A l'aide svp!!!! : warning dangerous spyware

drash -  
 drash -
Bonjour,
J'ai vraiment besoin de votre aide, et je sais qu'ici il y a les personne compétente pour ca.
Voila mon problème en fait je suis infecté par un spyware qui a changé mon wallpaper par un écran noir avec le message suivant: Warning dangerous spyware.
Je sais que ce problème a déjà été résolu pour d'autre personne mais d'après ce que j'ai compris le problème est personnalisé.
Donc a l'aide lol et merci d'avance a ceux qui preteront attention a mon problème.
Configuration: Windows XP
Firefox 3.0.10

54 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par un spyware sous Windows XP a modifié le wallpaper et affiché un message d’alerte, posant une problématique personnalisée nécessitant des outils et des stratégies de nettoyage. Plusieurs réponses proposent des solutions techniques et des outils dédiés comme OTMoveIt3, RSIT et HijackThis pour détecter, supprimer les fichiers indésirables et nettoyer les traces. Des guides détaillent des procédures pas à pas, incluant le redémarrage en mode sécurité, l’analyse des fichiers suspects, le déplacement de logs et le relancement des programmes, certains passages évoquant aussi des scans avec Avast. En pratique, les rapports techniques montrent des éléments déplacés ou supprimés, des DLL et des entrées de démarrage modifiées, et des logs détaillant les actions des outils utilisés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. V-X
     
    Salut,

    ▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

    ▶ Double clique sur RSIT.exe pour lancer l'outil.

    ▶ Clique sur ' continue ' à l'écran Disclaimer.

    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
    ( log.txt & info.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  2. drash
     
    Wow rapide la réponse merci je vais faire ca de suite
    0
  3. drash
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-05-01 02:49:06
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 83 GB (43%) free of 194 GB
    Total RAM: 1023 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:49:16, on 01/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\trend micro\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {351f7e1a-9a71-4ebf-b98f-319e3dce789e} - C:\WINDOWS\system32\gosofuwu.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: C:\WINDOWS\system32\yhs783ijfo3fe.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: c:\windows\system32\nowelafo.dll,C:\WINDOWS\system32\sabobosu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nowelafo.dll (file missing)
    O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  4. drash
     
    info.txt logfile of random's system information tool 1.06 2009-05-01 02:49:21

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
    C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
    Cross Fire En-->"C:\Program Files\Subagames\CrossFire\unins000.exe"
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    K-Lite Mega Codec Pack 4.6.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly
    LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
    Lock Folder XP 3.6-->"C:\Program Files\Everstrike Software\Lock Folder XP 3.6\Uninstall.exe" "C:\Program Files\Fichiers communs\Everstrike Software\Lock Folder XP 3.6\install.log"
    Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
    Magic Swf2Gif 1.35-->"C:\Program Files\Magic Swf2Gif\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
    Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

    ======Security center information======

    AV: avast! antivirus 4.8.1335 [VPS 090430-0]

    ======System event log======

    Computer Name: TITI
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

    Record Number: 1839
    Source Name: Service Control Manager
    Time Written: 20090401130117.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: TITI
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

    Record Number: 1838
    Source Name: Service Control Manager
    Time Written: 20090401130117.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: TITI
    Event Code: 7036
    Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

    Record Number: 1837
    Source Name: Service Control Manager
    Time Written: 20090401130117.000000+120
    Event Type: Informations
    User:

    Computer Name: TITI
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

    Record Number: 1836
    Source Name: Service Control Manager
    Time Written: 20090401130116.000000+120
    Event Type: Informations
    User: TITI\Administrateur

    Computer Name: TITI
    Event Code: 7036
    Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

    Record Number: 1835
    Source Name: Service Control Manager
    Time Written: 20090401130116.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: TITI
    Event Code: 1000
    Message: Application défaillante wmplayer.exe, version 10.0.0.3802, module défaillant ffdshow.ax, version 1.0.5.2471, adresse de défaillance 0x00168192.

    Record Number: 1497
    Source Name: Application Error
    Time Written: 20090421154301.000000+120
    Event Type: erreur
    User:

    Computer Name: TITI
    Event Code: 4097
    Message: L'application, C:\Program Files\Windows Media Player\wmplayer.exe, a généré une erreur d'application
    L'erreur s'est produite le 04/21/2009 à 15:42:58.890
    L'exception générée était c0000005 à l'adresse 01D88192 (ffdshow!configureEnc)

    Record Number: 1496
    Source Name: DrWatson
    Time Written: 20090421154259.000000+120
    Event Type: Informations
    User:

    Computer Name: TITI
    Event Code: 1000
    Message: Application défaillante wmplayer.exe, version 10.0.0.3802, module défaillant ffdshow.ax, version 1.0.5.2471, adresse de défaillance 0x00168192.

    Record Number: 1495
    Source Name: Application Error
    Time Written: 20090421154256.000000+120
    Event Type: erreur
    User:

    Computer Name: TITI
    Event Code: 0
    Message:
    Record Number: 1494
    Source Name: gusvc
    Time Written: 20090421154130.000000+120
    Event Type: Informations
    User:

    Computer Name: TITI
    Event Code: 302
    Message: MsnMsgr (616) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\drash1987@hotmail.com\SharingMetadata\Working\database_F09C_B8E9_9CB8_AC0A\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

    Record Number: 1493
    Source Name: ESENT
    Time Written: 20090421153327.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION"=0209
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO

    -----------------EOF-----------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. drash
     
    Voila les 2 rapports j'espere que c'est pas trop grave lol
    0
  7. V-X
     
    Re,

    Sa va aller ;)

    Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    Mets le à jour

    ▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

    ▶ Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait

    ▶ clique sur Rechercher

    ▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    Tutoriel pour MalwareByte's

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  8. drash
     
    ok ok j'fais ca tout de suite et encore une merci de prendre le temps de maider tu me sauve la vie lOL
    0
  9. drash
     
    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2062
    Windows 5.1.2600 Service Pack 2

    01/05/2009 03:02:29
    mbam-log-2009-05-01 (03-02-29).txt

    Type de recherche: Examen rapide
    Eléments examinés: 73363
    Temps écoulé: 4 minute(s), 43 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 10
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 8
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{351f7e1a-9a71-4ebf-b98f-319e3dce789e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{351f7e1a-9a71-4ebf-b98f-319e3dce789e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\Administrateur\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ovfstheyqwveypdhouuofhqvohwwdvfpvenxyu.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ovfsthoxlxtchfrcoffqoxietyfboesymrdrhf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lmppcsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\prnet.tmp-up.txt (Malware.Trace) -> Quarantined and deleted successfully.
    0
  10. V-X
     
    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

    /!\Désactive temporairement toute protection résidente /!\ (Antivirus, antispywares..)
    Double clique sur ComboFix.exe.
    Accepte la licence en cliquant sur Oui.
    Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
    Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide :Comment utiliser ComboFix.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  11. drash
     
    ComboFix 09-04-30.05 - Administrateur 01/05/2009 3:11.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.557 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090430-0] *On-access scanning disabled* (Updated)
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrateur\Application Data\wiaserva.log
    c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\fbk.sts
    c:\windows\system32\test.ttt
    c:\windows\system32\uniq.tll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-01 00:55 . 2009-05-01 00:55 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2009-05-01 00:55 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-01 00:55 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-01 00:55 . 2009-05-01 00:55 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-01 00:55 . 2009-05-01 00:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-01 00:49 . 2009-05-01 00:49 -------- d-----w c:\program files\trend micro
    2009-05-01 00:49 . 2009-05-01 00:49 -------- d-----w C:\rsit
    2009-04-30 22:16 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
    2009-04-30 22:16 . 2009-04-30 22:16 -------- d-----w c:\program files\Alwil Software
    2009-04-30 18:54 . 2009-04-30 18:54 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
    2009-04-30 18:18 . 2009-04-30 18:18 -------- d-sh--w c:\documents and settings\Administrateur\Local Settings\Application Data\.#
    2009-04-29 10:17 . 2009-04-29 10:17 -------- d-----w C:\CFLog
    2009-04-29 10:16 . 2005-01-01 00:43 4682 ----a-w c:\windows\system32\npptNT2.sys
    2009-04-29 10:16 . 2009-04-29 10:16 -------- d-----w c:\program files\Common Files
    2009-04-29 10:10 . 2009-04-29 10:10 -------- d-----w c:\program files\Subagames
    2009-04-29 10:00 . 2009-04-29 10:25 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\PMB Files
    2009-04-29 10:00 . 2009-04-29 10:10 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
    2009-04-29 09:59 . 2009-04-29 09:59 -------- d-----w c:\program files\Pando Networks
    2009-04-28 18:00 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll
    2009-04-28 18:00 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll
    2009-04-28 18:00 . 2009-04-28 18:48 -------- d-----w c:\program files\Cheat Engine
    2009-04-28 10:58 . 2009-04-28 10:58 -------- d-----w c:\program files\Magic Swf2Gif
    2009-04-27 11:22 . 2009-04-27 11:22 -------- d-----w c:\program files\Fichiers communs\DivX Shared
    2009-04-25 14:51 . 2009-04-25 16:06 -------- d-----w c:\program files\Steam
    2009-04-25 14:32 . 2004-08-19 14:09 9728 ------w c:\windows\system32\rwnh.dll
    2009-04-25 14:32 . 2004-08-19 14:09 10752 ------w c:\windows\system32\smtpapi.dll
    2009-04-24 08:54 . 2009-04-24 08:54 -------- d-----w C:\Sounds
    2009-04-24 08:51 . 2008-11-11 11:42 24832 ----a-w c:\windows\system32\drivers\lgusbmodem.sys
    2009-04-24 08:51 . 2008-11-11 11:41 19968 ----a-w c:\windows\system32\drivers\lgusbdiag.sys
    2009-04-24 08:51 . 2008-11-11 11:41 13056 ----a-w c:\windows\system32\drivers\lgusbbus.sys
    2009-04-24 08:51 . 2009-04-24 08:51 -------- d-----w c:\program files\LG Electronics
    2009-04-24 08:49 . 2007-11-08 14:26 1164728 ----a-w c:\windows\system32\NMSDVDXU.dll
    2009-04-24 08:49 . 2009-04-24 13:03 -------- d-----w c:\documents and settings\Administrateur\Application Data\LG Electronics
    2009-04-24 08:49 . 2009-04-27 16:36 -------- d-----w c:\program files\LG PC Suite II
    2009-04-24 08:49 . 2009-04-28 21:11 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-24 08:48 . 2009-04-24 08:48 -------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield
    2009-04-22 22:25 . 2009-04-22 22:25 -------- d-----w c:\documents and settings\LocalService\Menu Démarrer
    2009-04-22 21:59 . 2009-04-22 22:11 664 ----a-w c:\windows\system32\d3d9caps.dat
    2009-04-22 00:17 . 2004-08-19 14:09 104448 ----a-w c:\windows\system32\dmusic.dll
    2009-04-22 00:17 . 2004-08-19 14:09 367616 ----a-w c:\windows\system32\dsound.dll
    2009-04-22 00:17 . 2004-08-19 14:09 27136 ----a-w c:\windows\system32\ddrawex.dll
    2009-04-22 00:17 . 2004-08-19 14:09 266240 ----a-w c:\windows\system32\ddraw.dll
    2009-04-21 19:34 . 2009-04-21 19:34 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
    2009-04-21 17:26 . 2009-04-21 19:58 -------- d--h--w c:\windows\msdownld.tmp
    2009-04-21 17:26 . 2009-04-21 22:51 -------- d-----w c:\windows\Logs
    2009-04-21 16:48 . 2009-04-21 16:49 552 ----a-w c:\windows\system32\d3d8caps.dat
    2009-04-21 16:41 . 2009-04-21 16:42 -------- d-----w C:\48d7926531ee2bad18
    2009-04-21 16:41 . 2009-04-21 16:41 -------- d-----w C:\a0455e6473c70766f2
    2009-04-21 13:20 . 2009-04-21 13:20 -------- d-----w C:\2df572ca79d6d4dcf79aa1051a30
    2009-04-14 20:39 . 2009-04-21 13:18 -------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2009-04-04 09:11 . 2009-04-04 09:11 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Identities

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-29 09:16 . 2009-02-26 17:50 -------- d-----w c:\program files\Fichiers communs\InstallShield
    2009-04-28 23:57 . 2009-02-26 18:04 -------- d-----w c:\program files\Google
    2009-04-27 11:22 . 2009-03-01 14:50 -------- d-----w c:\program files\DivX
    2009-04-25 14:47 . 2001-08-28 12:00 49642 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-25 14:47 . 2001-08-28 12:00 370792 ----a-w c:\windows\system32\perfh00C.dat
    2009-04-25 14:46 . 2009-03-01 15:30 89976 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-22 21:56 . 2009-03-06 18:37 -------- d-----w c:\program files\Windows Media Connect 2
    2009-04-21 19:56 . 2009-02-26 19:42 -------- d-----w c:\program files\K-Lite Codec Pack
    2009-04-21 13:19 . 2009-03-24 23:15 -------- d-----w c:\program files\X'nBeep 1.1
    2009-04-20 21:28 . 2009-02-26 17:22 -------- d-----w c:\program files\Services en ligne
    2009-04-04 19:23 . 2009-03-06 21:01 -------- d-----w c:\program files\VirginMega
    2009-03-11 21:57 . 2009-03-11 21:56 -------- d-----w c:\program files\Fichiers communs\Adobe
    2009-03-01 15:26 . 2009-02-26 17:24 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2009-02-26 19:13 . 2009-02-26 19:13 0 ----a-w c:\windows\nsreg.dat
    2009-02-26 17:24 . 2009-02-26 22:52 558142 ----a-w c:\windows\java\Packages\2yd37tvl.zip
    2009-02-26 17:24 . 2009-02-26 22:52 2678 ----a-w c:\windows\java\Packages\Data\mstnh33f.dat
    2009-02-26 17:24 . 2009-02-26 22:52 2678 ----a-w c:\windows\java\Packages\Data\24zjt3tb.dat
    2009-02-26 17:24 . 2009-02-26 22:52 155995 ----a-w c:\windows\java\Packages\9nzfvbr7.zip
    2009-02-26 17:24 . 2009-02-26 22:52 2678 ----a-w c:\windows\java\Packages\Data\y7xnfxbh.dat
    2009-02-26 17:24 . 2009-02-26 22:52 2678 ----a-w c:\windows\java\Packages\Data\lfzdf5ff.dat
    2009-02-26 17:24 . 2009-02-26 22:52 2678 ----a-w c:\windows\java\Packages\Data\ifnb31fz.dat
    2009-02-26 17:24 . 2001-08-28 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
    2009-02-26 17:22 . 2009-02-26 17:22 21892 ----a-w c:\windows\system32\emptyregdb.dat
    2009-02-09 18:56 . 2009-04-21 19:56 67584 ----a-w c:\windows\system32\ff_vfw.dll
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
    "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-09-17 8491008]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-09-17 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-17 1626112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-04-06 1277584]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\klevor\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58305:TCP"= 58305:TCP:Pando Media Booster
    "58305:UDP"= 58305:UDP:Pando Media Booster

    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-04-14 2784285]
    S1 aswSP;avast! Self Protection; [x]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    S2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\LGInstaller.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-Cmaudio - cmicnfg.cpl
    HKLM-Run-LFAgent - (no file)

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.fr/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-01 03:16
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\places.sqlite-journal

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(2444)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\msi.dll
    c:\windows\System32\shdoclc.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\browselc.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-01 3:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-01 01:20

    Avant-CF: 86 731 235 328 octets libres
    Après-CF: 86 811 471 872 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    202
    0
  12. drash
     
    voila pour combofix loL *en attente du verdict* lol
    0
  13. V-X
     
    Re,

    Désinstalle combofix => Cliquer sur "Démarrer"/ "Exécuter", saisir combofix /u (espace avant "/") et presser la touche "Entrée".

    Refait un log avec RSIT.
    0
  14. drash
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-05-01 03:28:01
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 83 GB (43%) free of 194 GB
    Total RAM: 1023 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:28:06, on 01/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\CF4011.exe
    C:\WINDOWS\system32\cscript.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  15. V-X
     
    Re,

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :processes
    explorer.exe

    :files
    C:\windows\system32\drivers\ovfsthswwcyxmhbbmuvuwmuyuiklwavkbdwejr.sys
    C:\windows\system32\gamemon.des

    :commands
    [purity]
    [emptytemp]
    [start explorer]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
  16. drash
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder C:\windows\system32\drivers\ovfsthswwcyxmhbbmuvuwmuyuiklwavkbdwejr.sys not found.
    C:\windows\system32\GameMon.des moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_2v3x3BA2vY1pJqedCdK4 scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3C13.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3C32.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF457F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF45C6.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4f0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_033456

    Files moved on Reboot...
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_2v3x3BA2vY1pJqedCdK4 not found!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3C13.tmp not found!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3C32.tmp not found!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF457F.tmp not found!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF45C6.tmp not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_4f0.dat not found!
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\cvyt5dcu.default\XUL.mfl moved successfully.
    0
  17. V-X
     
    Re,

    Redémarre ton pc et refait un log avec RSIT.
    0
  • 1
  • 2
  • 3