Problème avec des fenêtre (popup)

Zial -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 8 nov. 2008 à 09:38

Bonjour,

j'ai un problème avec des popup qui ouvre ainsi qu'un gros ralentissement de l'ordinateur.

Voici le log de Hijackthis et merci de m'aider:

Logfile of HijackThis v1.99.1
Scan saved at 14:14:02, on 2008-11-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\patrick.perron\Application Data\gadcom\gadcom.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PATRIC~1.PER\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Telenet Informatique Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe"
O4 - HKLM\..\Run: [{08-8D-D3-30-DW}] c:\windows\system32\rjwnw64o.exe DWmmm01FF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntttdl.exe DWmmm01FF
O4 - HKLM\..\Run: [haanupginlmdjfk] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\nunaontmdw.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\patrick.perron\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntttdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rjwnw64o.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telenetinfo.com
O17 - HKLM\Software\..\Telephony: DomainName = telenetinfo.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telenetinfo.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = telenetinfo.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: vuegrf.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Afficher la suite

A voir également:

Problème avec des fenêtre (popup)
Fake mcafee popup - Accueil - Piratage
Fenetre windows - Guide
Fenêtre hors écran windows 11 - Guide
Fenetre de navigation privée - Guide
Forcer fermeture fenetre windows - Guide

4 réponses

Réponse 1 / 4

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt,

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

_____________________

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

Zial

Voici le résultat :

SmitFraudFix v2.373

Scan done at 15:37:22,20, 2008-11-06
Run from C:\Documents and Settings\patrick.perron\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\patrick.perron\Application Data\gadcom\gadcom.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ssmsee.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\dllhost.exe
c:\windows\microsoft.net\framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\patrick.perron\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\patrick.perron

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PATRIC~1.PER\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\patrick.perron\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PATRIC~1.PER\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="vuegrf.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Zial

Search Navipromo version 3.6.9 commencé le 2008-11-06 à 15:43:10,42

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "patrick.perron"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 6.0.2900.5512
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1\programs" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\patrick.perron\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\patrick.perron\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\patrick.perron\startm~1\programs" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\patrick.perron\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\patrick.perron\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\pqtEhRqr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 2008-11-06 à 15:51:12,52 ***

Réponse 2 / 4

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Zial

Voici le log de ComboFix (Stressant exécuter ca :p)

Si il y a d'autre procédure a faire, je vais devoir continuer demain.

Merci beaucoup de tout ton support!

ComboFix 08-11-05.02 - patrick.perron 2008-11-06 16:34:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1603 [GMT -5:00]
Running from: c:\documents and settings\patrick.perron\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PATRIC~1.PER\LOCALS~1\Temp\prun.exe
c:\docume~1\PATRIC~1.PER\LOCALS~1\Temp\snapsnet.exe
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\NetworkService\Application Data\NetMon
c:\documents and settings\NetworkService\Application Data\NetMon\domains.txt
c:\documents and settings\NetworkService\Application Data\NetMon\log.txt
c:\documents and settings\patrick.perron\Application Data\gadcom
c:\documents and settings\patrick.perron\Application Data\gadcom\gadcom.exe
c:\documents and settings\patrick.perron\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\patrick.perron\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\patrick.perron\Start Menu\Programs\Startup\DW_Start.lnk
c:\program files\network monitor
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\IA
c:\windows\system32\Cache
c:\windows\system32\gside.exe
c:\windows\system32\kjjdgimx.ini
c:\windows\system32\MSINET.oca
c:\windows\system32\msnav32.ax
c:\windows\system32\msssc.dll
c:\windows\system32\npadah.dll
c:\windows\system32\pqtEhRqr.ini
c:\windows\system32\pqtEhRqr.ini2
c:\windows\system32\rqRhEtqp.dll
c:\windows\system32\sauerbjb.dll
c:\windows\system32\vuegrf.dll
c:\windows\system32\wikloxij.ini
c:\windows\system32\winpfz33.sys
c:\windows\system32\xdyognys.dll
c:\windows\system32\xmigdjjk.dll
c:\windows\system32\zxdnt3d.cfg
c:\windows\Tasks\hyieibsc.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-06 15:41 . 2008-11-06 15:54 <DIR> d-------- c:\program files\Navilog1
2008-11-06 15:37 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-06 15:37 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-06 15:37 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-06 15:37 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-06 15:37 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-06 15:37 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-06 15:37 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-06 15:37 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-06 15:37 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-06 15:37 . 2008-11-06 15:37 2,148 --a------ c:\windows\system32\tmp.reg
2008-11-06 09:56 . 2008-11-06 09:56 <DIR> d-------- c:\program files\Alwil Software
2008-11-06 09:29 . 2008-11-06 09:29 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 09:29 . 2008-11-06 09:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-06 09:29 . 2008-11-06 09:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 09:21 . 2008-11-06 09:21 90,915 --a------ c:\windows\system32\lbiqmkrlgirtyqaf.dll-uninst.exe
2008-11-06 09:19 . 2008-11-06 09:48 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 09:19 . 2008-11-06 09:20 <DIR> d-------- c:\windows\system32\mem
2008-11-06 09:19 . 2008-11-06 09:48 <DIR> d-------- c:\windows\system32\kfg3
2008-11-06 09:19 . 2008-11-06 09:48 <DIR> d-------- c:\windows\system32\EMS
2008-11-06 09:19 . 2008-11-06 09:19 <DIR> d-------- c:\temp\NT32
2008-11-06 09:19 . 2008-11-06 16:34 <DIR> d-------- C:\Temp
2008-11-05 16:45 . 2008-11-05 16:45 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Windows Search
2008-11-05 14:03 . 2008-11-05 14:03 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-05 11:31 . 2008-11-05 11:31 162 --a------ c:\windows\ODBC.INI
2008-11-01 04:38 . 2008-11-01 04:38 178,176 --a------ c:\windows\system32\nunaontmdw.dll
2008-10-30 02:03 . 2008-10-30 02:03 <DIR> d-------- c:\windows\SQLTools9_KB948109_ENU
2008-10-30 02:00 . 2008-10-30 02:00 <DIR> d-------- c:\windows\SQL9_KB948109_ENU
2008-10-29 10:16 . 2008-10-29 10:16 <DIR> d-------- c:\documents and settings\TEMPPATPER\ASPNET
2008-10-29 10:16 . 2008-10-29 10:16 <DIR> d-------- c:\documents and settings\TEMPPATPER
2008-10-29 08:30 . 2008-10-29 08:31 <DIR> d-------- C:\Beta
2008-10-29 08:28 . 2008-10-29 08:28 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2008-10-29 08:16 . 2008-10-29 08:16 <DIR> d-------- c:\program files\MSXML 6.0
2008-10-29 08:13 . 2008-10-30 02:03 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\program files\Logitech
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\program files\Common Files\Logitech
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\documents and settings\PATRIC~1~PER\LOCALS~1
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\documents and settings\PATRIC~1~PER
2008-10-28 07:40 . 2003-12-11 08:50 152,064 --a------ c:\windows\system32\lmoufrc.dll
2008-10-28 07:40 . 2003-12-18 08:50 104,960 --a------ c:\windows\system32\COMNCTR.DLL
2008-10-28 07:40 . 2003-12-18 08:50 97,792 --a------ c:\windows\system32\LGUICOM.DLL
2008-10-28 07:40 . 2003-12-11 08:50 70,894 --a------ c:\windows\system32\drivers\LMouFlt2.Sys
2008-10-28 07:40 . 2003-12-11 08:50 51,582 --a------ c:\windows\system32\drivers\L8042pr2.Sys
2008-10-28 07:40 . 2003-12-11 08:50 37,916 --a------ c:\windows\system32\drivers\LHidUsb.sys
2008-10-28 07:40 . 2003-12-11 08:50 25,630 --a------ c:\windows\system32\drivers\LHidFlt2.Sys
2008-10-28 07:40 . 2003-12-11 08:50 23,372 --a------ c:\windows\system32\LCoInst.Dll
2008-10-28 07:40 . 2003-12-11 08:50 20,992 --------- c:\windows\LOGI_MWX.EXE
2008-10-28 07:40 . 2003-12-18 08:50 16,896 --a------ c:\windows\system32\LMOUSE32.DLL
2008-10-28 07:40 . 2003-12-11 08:50 14,092 --------- c:\windows\system32\drivers\LCCFLTR.SYS
2008-10-28 07:40 . 2003-12-18 08:50 3,568 --a------ c:\windows\system32\LMOUSE16.DLL
2008-10-24 12:06 . 2008-10-24 12:06 <DIR> d-------- c:\windows\Sun
2008-10-24 02:22 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 19:18 . 2008-10-23 19:18 2,302,017 --a------ c:\windows\system32\GPhotos.scr
2008-10-17 12:49 . 2008-10-17 12:50 <DIR> d-------- c:\program files\IE7
2008-10-16 08:27 . 2008-10-16 08:27 <DIR> d-------- c:\program files\Winamp Remote
2008-10-16 08:27 . 2008-10-16 08:27 <DIR> d-------- c:\program files\Winamp
2008-10-16 08:27 . 2008-10-17 08:20 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Winamp
2008-10-16 08:27 . 2008-10-16 08:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-10-16 08:27 . 2007-03-07 18:51 129,784 --a------ c:\windows\system32\pxafs.dll
2008-10-16 07:39 . 2008-10-16 07:44 1,038 --a------ c:\windows\eReg.dat
2008-10-16 07:32 . 1998-06-17 16:07 57,344 --a------ c:\windows\system32\Mfc42loc.dll
2008-10-16 07:28 . 2008-10-16 07:29 <DIR> d-------- c:\program files\EA GAMES
2008-10-16 07:22 . 2008-10-16 07:22 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-10-16 07:18 . 2008-10-16 07:18 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\DAEMON Tools
2008-10-16 07:18 . 2008-10-16 07:18 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-15 23:36 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 23:36 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 23:36 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 23:36 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 23:36 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 23:36 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-10 13:47 . 2008-10-10 13:47 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Xerox
2008-10-10 13:41 . 2008-11-06 16:20 328 --a------ c:\windows\hpbafd.ini
2008-10-10 08:10 . 2008-10-10 08:10 <DIR> d---s---- c:\documents and settings\patrick.perron\UserData
2008-10-10 07:30 . 2008-10-10 08:10 <DIR> d-------- c:\documents and settings\patrick.perron\Contacts
2008-10-10 07:29 . 2008-10-10 07:29 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-10 07:29 . 2008-10-10 07:29 <DIR> d-------- c:\program files\MSN Messenger
2008-10-09 12:35 . 2008-10-21 14:25 <DIR> d-------- C:\# Client #
2008-10-08 11:40 . 2008-04-07 18:16 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-10-08 11:40 . 2008-04-07 18:16 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-10-08 11:39 . 2008-10-08 11:39 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-10-08 11:39 . 2008-10-08 11:39 <DIR> d-------- c:\program files\Google
2008-10-08 10:46 . 2008-10-08 10:46 <DIR> d-------- c:\program files\uTorrent
2008-10-08 10:46 . 2008-11-06 09:22 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\uTorrent
2008-10-07 15:45 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-07 15:45 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-07 15:20 . 2008-10-07 15:20 <DIR> d-------- c:\program files\MSBuild
2008-10-07 15:20 . 2008-10-07 15:20 <DIR> d-------- c:\program files\Microsoft Works
2008-10-07 15:19 . 2008-10-29 08:16 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-07 15:16 . 2008-10-07 15:20 <DIR> d-------- c:\windows\SHELLNEW
2008-10-07 15:16 . 2008-10-07 15:16 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-10-07 15:15 . 2008-10-07 15:15 <DIR> dr-h----- C:\MSOCache
2008-10-07 15:15 . 2008-11-06 03:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-07 15:13 . 2008-10-07 15:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-07 15:07 . 2008-10-07 15:07 <DIR> d-------- c:\program files\Common Files\Control Panels
2008-10-07 15:04 . 2008-10-07 15:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-10-07 14:50 . 2008-10-07 14:50 <DIR> d-------- c:\program files\QuickTime
2008-10-07 14:41 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-10-07 14:41 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-10-07 14:34 . 2008-10-07 14:34 <DIR> d-------- c:\program files\Bonjour
2008-10-07 14:30 . 2008-10-07 14:30 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-07 12:59 . 2008-10-07 12:59 <DIR> d-------- c:\windows\system32\Adobe
2008-10-07 12:59 . 2004-08-16 19:40 16,384 --a------ c:\windows\system32\FileOps.exe
2008-10-07 12:56 . 2008-10-07 12:56 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-10-07 12:56 . 2008-10-07 15:07 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-07 12:40 . 2008-10-07 12:40 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Windows Desktop Search
2008-10-07 12:40 . 2008-11-05 16:29 <DIR> d-------- c:\documents and settings\patrick.perron
2008-10-07 12:39 . 2008-10-07 12:39 <DIR> d-------- c:\windows\SchCache
2008-10-07 12:31 . 2008-10-07 12:31 <DIR> d-------- c:\program files\Opera
2008-10-07 12:28 . 2008-10-07 12:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search
2008-10-07 12:27 . 2008-10-07 12:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-07 12:22 . 2008-10-07 12:22 <DIR> d-------- C:\NVIDIA
2008-10-07 12:22 . 2008-04-30 16:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-07 12:17 . 2008-10-07 12:17 0 --a------ c:\windows\nsreg.dat
2008-10-07 12:12 . 2008-10-07 12:12 <DIR> d-------- c:\program files\Program Shortcuts
2008-10-07 12:03 . 2008-10-23 12:08 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-07 12:03 . 2008-10-07 12:03 8,192 --a------ c:\windows\REGLOCS.OLD
2008-10-07 12:02 . 2008-10-07 12:02 333 --a------ c:\windows\system32\$ncsp$.inf
2008-10-07 12:02 . 2008-10-07 12:02 61 --a------ c:\windows\smscfg.ini
2008-10-07 12:01 . 2008-10-07 12:01 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-07 12:01 . 2008-10-07 12:01 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-07 12:01 . 2008-10-07 12:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2008-10-07 12:01 . 2008-03-07 12:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2008-10-07 12:01 . 2008-03-07 12:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2008-10-07 12:01 . 2008-03-07 12:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 12:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-07 17:00 1,602 --sha-r c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dc7100 CMT(PP287UA)_YB_0CBD_QCAC527_EU_46_I0968h_SHP_V_B786C1 v01.05_T040616_WXP2_L409_M2048_J80_7Intel_8Pentium 4_93.19_#081007_N14E41677_(PP287UA)_X_CD6_Z_2_G10DE0326.MRK
2008-10-07 17:00 --------- d-----w c:\program files\Compaq
2008-10-07 16:59 --------- d-----w c:\program files\HPQ
2008-10-07 16:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-07 16:57 --------- d-----w c:\program files\InterVideo
2008-10-07 16:57 --------- d-----w c:\program files\Broadcom
2008-10-07 16:57 --------- d-----w c:\program files\Altiris
2008-10-07 16:56 --------- d-----w c:\program files\Java
2008-10-07 16:56 --------- d-----w c:\program files\Common Files\Java
2008-10-07 16:56 --------- d-----w c:\program files\Analog Devices
2008-10-07 16:48 --------- d-----w c:\program files\microsoft frontpage
2008-10-07 16:04 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-06 03:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 03:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-08-28 07:46 74,752 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 07:46 74,752 ------w c:\windows\system32\dllcache\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w c:\windows\system32\win32spl.dll
2008-08-28 07:46 104,960 ------w c:\windows\system32\dllcache\win32spl.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-20 05:30 666,112 ------w c:\windows\system32\dllcache\wininet.dll
2008-08-20 05:30 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
2008-08-20 05:30 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-20 05:30 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{836B5314-7152-53BB-DAEF-DCB3B98EC1C1}]
2008-11-01 04:38 178176 --a------ c:\windows\system32\nunaontmdw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-07 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"haanupginlmdjfk"="c:\windows\system32\nunaontmdw.dll" [2008-11-01 178176]
"LayoutM"="KLayMgr.exe" [2004-08-16 c:\windows\KLayMgr.exe]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vuegrf.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-07 12:45]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9E91EF7B-6846-45C3-A8AB-67CF7C900783} - c:\windows\system32\efcyaxXq.dll
BHO-{9FABB311-AF6E-47D8-BC79-91FE26681E63} - c:\windows\system32\rqRhEtqp.dll
BHO-{b7817031-4e52-4170-97e6-b9cdb20f9f51} - c:\windows\system32\vuegrf.dll
BHO-{c32b3f09-1f0b-f357-9048-586977294868} - c:\windows\system32\lbiqmkrlgirtyqaf.dll
HKCU-Run-prunnet - c:\windows\system32\prun.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-prunnet - c:\windows\system32\prun.exe
HKLM-Run-{08-8D-D3-30-DW} - c:\windows\system32\rjwnw64o.exe
ShellExecuteHooks-{9E91EF7B-6846-45C3-A8AB-67CF7C900783} - c:\windows\system32\efcyaxXq.dll
Notify-efcyaxXq - efcyaxXq.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\patrick.perron\Application Data\Mozilla\Firefox\Profiles\lksfjj54.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1593028&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\documents and settings\patrick.perron\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF -: plugin - c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 16:44:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\regsvr32.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-11-06 16:51:40 - machine was rebooted [patrick.perron]
ComboFix-quarantined-files.txt 2008-11-06 21:50:58

Pre-Run: 42,933,399,552 bytes free
Post-Run: 42,974,289,920 bytes free

330 --- E O F --- 2008-11-06 08:03:30

Réponse 3 / 4

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\windows\system32\nunaontmdw.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{836B5314-7152-53BB-DAEF-DCB3B98EC1C1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"haanupginlmdjfk"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

---------------

analyse ces fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/

c:\windows\system32\lbiqmkrlgirtyqaf.dll-uninst.exe
c:\windows\system32\QI19
c:\windows\system32\mem
c:\windows\system32\kfg3
c:\windows\system32\EMS
c:\temp\NT32
C:\Temp

Zial

ComboFix 08-11-05.02 - patrick.perron 2008-11-07 8:26:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1542 [GMT -5:00]
Running from: c:\documents and settings\patrick.perron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\patrick.perron\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\nunaontmdw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nunaontmdw.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-06 15:41 . 2008-11-06 15:54 <DIR> d-------- c:\program files\Navilog1
2008-11-06 15:37 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-06 15:37 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-06 15:37 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-06 15:37 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-06 15:37 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-06 15:37 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-06 15:37 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-06 15:37 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-06 15:37 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-06 15:37 . 2008-11-06 15:37 2,148 --a------ c:\windows\system32\tmp.reg
2008-11-06 09:56 . 2008-11-06 09:56 <DIR> d-------- c:\program files\Alwil Software
2008-11-06 09:29 . 2008-11-06 09:29 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 09:29 . 2008-11-06 09:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-06 09:29 . 2008-11-06 09:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 09:21 . 2008-11-06 09:21 90,915 --a------ c:\windows\system32\lbiqmkrlgirtyqaf.dll-uninst.exe
2008-11-06 09:19 . 2008-11-06 09:48 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 09:19 . 2008-11-06 09:20 <DIR> d-------- c:\windows\system32\mem
2008-11-06 09:19 . 2008-11-06 09:48 <DIR> d-------- c:\windows\system32\kfg3
2008-11-06 09:19 . 2008-11-06 09:48 <DIR> d-------- c:\windows\system32\EMS
2008-11-06 09:19 . 2008-11-06 09:19 <DIR> d-------- c:\temp\NT32
2008-11-06 09:19 . 2008-11-06 16:34 <DIR> d-------- C:\Temp
2008-11-05 16:45 . 2008-11-05 16:45 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Windows Search
2008-11-05 14:03 . 2008-11-05 14:03 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-05 11:31 . 2008-11-05 11:31 162 --a------ c:\windows\ODBC.INI
2008-10-30 02:03 . 2008-10-30 02:03 <DIR> d-------- c:\windows\SQLTools9_KB948109_ENU
2008-10-30 02:00 . 2008-10-30 02:00 <DIR> d-------- c:\windows\SQL9_KB948109_ENU
2008-10-29 10:16 . 2008-10-29 10:16 <DIR> d-------- c:\documents and settings\TEMPPATPER\ASPNET
2008-10-29 10:16 . 2008-10-29 10:16 <DIR> d-------- c:\documents and settings\TEMPPATPER
2008-10-29 08:30 . 2008-10-29 08:31 <DIR> d-------- C:\Beta
2008-10-29 08:28 . 2008-10-29 08:28 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2008-10-29 08:16 . 2008-10-29 08:16 <DIR> d-------- c:\program files\MSXML 6.0
2008-10-29 08:13 . 2008-10-30 02:03 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\program files\Logitech
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\program files\Common Files\Logitech
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\documents and settings\PATRIC~1~PER\LOCALS~1
2008-10-28 07:40 . 2008-10-28 07:40 <DIR> d-------- c:\documents and settings\PATRIC~1~PER
2008-10-28 07:40 . 2003-12-11 08:50 152,064 --a------ c:\windows\system32\lmoufrc.dll
2008-10-28 07:40 . 2003-12-18 08:50 104,960 --a------ c:\windows\system32\COMNCTR.DLL
2008-10-28 07:40 . 2003-12-18 08:50 97,792 --a------ c:\windows\system32\LGUICOM.DLL
2008-10-28 07:40 . 2003-12-11 08:50 70,894 --a------ c:\windows\system32\drivers\LMouFlt2.Sys
2008-10-28 07:40 . 2003-12-11 08:50 51,582 --a------ c:\windows\system32\drivers\L8042pr2.Sys
2008-10-28 07:40 . 2003-12-11 08:50 37,916 --a------ c:\windows\system32\drivers\LHidUsb.sys
2008-10-28 07:40 . 2003-12-11 08:50 25,630 --a------ c:\windows\system32\drivers\LHidFlt2.Sys
2008-10-28 07:40 . 2003-12-11 08:50 23,372 --a------ c:\windows\system32\LCoInst.Dll
2008-10-28 07:40 . 2003-12-11 08:50 20,992 --------- c:\windows\LOGI_MWX.EXE
2008-10-28 07:40 . 2003-12-18 08:50 16,896 --a------ c:\windows\system32\LMOUSE32.DLL
2008-10-28 07:40 . 2003-12-11 08:50 14,092 --------- c:\windows\system32\drivers\LCCFLTR.SYS
2008-10-28 07:40 . 2003-12-18 08:50 3,568 --a------ c:\windows\system32\LMOUSE16.DLL
2008-10-24 12:06 . 2008-10-24 12:06 <DIR> d-------- c:\windows\Sun
2008-10-24 02:22 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 19:18 . 2008-10-23 19:18 2,302,017 --a------ c:\windows\system32\GPhotos.scr
2008-10-17 12:49 . 2008-10-17 12:50 <DIR> d-------- c:\program files\IE7
2008-10-16 08:27 . 2008-10-16 08:27 <DIR> d-------- c:\program files\Winamp Remote
2008-10-16 08:27 . 2008-10-16 08:27 <DIR> d-------- c:\program files\Winamp
2008-10-16 08:27 . 2008-10-17 08:20 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Winamp
2008-10-16 08:27 . 2008-10-16 08:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-10-16 08:27 . 2007-03-07 18:51 129,784 --a------ c:\windows\system32\pxafs.dll
2008-10-16 07:39 . 2008-10-16 07:44 1,038 --a------ c:\windows\eReg.dat
2008-10-16 07:32 . 1998-06-17 16:07 57,344 --a------ c:\windows\system32\Mfc42loc.dll
2008-10-16 07:28 . 2008-10-16 07:29 <DIR> d-------- c:\program files\EA GAMES
2008-10-16 07:22 . 2008-10-16 07:22 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-10-16 07:18 . 2008-10-16 07:18 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\DAEMON Tools
2008-10-16 07:18 . 2008-10-16 07:18 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-15 23:36 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 23:36 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 23:36 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 23:36 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 23:36 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 23:36 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-10 13:47 . 2008-10-10 13:47 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Xerox
2008-10-10 13:41 . 2008-11-06 16:20 328 --a------ c:\windows\hpbafd.ini
2008-10-10 08:10 . 2008-10-10 08:10 <DIR> d---s---- c:\documents and settings\patrick.perron\UserData
2008-10-10 07:30 . 2008-10-10 08:10 <DIR> d-------- c:\documents and settings\patrick.perron\Contacts
2008-10-10 07:29 . 2008-10-10 07:29 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-10 07:29 . 2008-10-10 07:29 <DIR> d-------- c:\program files\MSN Messenger
2008-10-09 12:35 . 2008-10-21 14:25 <DIR> d-------- C:\# Client #
2008-10-08 11:40 . 2008-04-07 18:16 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-10-08 11:40 . 2008-04-07 18:16 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-10-08 11:39 . 2008-10-08 11:39 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-10-08 11:39 . 2008-10-08 11:39 <DIR> d-------- c:\program files\Google
2008-10-08 10:46 . 2008-10-08 10:46 <DIR> d-------- c:\program files\uTorrent
2008-10-08 10:46 . 2008-11-06 09:22 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\uTorrent
2008-10-07 15:45 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-07 15:45 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-07 15:20 . 2008-10-07 15:20 <DIR> d-------- c:\program files\MSBuild
2008-10-07 15:20 . 2008-10-07 15:20 <DIR> d-------- c:\program files\Microsoft Works
2008-10-07 15:19 . 2008-10-29 08:16 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-07 15:16 . 2008-10-07 15:20 <DIR> d-------- c:\windows\SHELLNEW
2008-10-07 15:16 . 2008-10-07 15:16 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-10-07 15:15 . 2008-10-07 15:15 <DIR> dr-h----- C:\MSOCache
2008-10-07 15:15 . 2008-11-06 03:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-07 15:13 . 2008-10-07 15:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-07 15:07 . 2008-10-07 15:07 <DIR> d-------- c:\program files\Common Files\Control Panels
2008-10-07 15:04 . 2008-10-07 15:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-10-07 14:50 . 2008-10-07 14:50 <DIR> d-------- c:\program files\QuickTime
2008-10-07 14:41 . 2007-02-20 15:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-10-07 14:41 . 2007-02-20 15:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-10-07 14:34 . 2008-10-07 14:34 <DIR> d-------- c:\program files\Bonjour
2008-10-07 14:30 . 2008-10-07 14:30 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-07 12:59 . 2008-10-07 12:59 <DIR> d-------- c:\windows\system32\Adobe
2008-10-07 12:59 . 2004-08-16 19:40 16,384 --a------ c:\windows\system32\FileOps.exe
2008-10-07 12:56 . 2008-10-07 12:56 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-10-07 12:56 . 2008-10-07 15:07 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-07 12:40 . 2008-10-07 12:40 <DIR> d-------- c:\documents and settings\patrick.perron\Application Data\Windows Desktop Search
2008-10-07 12:40 . 2008-11-05 16:29 <DIR> d-------- c:\documents and settings\patrick.perron
2008-10-07 12:39 . 2008-10-07 12:39 <DIR> d-------- c:\windows\SchCache
2008-10-07 12:31 . 2008-10-07 12:31 <DIR> d-------- c:\program files\Opera
2008-10-07 12:28 . 2008-10-07 12:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search
2008-10-07 12:27 . 2008-10-07 12:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-07 12:22 . 2008-10-07 12:22 <DIR> d-------- C:\NVIDIA
2008-10-07 12:22 . 2008-04-30 16:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-07 12:17 . 2008-10-07 12:17 0 --a------ c:\windows\nsreg.dat
2008-10-07 12:12 . 2008-10-07 12:12 <DIR> d-------- c:\program files\Program Shortcuts
2008-10-07 12:03 . 2008-10-23 12:08 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-07 12:03 . 2008-10-07 12:03 8,192 --a------ c:\windows\REGLOCS.OLD
2008-10-07 12:02 . 2008-10-07 12:02 333 --a------ c:\windows\system32\$ncsp$.inf
2008-10-07 12:02 . 2008-10-07 12:02 61 --a------ c:\windows\smscfg.ini
2008-10-07 12:01 . 2008-10-07 12:01 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-07 12:01 . 2008-10-07 12:01 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-07 12:01 . 2008-10-07 12:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2008-10-07 12:01 . 2008-03-07 12:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2008-10-07 12:01 . 2008-03-07 12:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2008-10-07 12:01 . 2008-03-07 12:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2008-10-07 12:01 . 2004-05-25 06:04 278 --a------ c:\windows\logonper2.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 12:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-07 17:00 1,602 --sha-r c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dc7100 CMT(PP287UA)_YB_0CBD_QCAC527_EU_46_I0968h_SHP_V_B786C1 v01.05_T040616_WXP2_L409_M2048_J80_7Intel_8Pentium 4_93.19_#081007_N14E41677_(PP287UA)_X_CD6_Z_2_G10DE0326.MRK
2008-10-07 17:00 --------- d-----w c:\program files\Compaq
2008-10-07 16:59 --------- d-----w c:\program files\HPQ
2008-10-07 16:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-07 16:57 --------- d-----w c:\program files\InterVideo
2008-10-07 16:57 --------- d-----w c:\program files\Broadcom
2008-10-07 16:57 --------- d-----w c:\program files\Altiris
2008-10-07 16:56 --------- d-----w c:\program files\Java
2008-10-07 16:56 --------- d-----w c:\program files\Common Files\Java
2008-10-07 16:56 --------- d-----w c:\program files\Analog Devices
2008-10-07 16:48 --------- d-----w c:\program files\microsoft frontpage
2008-10-07 16:04 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-06 03:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 03:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-08-28 07:46 74,752 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 07:46 74,752 ------w c:\windows\system32\dllcache\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w c:\windows\system32\win32spl.dll
2008-08-28 07:46 104,960 ------w c:\windows\system32\dllcache\win32spl.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-20 05:30 666,112 ------w c:\windows\system32\dllcache\wininet.dll
2008-08-20 05:30 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
2008-08-20 05:30 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-20 05:30 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-07 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"LayoutM"="KLayMgr.exe" [2004-08-16 c:\windows\KLayMgr.exe]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vuegrf.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
Contents of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-07 12:45]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 08:27:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-07 8:28:41
ComboFix-quarantined-files.txt 2008-11-07 13:28:36
ComboFix2.txt 2008-11-06 21:51:41

Pre-Run: 42,945,773,568 bytes free
Post-Run: 42,937,958,400 bytes free

238 --- E O F --- 2008-11-06 08:03:30

Zial

Logfile of HijackThis v1.99.1
Scan saved at 08:29, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\patrick.perron\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\patrick.perron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telenetinfo.com
O17 - HKLM\Software\..\Telephony: DomainName = telenetinfo.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telenetinfo.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = telenetinfo.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: vuegrf.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Zial

Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;2008.10.27.3;2008.10.28;-
AntiVir;7.9.0.9;2008.10.28;ADSPY/AdSpy.Gen
Authentium;5.1.0.4;2008.10.27;-
Avast;4.8.1248.0;2008.10.28;-
AVG;8.0.0.161;2008.10.28;-
BitDefender;7.2;2008.10.28;-
CAT-QuickHeal;9.50;2008.10.28;-
ClamAV;0.93.1;2008.10.28;-
DrWeb;4.44.0.09170;2008.10.28;-
eSafe;7.0.17.0;2008.10.27;-
eTrust-Vet;31.6.6177;2008.10.28;-
Ewido;4.0;2008.10.28;-
F-Prot;4.4.4.56;2008.10.27;-
F-Secure;8.0.14332.0;2008.10.28;-
Fortinet;3.117.0.0;2008.10.28;-
GData;19;2008.10.28;-
Ikarus;T3.1.1.44.0;2008.10.28;AdWare.AdSpy
K7AntiVirus;7.10.510;2008.10.28;-
Kaspersky;7.0.0.125;2008.10.28;-
McAfee;5416;2008.10.28;-
Microsoft;1.4005;2008.10.28;-
NOD32;3562;2008.10.28;-
Norman;5.80.02;2008.10.27;-
Panda;9.0.0.4;2008.10.28;-
PCTools;4.4.2.0;2008.10.28;-
Prevx1;V2;2008.10.28;Cloaked Malware
Rising;21.01.12.00;2008.10.28;-
SecureWeb-Gateway;6.7.6;2008.10.28;Ad-Spyware.AdSpy.Gen
Sophos;4.35.0;2008.10.28;-
Sunbelt;3.1.1760.1;2008.10.27;-
Symantec;10;2008.10.28;-
TheHacker;6.3.1.1.132;2008.10.28;-
TrendMicro;8.700.0.1004;2008.10.28;-
VBA32;3.12.8.8;2008.10.27;-
ViRobot;2008.10.28.1441;2008.10.28;-
VirusBuster;4.5.11.0;2008.10.27;-

Information additionnelle
File size: 90915 bytes
MD5...: 71c450f9707d7d7dbc2063ceb80d2c41
SHA1..: 7f34e468716d49619328d0c93393571b37185cb9
SHA256: 812d2dc300cebbe515e6b0f151c518bed81890f939dd5c690532a467ceb25580
SHA512: 1c1f44848ca3fbdfb02e0d42a17a992301212e9cb8e96447b6f8a6ba905fed2e 57316f7d077a97ce29b803d4a7f3e95f06f638b4240d37c38b64e49a89ea6653
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x403225 timedatestamp.....: 0x481c71ea (Sat May 03 14:08:42 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56 .rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75 .data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206 .ndata 0x24000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x2e000 0x6fb0 0x7000 5.73 da0df9eeab5e54f3dc332a952344820b ( 8 imports ) > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA > USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow > GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject > SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation > ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA > COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create > ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA ( 0 exports ) 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1355039723C62AA463560146E6D56D00009974AF

Zial

Fichier zBV.log reçu le 2008.10.17 06:02:38 (CET)
Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;-;-;-
AntiVir;-;-;-
Authentium;-;-;-
Avast;-;-;-
AVG;-;-;-
BitDefender;-;-;-
CAT-QuickHeal;-;-;-
ClamAV;-;-;-
DrWeb;-;-;-
eSafe;-;-;-
eTrust-Vet;-;-;-
Ewido;-;-;-
F-Prot;-;-;-
F-Secure;-;-;-
Fortinet;-;-;-
GData;-;-;-
Ikarus;-;-;-
K7AntiVirus;-;-;-
Kaspersky;-;-;-
McAfee;-;-;-
Microsoft;-;-;-
NOD32;-;-;-
Norman;-;-;-
Panda;-;-;-
PCTools;-;-;-
Prevx1;-;-;Malicious Software
Rising;-;-;-
SecureWeb-Gateway;-;-;-
Sophos;-;-;-
Sunbelt;-;-;-
Symantec;-;-;-
TheHacker;-;-;-
TrendMicro;-;-;-
VBA32;-;-;-
ViRobot;-;-;-
VirusBuster;-;-;-

Information additionnelle
MD5: d1d9dddc86c6b78f0c430f1cd963e2bb
SHA1: 41d2acfd8bef88a2e26c693a6eccc557e739ce52
SHA256: 2ca62b4919d91b44b5f851ac29a917822b056d75976082f6e36b1296ae69c890
SHA512: d3eb4a816442f1aa3fdae37812a0d5a257f293602177cf311f2e13f662b48ba1692175ba8bd719f7f2346c83fce1cdeb795210f0a77b679071a6d6c3f48c6a3a

Zial

Pour ce qui est de ces fichiers, VirusTotal ne peux sacanner que des fichiers et le reste c'est des dossier donc je ne peux pas les scanners.

J'attends le reste de la procédure ... Merci encore!

c:\windows\system32\lbiqmkrlgirtyqaf.dll-uninst.exe
c:\windows\system32\QI19
c:\windows\system32\mem
c:\windows\system32\kfg3
c:\windows\system32\EMS
c:\temp\NT32
C:\Temp

Réponse 4 / 4

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\windows\system32\lbiqmkrlgirtyqaf.dll-uninst.exe
c:\windows\system32\QI19
c:\windows\system32\mem
c:\windows\system32\kfg3
c:\windows\system32\EMS
c:\temp\NT32
C:\Temp

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

---------------

Discussions similaires

Caler une adresse au niveau de la fenêtre d'une enveloppe

Conhost.exe

iCloud affichage fenêtres intempestives. Réglages impossible.

Problème avec des fenêtre (popup)

4 réponses

Votre réponse

Discussions similaires

Newsletters