Probleme cheval de troie

or14 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, j ai un probleme avec mon ordinateur !
voila mon anti virus avast ne cesse de me dire que j ai un cheval de troie et un logiciel malveillant ds mon ordianteur , j execute dc se qu il me dit de faire à savoir mettre en quarantaine mais le probleme c est que le message revient sans arret ! de plus mon ordinateur ne cesse de s eteindre ttes les dix mins sans doute a cause de ce virus !
pourriez vous m aider a resoudre ce probleme parce que je ne sais pas du tt comment m y prendre et j avoue que je n ai pas compris tt ce qui a été dit sur les autres questions en rapport avec mon probleme ! (la configuration de mon ordinateur est vista)

merci d avance aux ames sensibles a mon probleme !!!
A voir également:

10 réponses

Réponse 1 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,



scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 10
or14
 
bonjour merci jlpjlp de m avoir repondu et de bien vouloir m aider
j ai fais ce que tu m as dis mais en plusieurs fois car mon ordinateur ne cesse de s arreter ! voici donc les premiers rapports :

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Aurore at 2009-11-03 13:50:17
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 87 GB (61%) free of 143 GB
Total RAM: 1978 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:57, on 03/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Aurore\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Aurore\Downloads\RSIT.exe
C:\Program Files\trend micro\Aurore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Java Quick Start] C:\Users\Aurore\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Aurore\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
0
Réponse 3 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
le rapport de malwarebyte antimalware?


comme antivirus tu utilise norton ou avast? il n'en faut qu'un
0
or14
 
oui c est le rapport de malwarebyte antimalware et mon antivirus est avast
0
Réponse 4 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
non tu as mis un rapport RSIT et non malwarebyte's antimalware
0
or14
 
ah d accord alors voila celu de malwarebyte's antimalware ( le premier et le deuxieme)


le premier

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3091
Windows 6.0.6001 Service Pack 1

03/11/2009 13:40:14
mbam-log-2009-11-03 (13-40-14).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 20857
Temps écoulé: 13 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java quick start (Trojan.Dropper) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\safetycenter (Rogue.SafetyCenter) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Aurore\jusched.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\SafetyCenter\start.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.



et le deuxieme :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3091
Windows 6.0.6001 Service Pack 1

03/11/2009 16:46:57
mbam-log-2009-11-03 (16-46-57).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 269550
Temps écoulé: 2 hour(s), 34 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\safetycenter (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SafetyCenter (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\SafetyCenter (Trojan.SafetyCenter) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\SafetyCenter\new.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
C:\Program Files\SafetyCenter\protector.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
C:\Program Files\SafetyCenter\uninstall.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
C:\Users\Aurore\bYvQpv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aurore\hdBWvB.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aurore\jGShOg.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Aurore\liEazF.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aurore\NKhDbh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aurore\spLhGM.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aurore\wtQmKQ.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aurore\yvSoMS.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Aurore\Downloads\setup.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Users\Aurore\Downloads\temp.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
C:\Program Files\SafetyCenter\main.ico (Trojan.SafetyCenter) -> Quarantined and deleted successfully.
C:\Program Files\SafetyCenter\sound.wav (Trojan.SafetyCenter) -> Quarantined and deleted successfully.
C:\Program Files\SafetyCenter\tst.exe (Trojan.SafetyCenter) -> Quarantined and deleted successfully.


je ne me suis pas trompé la ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


_______________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Eset (Nod32) en ligne
https://www.eset.com/
0
or14
 
comment je desactive mon antivirus et mon parefeu et l autre truc ?
0
Réponse 6 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour virer norton avant

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924


puis pour désactiver avast tu cliques sur la boule d'avast près de ton horloge et tu choisi de désactiver la protection residente d'avast
0
or14
 
j ai lancé combofix mais mon ecran est tt noir est ce que c est normal ? je n y ai pas touché puisque tu m as dis que sa risqué de le figer .
0
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040 > or14
 
oui attends un peu si dans 30 minutes c'est idem redemarre ton pc
0
or14 > jlpjlp Messages postés 52399 Statut Contributeur sécurité
 
voila le rapport de combofix et celui du scan

ComboFix 09-11-02.05 - Aurore 03/11/2009 19:07.1.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.1978.1083 [GMT 1:00]
Lancé depuis: c:\users\Aurore\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1745339984-1419640019-1889039037-500
c:\$recycle.bin\S-1-5-21-221951458-739035738-3163335762-500
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Vista Scheduler.dll
c:\users\Aurore\qoukeit.exe
c:\users\Aurore\sobim.exe
c:\users\Aurore\vwdiq.exe
c:\users\Aurore\wxfiq.exe
c:\users\Aurore\yaeot.exe
c:\users\Aurore\yueos.exe
c:\users\Aurore\yueot.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-03 au 2009-11-03 ))))))))))))))))))))))))))))))))))))
.

2009-11-03 18:31 . 2009-11-03 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-03 12:50 . 2009-11-03 15:54 -------- d-----w- c:\program files\trend micro
2009-11-03 12:50 . 2009-11-03 12:51 -------- dc----w- C:\rsit
2009-11-03 12:28 . 2009-11-03 12:28 276 ----a-w- c:\users\Aurore\iazcGE.bat
2009-11-03 11:48 . 2009-11-03 11:48 -------- d-----w- c:\users\Aurore\AppData\Roaming\Malwarebytes
2009-11-03 11:47 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 11:47 . 2009-11-03 11:47 -------- d-----w- c:\programdata\Malwarebytes
2009-11-03 11:47 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 11:47 . 2009-11-03 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 11:26 . 2009-11-03 11:26 276 ----a-w- c:\users\Aurore\phGjOM.bat
2009-11-02 19:36 . 2009-11-02 19:38 -------- d-----w- c:\program files\a-squared Free
2009-11-02 19:17 . 2009-11-02 19:17 276 ----a-w- c:\users\Aurore\mdDgLJ.bat
2009-11-02 18:46 . 2009-11-02 18:46 276 ----a-w- c:\users\Aurore\SvaYGv.bat
2009-11-02 10:30 . 2009-11-02 10:30 276 ----a-w- c:\users\Aurore\AsRuZX.bat
2009-11-01 22:17 . 2009-11-01 22:17 276 ----a-w- c:\users\Aurore\OGfInl.bat
2009-11-01 14:03 . 2009-11-01 14:03 356 ----a-w- c:\users\Aurore\YQpSwu.bat
2009-10-31 21:09 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-31 21:09 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-31 21:09 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-31 21:09 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-31 21:09 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-31 21:08 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-31 21:08 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-31 21:08 . 2009-10-31 21:08 -------- d-----w- c:\program files\Alwil Software
2009-10-30 09:57 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 09:57 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 09:57 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 09:57 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 09:57 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 09:57 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 09:57 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 09:56 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 09:56 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 13:21 . 2009-11-03 13:41 -------- d-----w- c:\users\Aurore\ClubDeJeux
2009-10-28 09:34 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 09:34 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-15 11:47 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-15 11:01 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 10:47 . 2009-08-05 17:15 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 10:47 . 2009-08-05 17:15 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 10:30 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 10:30 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 10:57 . 2009-02-27 04:28 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-01 10:57 . 2009-02-27 04:28 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 17:51 . 2009-02-26 21:26 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 10:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 08:33 . 2009-08-16 15:45 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-11 18:53 . 2009-09-11 18:53 -------- d-----w- c:\programdata\Symantec
2009-09-10 17:30 . 2009-10-15 10:51 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 09:01 . 2009-09-07 09:01 -------- d-----r- c:\program files\Norton Support
2009-08-28 12:39 . 2009-09-02 21:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 21:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-15 10:51 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-15 10:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-15 10:51 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 10:42 . 2009-08-16 10:42 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-08-16 09:23 . 2009-08-15 16:46 75656 ----a-w- c:\users\Aurore\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-15 16:40 . 2009-08-15 16:40 75264 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 17:07 . 2009-09-10 09:33 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 09:33 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 09:33 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 09:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 09:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 09:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 09:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 09:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 09:33 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16 . 2009-09-10 09:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-02-27 04:43 . 2009-02-27 04:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{364d4e0c-543f-4b85-abe3-19551139da4f}"= "c:\program files\Softonic_France\tbSof1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{364d4e0c-543f-4b85-abe3-19551139da4f}]
2009-08-16 21:37 2215960 ----a-w- c:\program files\Softonic_France\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{364d4e0c-543f-4b85-abe3-19551139da4f}"= "c:\program files\Softonic_France\tbSof1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{364D4E0C-543F-4B85-ABE3-19551139DA4F}"= "c:\program files\Softonic_France\tbSof1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-26 136600]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"Device Detector"="c:\program files\Common Files\ACD Systems\FR\DevDetect.exe" [2005-06-27 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Aurore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\Aurore\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-8-15 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31/10/2009 22:09 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe [09/06/2009 02:39 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31/10/2009 22:09 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31/10/2009 22:08 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [26/02/2009 22:44 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/02/2009 21:46 222512]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [22/09/2008 06:49 112128]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{1DE755C7-9F35-46C2-BBC1-CDB0564CB1A6}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Java Quick Start - c:\users\Aurore\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 19:33
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x86B32F61]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
Heure de fin: 2009-11-03 19:41
ComboFix-quarantined-files.txt 2009-11-03 18:41

Avant-CF: 90 849 329 152 octets libres
Après-CF: 90 983 849 984 octets libres




et celui du scan


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-11-04 10:53:50
PROTECTIONS: 1
MALWARE: 45
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@mediaplex[1].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@sexlist[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@clickbank[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@ccbill[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@revenue[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@xiti[1].txt
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter3.sextracker[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@toplist[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@statcounter[2].txt
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter9.sextracker[1].txt
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter7.sextracker[1].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter15.sextracker[2].txt
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter6.sextracker[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@ad.yieldmanager[1].txt
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter4.sextracker[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@server.iad.liveperson[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@fl01.ct2.comclick[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@advertising[1].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@sextracker[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@bluestreak[1].txt
00180153 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter2.sextracker[2].txt
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter16.sextracker[2].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@xxxcounter[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@adrevolver[2].txt
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter14.sextracker[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@adviva[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@adviva[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@smartadserver[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


(je ne sais pas si l analyse du scan est complete)
0
Réponse 7 / 10
Utilisateur anonyme
 
fait une copie de tes docs. et réinstalle windows (ou au mieux avec une image de ta partition)
tu gagnera beaucoup de temps et tu partira sur des bonnes bases.
1. utilise q'un seul antivirus (avast est tres bien)
2. si ton pc est infecté ou a été infecté sérieusement, Il n'y a pas de remedes miracles,
certaines données(ou fichiers) ont changéés (systeme 32, dll. registre, dao,das,dat etc. etc.. )
0
Réponse 8 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

passe un coup de ccleaner pour virer les traces de net, cookies ...

https://www.malekal.com/tutoriel-ccleaner/
______________________

comment va ton pc?
0
or14
 
j ai passé un coup de ccleaner comme tu me l as conseillé

je ne sais pas encore comment va on pc mas j'espere comme un charme !

dc c st bon je suis normalement debarassé de ce virus ?
0
Réponse 9 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui c'est bon

lance tools cleaner pour virer ce qui a été utilisé
0
or14
 
ok

merci d avoir pris le tps de lire mon message et de m aider à resoudre mon probleme

j aprécie énormément

amicalement
0
Réponse 10 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
de rien

garde avast + ccleaner + spybot + malwarebyte


bonne suite
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses