Sujet Précédent Sujet Suivant

Infection win32/sality.y. Que faire?

blackmagic -  
 madmec -
Bonjour,

Mon pc est infecté par ce virus win32/sality.y , je pense. Que faire?
Symptomes:
Gestionnaire de taches et regedit desactivés
Impossible d'acceder au mode sans echec
Accès impossible aux sites antivirus en ligne
Lancement de certains antivirus bloqués
Les programmes se figent régulièrement, je ne peux plus cliquer nulle part.... pour continuer je dois faire Ctrl*alt*supr, là m'apparait le message disant que le gestionnaire est desactivé, je clique ok.... et ça repart!

Une idée de la marche à suivre?
Merci d'avance

32 réponses

Précédent
  • 1
  • 2
Réponse 21 / 32
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
arf

telecharge GMER dezippe l'archive sur ton bureau, lance GMER un scan rapide va ce faire n'entient pas compte, selectionne TOUT tes disques en bas a droite C et D puis clic sur scann un tas de lignes vas apparaitre cela peut durer un moment à la FIN tu clic droit sur les lignes ROUGES et choisit Delete mais avant tu copie colle les lignes rouges ici stp

GMER
0
Réponse 22 / 32
blackmagic
 
une seule ligne rouge
Service system32\drivers\pvpewmqq.dat (***hidden***) [Boot]xvrordql
0
Réponse 23 / 32
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
ok tu as bien clic droit et delecte service
0
Réponse 24 / 32
blackmagic
 
Mais il me dit error 0xC000010 Service "xvordql was not deleted
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 32
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
ok dans ce cas tu clic droit dessus tu met Kill process et ensuite tu met delete service puis delete file

dit moi si sa marche
0
Réponse 26 / 32
blackmagic
 
Non access denied
0
Réponse 27 / 32
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
desactive ton antivirus

Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
• Double-clique sur OTMoveIt3.exe afin de le lancer.
• Copie/colle le texte suivant dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit :

:processes
explorer.exe

:files
C:\system32\drivers\pvpewmqq.dat

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

• Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 28 / 32
blackmagic
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\system32\drivers\pvpewmqq.dat not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Fred\CONFIG~1\Temp\etilqs_LZSf2yEnsgob4n6KsL5k scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fred\CONFIG~1\Temp\qroyx.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\BCC5BF85d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03032009_192819

Files moved on Reboot...
File C:\DOCUME~1\Fred\CONFIG~1\Temp\etilqs_LZSf2yEnsgob4n6KsL5k not found!
File C:\DOCUME~1\Fred\CONFIG~1\Temp\qroyx.exe not found!
File C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\BCC5BF85d01 not found!
C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Fred\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\XUL.mfl moved successfully.
0
Réponse 29 / 32
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
bon,

va dans demarrer puis executer et copie colle sa

combofix /u puis entrée et accepte ce la va desinstallé combofix

ensuite REtelechare combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

desactive ton antivirus lance le et ne touche + a rien et poste le rapport stp
0
Réponse 30 / 32
blackmagic
 
Voilà:

ComboFix 09-03-02.03 - Fred 2009-03-03 20.59.14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.509.144 [GMT 1:00]
Running from: c:\documents and settings\Fred\Escritorio\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-03 17:12 . 2009-03-03 19:31 250 --a------ c:\windows\gmer.ini
2009-03-03 16:29 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-03-03 15:27 . 2009-03-03 15:27 <DIR> d-------- C:\rsit
2009-03-03 00:12 . 2004-08-19 15:43 20,992 --a------ c:\windows\system32\dshowext.ax
2009-03-03 00:12 . 2004-08-19 15:43 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2009-03-02 21:23 . 2009-03-02 21:23 <DIR> d-------- c:\documents and settings\Fred\Datos de programa\Malwarebytes
2009-03-02 21:23 . 2009-03-02 21:23 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-03-02 21:23 . 2009-03-02 21:23 <DIR> d-------- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-03-02 21:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 21:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-02 20:38 . 2009-03-02 20:38 <DIR> d-------- C:\_OTMoveIt
2009-03-02 19:44 . 2009-03-03 16:34 <DIR> d-------- c:\documents and settings\Fred\Datos de programa\OnlineArmor
2009-03-02 19:44 . 2009-03-02 19:44 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\OnlineArmor
2009-03-02 19:43 . 2009-03-02 19:43 <DIR> d-------- C:\OnlineArmor
2009-03-02 19:43 . 2009-03-02 19:43 <DIR> d-------- c:\archivos de programa\Tall Emu
2009-03-02 19:43 . 2008-12-13 02:26 178,376 --a------ c:\windows\system32\drivers\OADriver.sys
2009-03-02 19:43 . 2008-12-13 02:26 30,920 --a------ c:\windows\system32\drivers\OAmon.sys
2009-03-02 19:43 . 2008-12-13 02:26 28,872 --a------ c:\windows\system32\drivers\OAnet.sys
2009-03-02 19:34 . 2009-03-02 19:34 <DIR> d-------- c:\archivos de programa\Trend Micro
2009-03-01 20:29 . 2009-02-05 18:29 3,715,072 --a------ c:\windows\system32\cdintf300.dll
2009-03-01 20:28 . 2009-03-01 20:28 <DIR> d-------- c:\archivos de programa\EBP
2009-03-01 20:28 . 2009-03-01 20:28 <DIR> d-------- c:\archivos de programa\Archivos comunes\EBP
2009-03-01 20:27 . 2009-03-01 20:29 <DIR> d--h----- c:\documents and settings\All Users\Datos de programa\{0F401E17-8B8B-429B-ADBC-CE966BA32752}
2009-02-11 01:13 . 2009-02-11 01:13 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-10 12:33 . 2009-02-10 12:33 7,680 --ahs---- c:\windows\Thumbs.db
2009-02-10 12:33 . 2009-02-10 12:33 6,144 --ahs---- C:\Thumbs.db
2009-02-10 11:35 . 2009-02-16 10:07 <DIR> d-------- c:\archivos de programa\iLinc
2009-02-06 20:28 . 2009-02-06 20:28 4,410,054 --a------ C:\Dibujo.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 18:41 --------- d-----w c:\documents and settings\Fred\Datos de programa\Xfire
2009-03-02 18:50 --------- d-----w c:\documents and settings\Fred\Datos de programa\FileZilla
2009-03-01 19:30 --------- d-----w c:\documents and settings\Fred\Datos de programa\EBP
2009-03-01 19:30 --------- d-----w c:\documents and settings\All Users\Datos de programa\EBP
2009-02-23 12:22 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-15 14:33 --------- d-----w c:\archivos de programa\Xfire
2009-02-12 00:00 --------- d-----w c:\documents and settings\All Users\Datos de programa\Microsoft Help
2009-02-07 19:23 --------- d-----w c:\archivos de programa\Lx_cats
2009-02-07 19:19 --------- d-----w c:\documents and settings\Fred\Datos de programa\Azureus
2009-01-13 16:14 --------- d-----w c:\archivos de programa\Webserver Stress Tool 7
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\SET9C.tmp
2008-07-11 14:31 27,976 ----a-w c:\archivos de programa\mozilla firefox\plugins\atgpcdec.dll
2008-07-11 14:31 125,848 ----a-w c:\archivos de programa\mozilla firefox\plugins\atgpcext.dll
2008-07-11 14:32 46,408 ----a-w c:\archivos de programa\mozilla firefox\plugins\atmccli.dll
2008-07-11 14:32 98,712 ----a-w c:\archivos de programa\mozilla firefox\plugins\ieatgpc.dll
2003-08-13 15:31 32 --sha-w c:\windows\{631885D3-74E3-447A-A16A-900AC97C4CDB}.dat
2003-08-13 15:32 32 --sha-w c:\windows\{81185771-2BA5-4135-8670-6B3795441A38}.dat
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
2003-08-13 15:31 32 --sha-w c:\windows\system32\{49C1EA5A-C7CE-4EE6-A065-9EF8929462AD}.dat
2003-08-13 15:32 32 --sha-w c:\windows\system32\{C5022D85-BA7D-4235-AE39-C717E6E6140E}.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-02_20.22.12.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 16:12:23 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2009-03-03 16:12:23 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2002-09-10 12:00:00 23,424 ----a-w c:\windows\system32\drivers\jvpombdy.sys
+ 2002-09-10 12:00:00 23,424 ----a-w c:\windows\system32\drivers\xvrordql.sys
- 2008-12-02 13:24:48 1,627,888 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-03 15:34:03 1,627,888 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-19 13:43:08 33,280 ----a-w c:\windows\system32\rundll32.exe
+ 2004-08-19 13:43:08 107,008 ----a-w c:\windows\system32\rundll32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2382A63-7F85-4DA4-A23B-166D795B2877}]
2008-11-25 10:30 121600 --a------ c:\windows\system32\cmpropsq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5797912]
"Picasa Media Detector"="c:\archivos de programa\Picasa2\PicasaMediaDetector.exe" [2008-08-21 513600]
"Google Update"="c:\documents and settings\Fred\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2008-09-06 210928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\archivos de programa\Apoint\Apoint.exe" [2003-06-13 192512]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4612096]
"HKSERV.EXE"="c:\archivos de programa\Sony\HotKey Utility\HKserv.exe" [2003-06-26 167936]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 118784]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 214416]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-02-24 73728]
"!AVG Anti-Spyware"="c:\archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6800944]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2008-03-28 491520]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]
"@OnlineArmor GUI"="c:\archivos de programa\Tall Emu\Online Armor\oaui.exe" [2008-12-13 6223048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Fred\Men£ Inicio\Programas\Inicio\
Xfire.lnk - c:\archivos de programa\Xfire\xfire.exe [2009-02-11 3082064]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
PowerPanel.lnk - c:\archivos de programa\powerpanel\Program\PcfMgr.exe [2003-08-13 954368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\archiv~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-12-13 886984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^IEEE 802.11g Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\IEEE 802.11g Wireless LAN Utility.lnk
backup=c:\windows\pss\IEEE 802.11g Wireless LAN Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6800944 c:\archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2005-08-01 07:05 167936 c:\archivos de programa\Lexmark 7300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcimon.exe]
--a------ 2005-09-30 09:48 274432 c:\archivos de programa\Lexmark 7300 Series\lxcimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5797912 c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-21 02:18 513600 c:\archivos de programa\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 491520 c:\archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
--a------ 2003-03-26 17:19 118784 c:\archivos de programa\SigmaTel\C-Major Audio\stacmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 15:46 45056 c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"EBP Pervasive.SQL"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\Azureus\\Azureus.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"=
"c:\\xd\\msnn.exe.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\Conference\\Conference.dll"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\PlaceCam\\PlaceCam.exe"=
"c:\\Documents and Settings\\Fred\\Mis documentos\\telechargements\\Setup\\SetupWizard.exe"=
"c:\\Archivos de programa\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"c:\\Archivos de programa\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\Fred\\Mis documentos\\FPD\\visio.exe"=
"c:\\Documents and Settings\\Fred\\Mis documentos\\FPD\\visio_server.exe"=
"c:\\Archivos de programa\\America's Army\\System\\ArmyOps.exe"=
"c:\\Archivos de programa\\Enemy Territory\\ET.exe"=
"c:\\Documents and Settings\\Fred\\Mis documentos\\FPD\\visio_client.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"= c:\\Archivos de programa\\Windows Live\\Messenger\\MsnMsgr.Exe
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"c:\\FPDCEFOIM\\visio.exe"=
"c:\\Documents and Settings\\Fred\\Escritorio\\PDFEdit.exe"=
"c:\\Documents and Settings\\Fred\\Mis documentos\\telechargements\\visio.exe"=
"c:\\Documents and Settings\\Fred\\Mis documentos\\telechargements\\visio(2).exe"=
"c:\\Documents and Settings\\Fred\\Escritorio\\visio.exe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_02\\bin\\jusched.exe"=
"c:\\Archivos de programa\\powerpanel\\Program\\PcfMgr.exe"=
"c:\\Documents and Settings\\Fred\\Configuración local\\Datos de programa\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Archivos de programa\\Apoint\\Apoint.exe"=
"c:\\Archivos de programa\\Picasa2\\PicasaMediaDetector.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\Archivos de programa\\Sony\\HotKey Utility\\HKserv.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\Archivos de programa\\Apoint\\Apntex.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_02\\bin\\jucheck.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\System32\\ezSP_Px.exe"=
"c:\\Archivos de programa\\Sony\\HotKey Utility\\HKWnd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5600:UDP"= 5600:UDP:*:Disabled:PlaceCam Port
"3478:UDP"= 3478:UDP:*:Disabled:PlaceCam Stun Port
"3479:UDP"= 3479:UDP:*:Disabled:PlaceCam Stun Port

R0 xvrordql;xvrordql;c:\windows\system32\drivers\xvrordql.sys [2003-08-13 23424]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-03-02 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-03-02 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-03-02 28872]
R2 OAcat;Online Armor Helper Service;c:\archivos de programa\Tall Emu\Online Armor\oacat.exe [2009-03-02 1402568]
R2 SvcOnlineArmor;Online Armor;c:\archivos de programa\Tall Emu\Online Armor\oasrv.exe [2009-03-02 3321032]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\llligk.sys --> c:\windows\system32\drivers\llligk.sys [?]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-07-12 31896]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [2003-08-13 156288]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2002-10-30 71961]
S2 aawserviceNVSvc;Ad-Aware 2007 Service aawserviceNVSvc;ð%€|x srv --> ð%€|x srv [?]
S2 EventSystemNla;Sistema de sucesos COM+ EventSystemNla;ð%€|x srv --> ð%€|x srv [?]
S2 FastUserSwitchingCompatibilitywuauserv;Compatibilidad de cambio rápido de usuario FastUserSwitchingCompatibilitywuauserv;ð%€|x srv --> ð%€|x srv [?]
S2 RasManLmHosts;Administrador de conexión de acceso remoto RasManLmHosts;ð%€|x srv --> ð%€|x srv [?]
S2 RasManodserv;Administrador de conexión de acceso remoto RasManodserv;ð%€|x srv --> ð%€|x srv [?]
S2 VSSNVSvc;Instantáneas de volumen VSSNVSvc;ð%€|x srv --> ð%€|x srv [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\archivos de programa\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
S3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2003-08-13 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2003-08-13 7520]
S3 WLAN_DCB;IEEE 802.11g Wireless LAN CardBus Driver;c:\windows\system32\drivers\WLANDCB.sys [2007-09-10 56416]
S4 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [2006-12-07 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7028573a-78b7-11dc-9b80-080046b2c7e5}]
\ShEll\auTOplAY\COmMand - E:\ikyejn.exe
\ShEll\AutoRun\command - E:\ikyejn.exe
\ShEll\ExploRE\cOMMANd - E:\ikyejn.exe
\ShEll\open\ComManD - E:\ikyejn.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-03-14 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1194468960.job
- c:\archivos de programa\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]

2009-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2763177607-299837642-3644029127-1005.job
- c:\documents and settings\Fred\Configuraci []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &Search - ?p=ZNfox000
IE: E&xporter vers Microsoft Excel - c:\archiv~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: {6F65E989-FAC2-4202-A7DE-94A7DB3779D0} = 80.58.0.33,80.58.32.97
TCP: {DE4CA5EB-0BE9-456F-8A32-390BF6516B54} = 80.58.61.254,80.58.61.250
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {E901098E-6B97-485A-B712-9908683F5E9E} - hxxp://www.instantpresenter.com/components/CosNetWebConference.cab
FF - ProfilePath - c:\documents and settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\NPCltInstall.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\archivos de programa\Picasa2\npPicasa2.dll
FF - plugin: c:\documents and settings\All Users\Datos de programa\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Fred\Datos de programa\Mozilla\Firefox\Profiles\w8j9wo5j.default\extensions\DimdimPublisher@dimdim.com\plugins\npDimdimControl.dll

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.orange.es http://web.orange.es
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 21:04:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aawserviceNVSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystemNla]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\archivos de programa\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilitywuauserv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasManLmHosts]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasManodserv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSNVSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
.
Completion time: 2009-03-03 21.10.09
ComboFix-quarantined-files.txt 2009-03-03 20:09:57
ComboFix2.txt 2009-03-02 19:25:26

Pre-Run: 6.999.879.680 bytes libres
Post-Run: 6,932,033,536 bytes libres

304 --- E O F --- 2009-02-25 21:52:20
0
Réponse 31 / 32
larsene57 Messages postés 424 Statut Membre 31
 
je c'est qu'avira antivir peut le supprimer ;
http://www.avira.com/fr/threats/section/fulldetails/id_vir/4479/w32_sality.y.html

pour le téléchargez ; (en français)
http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal

après l'avoir installer, fais "exécuter", tape "msconfig" et met "démarrage en mode sans échec" dans l'onglet "démarrer" puis fais une analyse avira antivir. j'espère que ton problèmes est résolus.
0
Réponse 32 / 32
madmec
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:46, on 14/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Update\Download\{C9F3DE28-B405-4822-9E86-A77D98835C54}\chrome_updater.exe
C:\WINDOWS\Temp\CR_1C.tmp\setup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/?mkt=en-us&fdr=lc&toHttps=1&redig=E594EAA1B2B6456AB8E96DE14DB15E57
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (file missing)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Software Generic Host Process for Win32 Services (SVCHOST) - Unknown owner - C:\WINDOWS\System\svchost.exe (file missing)
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses