais un scan en mode sans échec)
- AVG-Antispyware (j’ai également fais un scan en mode sans echec)
- hijackthis
-cleanUp
- et j’avais CCleaner sur mon ordi, je l’ai donc lancé
Rien ne marche...
Voila, c’est un long post mais je pense qu’il valait mieux tout décrire. Venez à mon aide svp !!!


Message édité par nore-29 le 17-02-2008 à 21:19:43
Liens

Angeldark
Profil : Helper
Plus d'informations
n°282072
17-02-2008 à 16:56:03

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
nore-29
Profil : IDNaute
Plus d'informations
n°282104
17-02-2008 à 18:06:41

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:10, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\?ystem32\?ttrib.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\omdhcbus.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Nphb] "C:\DOCUME~1\ANNELA~1\MESDOC~1\FNTS~1\mshta.exe" -vt ndrv
O4 - HKCU\..\Run: [Vzszy] "C:\Program Files\?ystem32\?ttrib.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE (file missing)
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 9682 bytes

Angeldark
Profil : Helper
Plus d'informations
n°282113
17-02-2008 à 18:22:06

Re,

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
nore-29
Profil : IDNaute
Plus d'informations
n°282136
17-02-2008 à 18:54:47

ComboFix 08-02-17.2 - Anne Laure 2008-02-18 17:42:13.1 - [color=red]FAT32[/color]x86
Endroit: C:\Documents and Settings\Anne Laure\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\tuvtqqo.dll
C:\WINDOWS\system32\vkpagfkh.dll
C:\Documents and Settings\Anne Laure\Application Data\Starware
C:\Documents and Settings\Anne Laure\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\Anne Laure\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Anne Laure\Mes documents\FNTS~1
C:\Documents and Settings\Anne Laure\Mes documents\FNTS~1\F?nts\
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ystem3~1
C:\Program Files\ystem3~1\?ttrib.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aalopayq.ini
C:\WINDOWS\system32\anyqtadu.ini
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\awtrppm.dll
C:\WINDOWS\system32\cxnluubc.ini
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ebpehneu.dll
C:\WINDOWS\system32\hpyvourv.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pkumavmr.dll
C:\WINDOWS\system32\qjklebqe.dll
C:\WINDOWS\system32\qtoohrtm.dll
C:\WINDOWS\system32\qyapolaa.dll
C:\WINDOWS\system32\rqywouxy.ini
C:\WINDOWS\system32\subchdmo.ini
C:\WINDOWS\system32\tuvtqqo.dll
C:\WINDOWS\system32\u1
C:\WINDOWS\system32\u1\hiba3133.exe
C:\WINDOWS\system32\udatqyna.dll
C:\WINDOWS\system32\uptsrulp.dll
C:\WINDOWS\system32\vkpagfkh.dll
C:\WINDOWS\system32\vkpagfkh.dllbox
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wyilhpgg.ini
C:\WINDOWS\system32\x8
C:\WINDOWS\system32\x8\liopud89104.exe
C:\WINDOWS\system32\xwptwfvf.dllbox
C:\WINDOWS\system32\yxuowyqr.dll
C:\WINDOWS\system32\z2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.

2008-02-18 17:04 . 2008-02-18 17:04 <REP> d-------- C:\Program Files\Trend Micro
2008-02-18 12:06 . 2008-02-18 12:06 <REP> d--hs---- C:\FOUND.008
2008-02-18 11:00 . 2008-02-18 11:00 <REP> d--hs---- C:\FOUND.007
2008-02-17 20:02 . 2008-02-17 20:02 <REP> d--hs---- C:\FOUND.006
2008-02-17 15:41 . 2008-02-17 15:41 <REP> d--hs---- C:\FOUND.005
2008-02-17 14:33 . 2008-02-17 14:33 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-17 14:26 . 2008-02-17 14:26 <REP> d-------- C:\Program Files\CleanUp!
2008-02-17 13:17 . 2008-02-17 13:17 <REP> d-------- C:\Documents and Settings\Anne Laure\Application Data\Grisoft
2008-02-17 13:16 . 2008-02-17 13:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 13:16 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-17 12:50 . 2008-02-17 12:50 <REP> d--hs---- C:\FOUND.004
2008-02-17 12:23 . 2008-02-17 12:23 <REP> d--hs---- C:\FOUND.003
2008-02-16 23:00 . 2008-02-16 23:00 <REP> d--hs---- C:\FOUND.002
2008-02-16 18:03 . 2008-02-16 18:03 <REP> d--hs---- C:\FOUND.001
2008-02-16 14:06 . 2008-02-16 14:06 <REP> d--hs---- C:\FOUND.000
2008-02-14 18:12 . 2008-02-14 18:12 <REP> d-------- C:\Program Files\Avira
2008-02-14 18:12 . 2008-02-14 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-14 00:12 . 2008-02-14 00:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-02-11 17:30 . 2008-02-11 17:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-11 17:27 . 2008-02-11 17:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 17:27 . 2008-02-11 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 16:14 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-11 16:14 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-11 16:14 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-11 16:13 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-11 16:13 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-11 16:13 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-11 16:13 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-11 16:13 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-11 16:13 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-11 16:03 . 2008-02-11 16:03 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-09 19:51 . 2008-02-09 19:51 <REP> d-------- C:\Program Files\Lavasoft
2008-02-09 19:51 . 2008-02-09 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 19:50 . 2008-02-09 19:50 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-08 19:31 . 2008-02-08 19:31 <REP> d-------- C:\Program Files\Alwil Software
2008-02-08 18:34 . 2008-02-08 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-08 18:33 . 2008-02-08 18:33 <REP> d--hs---- C:\WINDOWS\QW5uZSBMYXVyZQ
2008-02-08 18:33 . 2008-02-08 18:33 <REP> d-------- C:\Program Files\RABCO
2008-02-08 18:32 . 2008-02-08 18:32 <REP> d-------- C:\Temp
2008-02-08 18:21 . 2008-02-08 18:21 <REP> d-------- C:\Documents and Settings\Anne Laure\Application Data\vlc
2008-02-08 18:20 . 2008-02-08 18:20 <REP> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-15 00:41 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:08 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-03-12 12:40 56,832 ----a-w C:\Program Files\VN-Stagiaire evaluation-jan2007.doc
2006-12-07 11:08 3,633,152 ----a-w C:\Program Files\oral gwen.doc
2006-12-07 11:07 3,633,152 ----a-w C:\Program Files\oral.doc
2006-12-07 09:47 162 ---ha-w C:\Program Files\~$ssier complet sur loreiller.doc
2006-12-07 09:45 556,544 ----a-w C:\Program Files\dossier complet sur loreiller.doc
2006-12-06 14:08 548,352 ----a-w C:\Program Files\sommeil.doc
2006-11-28 18:20 229,376 ----a-w C:\Program Files\LE SOMMEIL.doc
2006-11-28 17:39 162 ---ha-w C:\Program Files\~$ommeil.doc
2006-03-13 11:37 97,280 ----a-w C:\Program Files\traductionAuckland gwen.doc
2006-02-15 08:25 449,536 ----a-w C:\Program Files\UNPEUDENTRAIN.PPS
2006-01-11 18:46 190,048 ----a-w C:\Program Files\Morpheus.exe
2006-01-11 18:29 4,622,658 ----a-w C:\Program Files\eMule0.46c_Installer.exe
2005-12-14 11:11 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger7.5.EXE
2005-12-05 16:56 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176199C8-5E57-0DF0-0267-5F00BACED8CB}]
C:\WINDOWS\system32\lanvjvo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAB974B0-CE9F-4A59-87C1-A21E2447EB81}]
2008-02-08 02:07 217088 --a------ C:\Program Files\MSN Gaming Zone\jinybole89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"Nphb"="C:\DOCUME~1\ANNELA~1\MESDOC~1\FNTS~1\mshta.exe" [ ]
"Vzszy"="C:\Program Files\?ystem32\?ttrib.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 05:00 144384]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 10:31 77824]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"320d18a1"="C:\WINDOWS\system32\omdhcbus.dll" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xwptwfvf]
xwptwfvf.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anne Laure^Menu Démarrer^Programmes^Démarrage^Morpheus.lnk]
path=C:\Documents and Settings\Anne Laure\Menu Démarrer\Programmes\Démarrage\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Anne Laure^Menu Démarrer^Programmes^Démarrage^StarOffice 7.lnk]
path=C:\Documents and Settings\Anne Laure\Menu Démarrer\Programmes\Démarrage\StarOffice 7.lnk
backup=C:\WINDOWS\pss\StarOffice 7.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe]
C:\Program Files\Error Safe Free\ers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2003-02-19 05:01 110672 C:\Program Files\Securitoo\av_fw\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2006-05-16 17:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-14 10:31 77824 C:\Program Files\QuickTime\qttask.exe

R0 FSDFW;F-Secure Distributed Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2003-09-24 13:41]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [2006-08-24 17:26]
S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys []
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys []
S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys []
S2 FSpm;F-Secure Policy Manager;C:\Program Files\Securitoo\av_fw\Common\FSPM.SYS []
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
S3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 08:48]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 17:51:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-18 17:53:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 16:53:04
.
2008-02-14 16:29:18 --- E O F ---

Angeldark
Profil : Helper
Plus d'informations
n°282146
17-02-2008 à 19:06:42

Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\Program Files\MSN Gaming Zone\jinybole89104.dll
C:\WINDOWS\system32\omdhcbus.dll

Folder::
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000
C:\WINDOWS\QW5uZSBMYXVyZQ

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176199C8-5E57-0DF0-0267-5F00BACED8CB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAB974B0-CE9F-4A59-87C1-A21E2447EB81}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nphb"=-
"Vzszy"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"320d18a1"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xwptwfvf]



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
nore-29
Profil : IDNaute
Plus d'informations
n°282180
17-02-2008 à 19:44:20

voici le rapport combofix, je fais toute suite celui hijackthis


ComboFix 08-02-17.2 - Anne Laure 2008-02-18 18:38:31.3 - [color=red]FAT32[/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.132 [GMT 1:00]
Endroit: C:\Documents and Settings\Anne Laure\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Anne Laure\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\Program Files\MSN Gaming Zone\jinybole89104.dll
C:\WINDOWS\system32\omdhcbus.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.

2008-02-18 17:04 . 2008-02-18 17:04 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 14:33 . 2008-02-17 14:33 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-17 13:17 . 2008-02-17 13:17 <REP> d-------- C:\Documents and Settings\Anne Laure\Application Data\Grisoft
2008-02-17 13:16 . 2008-02-17 13:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 13:16 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-14 18:12 . 2008-02-14 18:12 <REP> d-------- C:\Program Files\Avira
2008-02-14 18:12 . 2008-02-14 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-14 00:12 . 2008-02-14 00:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-02-11 17:30 . 2008-02-11 17:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-11 17:27 . 2008-02-11 17:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-11 17:27 . 2008-02-11 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 16:14 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-11 16:14 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-11 16:14 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-11 16:13 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-11 16:13 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-11 16:13 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-11 16:13 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-11 16:13 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-11 16:13 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-11 16:03 . 2008-02-11 16:03 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-09 19:51 . 2008-02-09 19:51 <REP> d-------- C:\Program Files\Lavasoft
2008-02-09 19:51 . 2008-02-09 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-08 19:31 . 2008-02-08 19:31 <REP> d-------- C:\Program Files\Alwil Software
2008-02-08 18:34 . 2008-02-08 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-08 18:33 . 2008-02-08 18:33 <REP> d-------- C:\Program Files\RABCO
2008-02-08 18:32 . 2008-02-08 18:32 <REP> d-------- C:\Temp
2008-02-08 18:21 . 2008-02-08 18:21 <REP> d-------- C:\Documents and Settings\Anne Laure\Application Data\vlc
2008-02-08 18:20 . 2008-02-08 18:20 <REP> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-15 00:41 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-08 05:08 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-03-12 12:40 56,832 ----a-w C:\Program Files\VN-Stagiaire evaluation-jan2007.doc
2006-12-07 11:08 3,633,152 ----a-w C:\Program Files\oral gwen.doc
2006-12-07 11:07 3,633,152 ----a-w C:\Program Files\oral.doc
2006-12-07 09:47 162 ---ha-w C:\Program Files\~$ssier complet sur loreiller.doc
2006-12-07 09:45 556,544 ----a-w C:\Program Files\dossier complet sur loreiller.doc
2006-12-06 14:08 548,352 ----a-w C:\Program Files\sommeil.doc
2006-11-28 18:20 229,376 ----a-w C:\Program Files\LE SOMMEIL.doc
2006-11-28 17:39 162 ---ha-w C:\Program Files\~$ommeil.doc
2006-03-13 11:37 97,280 ----a-w C:\Program Files\traductionAuckland gwen.doc
2006-02-15 08:25 449,536 ----a-w C:\Program Files\UNPEUDENTRAIN.PPS
2006-01-11 18:46 190,048 ----a-w C:\Program Files\Morpheus.exe
2006-01-11 18:29 4,622,658 ----a-w C:\Program Files\eMule0.46c_Installer.exe
2005-12-14 11:11 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger7.5.EXE
2005-12-05 16:56 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 05:00 144384]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 10:31 77824]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

C:\Documents and Settings\Anne Laure\Menu D‚marrer\Programmes\D‚marrage\
RABCO - Auto Update.lnk - C:\Program Files\RABCO\RABCOse.exe [2008-02-08 18:32:50 183216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-07 20:41:38 331776]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anne Laure^Menu Démarrer^Programmes^Démarrage^Morpheus.lnk]
path=C:\Documents and Settings\Anne Laure\Menu Démarrer\Programmes\Démarrage\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Anne Laure^Menu Démarrer^Programmes^Démarrage^StarOffice 7.lnk]
path=C:\Documents and Settings\Anne Laure\Menu Démarrer\Programmes\Démarrage\StarOffice 7.lnk
backup=C:\WINDOWS\pss\StarOffice 7.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe]
C:\Program Files\Error Safe Free\ers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
--a------ 2003-02-19 05:01 110672 C:\Program Files\Securitoo\av_fw\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2006-05-16 17:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-14 10:31 77824 C:\Program Files\QuickTime\qttask.exe

R0 FSDFW;F-Secure Distributed Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2003-09-24 13:41]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [2006-08-24 17:26]
R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys []
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys []
S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys []
S2 FSpm;F-Secure Policy Manager;C:\Program Files\Securitoo\av_fw\Common\FSPM.SYS []
S3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-20 08:48]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:40:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-18 18:41:09
ComboFix-quarantined-files.txt 2008-02-18 17:41:06
ComboFix3.txt 2008-02-18 16:53:10
ComboFix2.txt 2008-02-18 17:19:58
.
2008-02-14 16:29:18 --- E O F ---

nore-29
Profil : IDNaute
Plus d'informations
n°282182
17-02-2008 à 19:46:15

voici le rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:51, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies I