pc infecté par un virus

Question

Bonjour,
J'ai un pb avec 2 chevaux de troie qui sont entrés dans mon pc hier soir et que je n'arrive pas à supprimer. J'ai Avast qui m'indique que je suis infecté par win32: obfuscated-EJC [TROJAN], et win32.trojen-gen.
Je peut plu aller sur internet avec ce pc, je peut plus éteindre le pc non plus qui se reboote à chaque fois, je suis obligé de le débrancher. ça me tue, il a 1 semaine mon pc, ras le bol des hackers, j'y ai mis tt mon blé dans cette config!!!
Si quelqu'un peut m'aider

chefpunky · Answer

Bonjour,

tkt

pour commencer  telecharge hijackthis:

1.1 http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
1.2  une fois installer renomme le fichier "hijackthis.exe" en  "bonjour.exe
1.3   ensuite ouvre hijackthis et fait "do a scan a system and logfile"
1.4    et poste le rapport sur ce forum.

midnightdevil · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:42, on 05/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [b4cdad56] rundll32.exe "C:\WINDOWS\system32\ibbxeyvn.dll",b
O4 - HKLM\..\Run: [BMb7fe9eca] Rundll32.exe "C:\WINDOWS\system32\qawadtwj.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe" "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe" "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKCU\..\Run: [WindowsManager] c:\cuhv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

chefpunky · Answer

rien de grave

telecharge MBAM
https://www.commentcamarche.net/telecharger/ 34055379 malwarebyte s anti malware

1.1 installe le
1.2 fai une recherche complete
1.3 a la fin affiche le resultat
1.4 nettoit tout
1.5 post le rapport ici.

midnightdevil · Answer

Quelqu'un qui pourrait m'aider pour la suite S.V.P. Je sais po quoi faire maintenant, et je peut po me connecter en tant que membre, mon accés internet est restreint avec ses foutus virus, pourtant j'me connectes depuis un pc portable en wifi.
D'avance merci, et merci aussi à Chefpunky pour son aide si précieuse!!!

chefpunky · Answer

nettoit tout

midnightdevil · Answer

J'ai récupéré internet, enfin !!!
Malwarebyte m'a bien tout supprimé, il ne trouve plus rien mais dès que j'relance Avast, j'ai de nouveau plus d'internet et il me dit que je suis infecté par un trojan-gen, je le supprime mais ça revient. C'es casse couille les virus.
Là j'ai téléchargé Ad Aware qui m'en a resupprimé 10 dont Zango.
Y a pas un truc radical pour tout virer, sans reformater. Est-c-que tu pense pas que ça soit possible que Avast soit infecté et que ce soit lui qui me recontamine sans arrêt?
Peut-être me faut-il un correctif?
Au fait je peut tjrs pas me connecter sur le forum en tant que membre, un message apparaît en me disant d'activer les cookies sous peine d'être déconnecter et me déconnecte derriére, t'aurai une idée ???
Merci d'avance

chefpunky · Answer

si, combofix
https://forospyware.com

telecharge le
installe le

et choisit l' option 1.

ensuite poste le rapport sur ce forum.


Si vous rencontrez des problèmes pour vous reconnecter à internet après avoir exécuter ComboFix, faite ce qui suit :

-Essayez d'abord en redémarrant votre ordinateur
-Si vous n'avez toujours pas de connexion à internet après avoir redémarrer, exécutez les étapes suivantes :

    1. Cliquez sur Démarrer
    2. Cliquez sur panneau de configuration
    3. Faites un double-clic sur l'icône connexion réseau (si votre panneau de configuration est paramètré pour un affichage
        en catégories, faites un double-clic sur connexion réseau et internet puis cliquez sur connexion réseau tout en bas.
    4. Vous verez alors une liste de toutes les connexions réseau disponibles.Repérez votre connexion et faite un clic droit dessus.
    5. Vous verez alors un menu .Cliquez simplement sur réparer.

midnightdevil · Answer

ComboFix 08-08-12.01 - GT Race 2008-08-13 21:18:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2811 [GMT 2:00]
Endroit: E:\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\wuasirvy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fci
-------\Legacy_tcpsr
-------\Service_tcpsr

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))))))
.

2008-08-13 21:21 . 2008-08-13 21:21 6,784 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
2008-08-12 22:34 . 2008-08-12 22:34 <REP> d-------- C:\Program Files\Lavasoft
2008-08-12 22:34 . 2008-08-12 22:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-12 22:34 . 2008-08-12 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-12 22:31 . 2008-08-12 22:31 268 --ah----- C:\sqmdata02.sqm
2008-08-12 22:31 . 2008-08-12 22:31 244 --ah----- C:\sqmnoopt02.sqm
2008-08-12 19:58 . 2008-08-12 19:58 268 --ah----- C:\sqmdata01.sqm
2008-08-12 19:58 . 2008-08-12 19:58 244 --ah----- C:\sqmnoopt01.sqm
2008-08-12 19:56 . 2008-08-12 19:56 2,048 --a------ C:\WINDOWS\system32\khlxkhew.exe
2008-08-12 19:50 . 2008-08-12 19:50 1,374 ---hs---- C:\WINDOWS\system32\megnobqm.ini
2008-08-07 22:50 . 2008-08-07 22:50 2,048 --a------ C:\WINDOWS\system32\jrmmatro.exe
2008-08-06 22:44 . 2008-08-06 22:44 2,048 --a------ C:\WINDOWS\system32\yiuqticn.exe
2008-08-06 22:42 . 2008-08-06 22:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 22:42 . 2008-08-06 22:42 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Malwarebytes
2008-08-06 22:42 . 2008-08-06 22:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 22:42 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-06 22:42 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 22:41 . 2008-08-07 22:42 954 ---hs---- C:\WINDOWS\system32\lwwbbrot.ini
2008-08-05 07:12 . 2008-08-05 07:12 2,048 --a------ C:\WINDOWS\system32\ksiysyhl.exe
2008-08-05 07:12 . 2008-08-06 22:39 834 ---hs---- C:\WINDOWS\system32\nvyexbbi.ini
2008-08-04 22:57 . 2008-08-05 07:06 534 ---hs---- C:\WINDOWS\system32\batcuwuj.ini
2008-08-04 22:44 . 2008-08-13 21:12 30,848 --a------ C:\WINDOWS\system32\drivers\Aid63.sys
2008-08-04 22:44 . 2008-08-04 22:44 27,136 --a------ C:\srdyxdh.exe
2008-08-04 22:44 . 2008-08-04 22:44 2 --a------ C:\-1261588999
2008-08-04 11:09 . 2008-08-04 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-08-03 21:06 . 2008-08-03 21:06 <REP> d-------- C:\Program Files\P2P_Torrent
2008-08-03 21:06 . 2008-08-03 21:06 <REP> d-------- C:\Program Files\Conduit
2008-08-03 10:07 . 2008-08-05 09:34 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\BitTorrent
2008-08-03 09:57 . 2008-08-13 21:18 <REP> d-------- C:\Program Files\DNA
2008-08-03 09:57 . 2008-08-03 09:57 <REP> d-------- C:\Program Files\BitTorrent
2008-08-03 09:57 . 2008-08-13 21:19 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\DNA
2008-08-03 09:41 . 2008-08-03 09:54 <REP> d-------- C:\WINDOWS\NV1552668.TMP
2008-08-03 09:41 . 2008-06-18 17:46 190,432 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-03 09:40 . 2008-08-03 09:40 <REP> d-------- C:\NVIDIA
2008-08-03 09:36 . 2008-08-03 09:36 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-02 22:15 . 2008-08-02 22:15 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-02 22:14 . 2008-08-02 22:14 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-02 22:14 . 2008-08-02 22:15 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-02 22:14 . 2008-08-02 22:15 <REP> d-------- C:\a0ae3dee063b03619a
2008-07-31 21:07 . 2008-04-13 11:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-31 21:07 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-31 21:07 . 2008-07-31 21:07 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-31 21:06 . 2008-07-31 21:08 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\PC Suite
2008-07-31 21:06 . 2008-07-31 21:09 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Nokia
2008-07-31 21:06 . 2008-07-31 21:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Nokia
2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\DIFX
2008-07-31 21:05 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-31 21:05 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-07-31 21:05 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-31 21:05 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-31 21:05 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-31 21:05 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-31 21:05 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-07-31 21:04 . 2008-07-31 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-07-28 23:18 . 2008-07-28 23:18 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-07-28 23:18 . 2004-04-14 10:54 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-07-28 23:18 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-07-28 23:18 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-07-28 23:18 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-07-28 23:18 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-07-28 22:58 . 2008-07-28 22:58 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Ubisoft
2008-07-28 22:56 . 2008-07-28 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-28 22:47 . 2008-07-28 22:47 <REP> d-------- C:\Program Files\Ubisoft
2008-07-28 22:35 . 2008-07-28 22:35 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-28 22:35 . 2008-07-29 08:36 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-28 22:29 . 2008-07-28 22:29 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\DAEMON Tools
2008-07-28 22:29 . 2008-07-28 22:29 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-28 21:59 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-28 21:50 . 2008-07-28 21:50 <REP> d-------- C:\Program Files\Undisker
2008-07-28 18:51 . 2008-07-28 18:51 <REP> d-------- C:\Program Files\oZone3D
2008-07-28 18:23 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-28 15:16 . 2008-07-28 19:24 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-28 14:15 . 2008-05-07 07:11 1,294,336 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-07-28 14:15 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-27 20:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-27 20:21 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-27 20:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 20:08 . 2008-07-27 20:09 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Media Player Classic
2008-07-27 20:00 . 2008-07-27 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-27 20:00 . 2005-02-17 07:15 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-07-27 01:02 . 2008-07-27 01:02 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\vlc
2008-07-27 01:00 . 2008-07-27 01:00 <REP> d-------- C:\Program Files\VideoLAN
2008-07-27 00:55 . 2008-07-27 00:55 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-26 23:48 . 2008-08-05 08:22 <REP> d-------- C:\Program Files\eMule
2008-07-26 23:25 . 2008-07-26 23:25 <REP> dr-h----- C:\Documents and Settings\GT Race\Application Data\SecuROM
2008-07-26 23:18 . 2008-07-26 23:18 <REP> d-------- C:\Program Files\Electronic Arts
2008-07-26 22:57 . 2008-07-26 22:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-26 22:56 . 2008-07-26 22:56 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Logitech
2008-07-26 22:56 . 2008-07-26 22:56 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-26 22:56 . 2008-07-26 22:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-26 22:56 . 2008-07-26 22:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-07-26 22:55 . 2008-07-28 23:18 <REP> d-------- C:\Program Files\Logitech
2008-07-26 22:55 . 2008-07-26 22:55 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
2008-07-26 22:55 . 2008-07-26 22:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-26 22:55 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-07-26 22:55 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-26 22:55 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-26 22:55 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-26 22:55 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-26 21:23 . 2008-07-26 21:23 <REP> d-------- C:\Program Files\Alwil Software
2008-07-26 20:54 . 2008-07-26 20:54 <REP> d-------- C:\WINDOWS\BtFxTemp
2008-07-26 20:54 . 2008-07-26 20:54 <REP> d-------- C:\btinbox
2008-07-26 20:46 . 2000-05-22 00:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-07-26 20:46 . 2002-06-19 15:02 90,112 --a------ C:\WINDOWS\system32\ESICOMMN.dll
2008-07-26 20:46 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-07-26 20:40 . 2008-07-26 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-26 05:10 . 2008-04-13 18:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-07-26 05:10 . 2008-04-13 19:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-26 05:10 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-26 05:10 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-07-26 05:09 . 2008-07-26 05:09 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
2008-07-26 05:09 . 2008-07-26 05:09 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-07-26 05:09 . 2008-07-25 22:22 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-07-26 05:09 . 2008-07-26 05:09 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-07-26 05:09 . 2008-07-26 05:09 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
2008-07-26 05:09 . 2008-07-27 20:00 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-07-26 05:09 . 2008-07-25 23:26 <REP> dr------- C:\Documents and Settings\All Users\Documents

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 19:20 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-04 20:44 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-07-28 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 18:00 --------- d-----w C:\Program Files\GIGABYTE
2008-07-27 18:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-25 21:28 30,008 ----a-w C:\WINDOWS\system32\drivers\ET5Drv.sys
2008-07-25 20:49 --------- d-----w C:\Program Files\Realtek
2008-07-25 20:49 --------- d-----w C:\Documents and Settings\GT Race\Application Data\InstallShield
2008-07-25 20:47 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-25 20:45 --------- d-----w C:\Program Files\Intel
2008-07-25 20:37 --------- d-----w C:\Documents and Settings\GT Race\Application Data\MSN6
2008-07-25 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-25 20:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-25 20:24 558,142 ----a-w C:\WINDOWS\java\Packages\USBFJTVH.ZIP
2008-07-25 20:24 155,995 ----a-w C:\WINDOWS\java\Packages\EOD71BL7.ZIP
2008-07-25 20:22 --------- d-----w C:\Program Files\Services en ligne
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 16:00 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 14:31 1122816]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-03 09:57 341824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="C:\Program Files\GIGABYTE\GEST\RUN.exe" [2008-07-25 23:29 236040]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-08-29 10:55 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-06-18 17:46 13533184]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-06-18 17:46 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-06-18 17:46 1657376 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 19:34 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aid63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R0 Aid63;Aid63;C:\WINDOWS\system32\Drivers\Aid63.sys [2008-08-13 21:12]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\GEST\GSvr.exe [2008-07-25 23:28]
S1 d9dc4bed;d9dc4bed;C:\WINDOWS\system32\drivers\d9dc4bed.sys []
S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys []
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys []
S3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys [2008-08-13 21:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78e21d09-5cde-11dd-9a34-001d7d06b401}]
\Shell\AutoRun\command - l2f.cmd
\Shell\explore\Command - l2f.cmd
\Shell\open\Command - l2f.cmd
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Registry Helper - C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe
HKCU-Run-Disk Cleaner - C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe
HKCU-Run-WindowsManager - c:\cuhv.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 21:21:04
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-13 21:22:06 - machine was rebooted [GT Race]
ComboFix-quarantined-files.txt 2008-08-13 19:22:03

Pre-Run: 239,854,407,680 octets libres
Post-Run: 239,835,721,728 octets libres

287 --- E O F --- 2008-08-03 18:08:45

midnightdevil · Answer

j'arrives tjrs pas à me connecter à msn pour lire mes mails, il me dit encore que mon mot de passe est incorrect alors que de partout ailleurs j'y vait sans pb. De plus j'ai mis 1h à me connecter sur internet en faisant un pont avec mes connections, sinon avant ça marchait plus. J'ai l'impression d'être dans une impasse, à chaque foi que j'utilise un des logiciels que tu me dit il me trouve quelque chose, mais ça revient à chaque fois. Le jour ou j'ai chopé le virus il est allé sur mon invité de commande, y aurait-il pas un exécutable à supprimer, de plus j'ai remarqué plusieures fois dans les divers log utilisés qu'un fichier de restore était présent à chaque fois dans la liste des éléments à supprimer. Je craque, ça fait 15 jrs, et puis il a même po 1 mois mon PC!!! 
Merci à toi de t'intéresser autant à mes pb

midnightdevil · Answer

Voici un rapport que j'ai reçu de windows à mon dernier démarrage de pc:

Summary
Win32/Cutwail is a multi-component family of trojans that download and execute arbitrary files. Downloaded files may be executed from disk or injected directly into other processes. Whilst the functionality of the files that are downloaded is variable, Cutwail's purpose is often to send spam. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal. This component is used to send spam.
Symptoms
System Changes
The following system changes may indicate the presence of Spammer:Win32/Cutwail.gen!B:
Presence of the following files:
<system folder>\drivers\dumplog.exe
<system folder>\drivers\nktest.sys
<system folder>\drivers\nkv2.sys
Technical Information
Win32/Cutwail is a multi-component family of trojans that download and execute arbitrary files. Downloaded files may be executed from disk or injected directly into other processes. Whilst the functionality of the files that are downloaded is variable, Cutwail's purpose is often to send spam. Cutwail may employ a rootkit and other defensive techniques to avoid detection and removal. This component is used to send spam. Installation Spammer:Win32/Cutwail.gen!B is injected into the %windows%\system32\svchost.exe process by other Cutwail variants/components. When running, it may drop the following files:
<system folder>\drivers\dumplog.exe
<system folder>\drivers\nktest.sys
<system folder>\drivers\nkv2.sys
Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32. Payload Sends Spam Spammer:Win32/Cutwail.gen!B may contact the following IP addresses in order to receive configuration instructions:
208.66.194.227
207.46.55.28
The trojan may also make a number of outbound connection attempts via port 25 to the following servers in order to test for e-mail-sending capability:
mxs.mail.ru
gmail-smtp-in.l.google.com
gsmtp183.google.com
in1.smtp.messagingengine.com
mail7.digitalwaves.co.nz
After receiving configuration data from a remote controller and testing the affected machine's capabilities, this trojan may be used to send bulk unwanted e-mail (i.e. spam). Analysis by Scott Molenkamp
Steps
Take the following steps to help prevent infection on your system:
Enable a firewall on your computer.
Get the latest computer updates.
Use up-to-date antivirus software.
Use caution with attachments and file transfers.
Enable a firewall on your computer
Use a third-party firewall product or turn on the Microsoft Windows XP Internet Connection Firewall.
To turn on the Internet Connection Firewall in Windows XP
Click Start, and click Control Panel.
Click Network and Internet Connections. If you do not see Network and Internet Connections, click Switch to Category View.
Click Change Windows Firewall Settings.
Select On.
Click OK.
To turn on the Windows Firewall in Windows Vista
Click Start, and click Control Panel.
Click Security.
Click Turn Windows Firewall on or off.
Select On.
Click OK.
Get the latest computer updates
Updates help protect your computer from viruses, worms, and other threats as they are discovered. You can use the Automatic Updates feature in Windows XP to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
To turn on Automatic Updates in Windows XP
Click Start, and click Control Panel.
Click System.
Click Automatic Updates.
Select a setting. Microsoft recommends selecting Automatic. If you do not choose Automatic, but you choose to be notified when updates are ready, a notification balloon appears when new downloads are available to install. Click the notification balloon to review and install the updates.
Use up-to-date antivirus software
Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software that is updated with the latest signature files. Antivirus software is available from several sources. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
Use caution with attachments and file transfers
Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.
Recovery Steps
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Technical Information
Win32/Cutwail is a multi-component family of trojans that download and execute arbitrary files. Downloaded files may be executed from disk or injected directly into other processes. Whilst the functionality of the files that are downloaded is variable, Cutwail's purpose is often to send spam. Cutwail may employ a rootkit and other defensive techniques to avoid detection and removal. This component is used to send spam. Installation Spammer:Win32/Cutwail.gen!B is injected into the %windows%\system32\svchost.exe process by other Cutwail variants/components. When running, it may drop the following files:
<system folder>\drivers\dumplog.exe
<system folder>\drivers\nktest.sys
<system folder>\drivers\nkv2.sys
Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32. Payload Sends Spam Spammer:Win32/Cutwail.gen!B may contact the following IP addresses in order to receive configuration instructions:
208.66.194.227
207.46.55.28
The trojan may also make a number of outbound connection attempts via port 25 to the following servers in order to test for e-mail-sending capability:
mxs.mail.ru
gmail-smtp-in.l.google.com
gsmtp183.google.com
in1.smtp.messagingengine.com
mail7.digitalwaves.co.nz
After receiving configuration data from a remote controller and testing the affected machine's capabilities, this trojan may be used to send bulk unwanted e-mail (i.e. spam). Analysis by Scott Molenkamp
Steps
Take the following steps to help prevent infection on your system:
Enable a firewall on your computer.
Get the latest computer updates.
Use up-to-date antivirus software.
Use caution with attachments and file transfers.
Enable a firewall on your computer
Use a third-party firewall product or turn on the Microsoft Windows XP Internet Connection Firewall.
To turn on the Internet Connection Firewall in Windows XP
Click Start, and click Control Panel.
Click Network and Internet Connections. If you do not see Network and Internet Connections, click Switch to Category View.
Click Change Windows Firewall Settings.
Select On.
Click OK.
To turn on the Windows Firewall in Windows Vista
Click Start, and click Control Panel.
Click Security.
Click Turn Windows Firewall on or off.
Select On.
Click OK.
Get the latest computer updates
Updates help protect your computer from viruses, worms, and other threats as they are discovered. You can use the Automatic Updates feature in Windows XP to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
To turn on Automatic Updates in Windows XP
Click Start, and click Control Panel.
Click System.
Click Automatic Updates.
Select a setting. Microsoft recommends selecting Automatic. If you do not choose Automatic, but you choose to be notified when updates are ready, a notification balloon appears when new downloads are available to install. Click the notification balloon to review and install the updates.
Use up-to-date antivirus software
Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software that is updated with the latest signature files. Antivirus software is available from several sources. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
Use caution with attachments and file transfers
Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.
Recovery Steps
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

midnightdevil · Answer

Je suis allé acheter kaspersky internet security 2009 que j'ai installé, et miracle il me semble que tout est renté dans l'ordre enfin!!!
Mais ça reste à confirmer dans les jours à venir.
En tout cas merci encore pour tout chefpunki tu m'as été d'un grand secours. Je croise les doigts pour la suite, de toute façons je te tinedrai au courant sur cette page !!!
Bonne soirée à toi, et merci aussi à toute l'équipe de comment ça marche pour l'aide précieuse qu'ils nous distillent à nous pcistes néophytes.

Eric · Answer

Bonjour 
j'ai un Cheval de troie Cutwail, j'ai donc suivi la procédure avec Hijack This, et voici le log:
Merci pour votre réponse

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:25, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\APPS\SMP\SMPSYS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Documents and Settings\éric\éric.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.seekgoofr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [éric] D:\Documents and Settings\éric\éric.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Pc infecté par un virus

12 réponses

Votre réponse

Newsletters