Probleme cheval de troie

or14 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, j ai un probleme avec mon ordinateur !
voila mon anti virus avast ne cesse de me dire que j ai un cheval de troie et un logiciel malveillant ds mon ordianteur , j execute dc se qu il me dit de faire à savoir mettre en quarantaine mais le probleme c est que le message revient sans arret ! de plus mon ordinateur ne cesse de s eteindre ttes les dix mins sans doute a cause de ce virus !
pourriez vous m aider a resoudre ce probleme parce que je ne sais pas du tt comment m y prendre et j avoue que je n ai pas compris tt ce qui a été dit sur les autres questions en rapport avec mon probleme ! (la configuration de mon ordinateur est vista)

merci d avance aux ames sensibles a mon probleme !!!
Configuration: Windows XP
Firefox 3.0.15

10 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    ______________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. or14
     
    bonjour merci jlpjlp de m avoir repondu et de bien vouloir m aider
    j ai fais ce que tu m as dis mais en plusieurs fois car mon ordinateur ne cesse de s arreter ! voici donc les premiers rapports :

    log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Aurore at 2009-11-03 13:50:17
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
    System drive C: has 87 GB (61%) free of 143 GB
    Total RAM: 1978 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:50:57, on 03/11/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18319)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Aurore\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Aurore\Downloads\RSIT.exe
    C:\Program Files\trend micro\Aurore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof1.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof1.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSof1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Java Quick Start] C:\Users\Aurore\jusched.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Aurore\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport de malwarebyte antimalware?

    comme antivirus tu utilise norton ou avast? il n'en faut qu'un
    0
    1. or14
       
      oui c est le rapport de malwarebyte antimalware et mon antivirus est avast
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    non tu as mis un rapport RSIT et non malwarebyte's antimalware
    0
    1. or14
       
      ah d accord alors voila celu de malwarebyte's antimalware ( le premier et le deuxieme)


      le premier

      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 3091
      Windows 6.0.6001 Service Pack 1

      03/11/2009 13:40:14
      mbam-log-2009-11-03 (13-40-14).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 20857
      Temps écoulé: 13 minute(s), 46 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 2
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java quick start (Trojan.Dropper) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\safetycenter (Rogue.SafetyCenter) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Users\Aurore\jusched.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Program Files\SafetyCenter\start.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.



      et le deuxieme :

      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 3091
      Windows 6.0.6001 Service Pack 1

      03/11/2009 16:46:57
      mbam-log-2009-11-03 (16-46-57).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 269550
      Temps écoulé: 2 hour(s), 34 minute(s), 21 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 11
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 16

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{459b6bf8-5320-4c41-8833-85baedf31086} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\safetycenter (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\SafetyCenter (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\SafetyCenter (Trojan.SafetyCenter) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Program Files\SafetyCenter\new.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
      C:\Program Files\SafetyCenter\protector.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
      C:\Program Files\SafetyCenter\uninstall.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
      C:\Users\Aurore\bYvQpv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\Aurore\hdBWvB.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\Aurore\jGShOg.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
      C:\Users\Aurore\liEazF.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\Aurore\NKhDbh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\Aurore\spLhGM.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\Aurore\wtQmKQ.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\Aurore\yvSoMS.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\Aurore\Downloads\setup.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
      C:\Users\Aurore\Downloads\temp.exe (Rogue.SafetyCenter) -> Quarantined and deleted successfully.
      C:\Program Files\SafetyCenter\main.ico (Trojan.SafetyCenter) -> Quarantined and deleted successfully.
      C:\Program Files\SafetyCenter\sound.wav (Trojan.SafetyCenter) -> Quarantined and deleted successfully.
      C:\Program Files\SafetyCenter\tst.exe (Trojan.SafetyCenter) -> Quarantined and deleted successfully.


      je ne me suis pas trompé la ?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    _______________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

    Eset (Nod32) en ligne
    https://www.eset.com/
    0
    1. or14
       
      comment je desactive mon antivirus et mon parefeu et l autre truc ?
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour virer norton avant

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    puis pour désactiver avast tu cliques sur la boule d'avast près de ton horloge et tu choisi de désactiver la protection residente d'avast
    0
    1. or14
       
      j ai lancé combofix mais mon ecran est tt noir est ce que c est normal ? je n y ai pas touché puisque tu m as dis que sa risqué de le figer .
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > or14
         
        oui attends un peu si dans 30 minutes c'est idem redemarre ton pc
        0
      2. or14 > jlpjlp Messages postés 52399 Statut Contributeur sécurité
         
        voila le rapport de combofix et celui du scan

        ComboFix 09-11-02.05 - Aurore 03/11/2009 19:07.1.1 - NTFSx86
        Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.1978.1083 [GMT 1:00]
        Lancé depuis: c:\users\Aurore\Downloads\ComboFix.exe
        SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\$recycle.bin\S-1-5-21-1745339984-1419640019-1889039037-500
        c:\$recycle.bin\S-1-5-21-221951458-739035738-3163335762-500
        c:\program files\QUAD Utilities
        c:\program files\QUAD Utilities\QUAD RegistryCleaner\Vista Scheduler.dll
        c:\users\Aurore\qoukeit.exe
        c:\users\Aurore\sobim.exe
        c:\users\Aurore\vwdiq.exe
        c:\users\Aurore\wxfiq.exe
        c:\users\Aurore\yaeot.exe
        c:\users\Aurore\yueos.exe
        c:\users\Aurore\yueot.exe

        .
        ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-03 au 2009-11-03 ))))))))))))))))))))))))))))))))))))
        .

        2009-11-03 18:31 . 2009-11-03 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
        2009-11-03 12:50 . 2009-11-03 15:54 -------- d-----w- c:\program files\trend micro
        2009-11-03 12:50 . 2009-11-03 12:51 -------- dc----w- C:\rsit
        2009-11-03 12:28 . 2009-11-03 12:28 276 ----a-w- c:\users\Aurore\iazcGE.bat
        2009-11-03 11:48 . 2009-11-03 11:48 -------- d-----w- c:\users\Aurore\AppData\Roaming\Malwarebytes
        2009-11-03 11:47 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
        2009-11-03 11:47 . 2009-11-03 11:47 -------- d-----w- c:\programdata\Malwarebytes
        2009-11-03 11:47 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
        2009-11-03 11:47 . 2009-11-03 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
        2009-11-03 11:26 . 2009-11-03 11:26 276 ----a-w- c:\users\Aurore\phGjOM.bat
        2009-11-02 19:36 . 2009-11-02 19:38 -------- d-----w- c:\program files\a-squared Free
        2009-11-02 19:17 . 2009-11-02 19:17 276 ----a-w- c:\users\Aurore\mdDgLJ.bat
        2009-11-02 18:46 . 2009-11-02 18:46 276 ----a-w- c:\users\Aurore\SvaYGv.bat
        2009-11-02 10:30 . 2009-11-02 10:30 276 ----a-w- c:\users\Aurore\AsRuZX.bat
        2009-11-01 22:17 . 2009-11-01 22:17 276 ----a-w- c:\users\Aurore\OGfInl.bat
        2009-11-01 14:03 . 2009-11-01 14:03 356 ----a-w- c:\users\Aurore\YQpSwu.bat
        2009-10-31 21:09 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
        2009-10-31 21:09 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
        2009-10-31 21:09 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
        2009-10-31 21:09 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
        2009-10-31 21:09 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
        2009-10-31 21:08 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
        2009-10-31 21:08 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
        2009-10-31 21:08 . 2009-10-31 21:08 -------- d-----w- c:\program files\Alwil Software
        2009-10-30 09:57 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
        2009-10-30 09:57 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
        2009-10-30 09:57 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
        2009-10-30 09:57 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
        2009-10-30 09:57 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
        2009-10-30 09:57 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
        2009-10-30 09:57 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
        2009-10-30 09:56 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
        2009-10-30 09:56 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
        2009-10-28 13:21 . 2009-11-03 13:41 -------- d-----w- c:\users\Aurore\ClubDeJeux
        2009-10-28 09:34 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
        2009-10-28 09:34 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
        2009-10-15 11:47 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
        2009-10-15 11:01 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
        2009-10-15 10:47 . 2009-08-05 17:15 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
        2009-10-15 10:47 . 2009-08-05 17:15 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
        2009-10-15 10:30 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
        2009-10-15 10:30 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-11-01 10:57 . 2009-02-27 04:28 669566 ----a-w- c:\windows\system32\perfh00C.dat
        2009-11-01 10:57 . 2009-02-27 04:28 123556 ----a-w- c:\windows\system32\perfc00C.dat
        2009-10-25 17:51 . 2009-02-26 21:26 -------- d-----w- c:\programdata\Microsoft Help
        2009-10-16 10:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
        2009-09-22 08:33 . 2009-08-16 15:45 -------- d-----w- c:\programdata\Yahoo! Companion
        2009-09-11 18:53 . 2009-09-11 18:53 -------- d-----w- c:\programdata\Symantec
        2009-09-10 17:30 . 2009-10-15 10:51 213504 ----a-w- c:\windows\system32\msv1_0.dll
        2009-09-07 09:01 . 2009-09-07 09:01 -------- d-----r- c:\program files\Norton Support
        2009-08-28 12:39 . 2009-09-02 21:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
        2009-08-28 10:15 . 2009-09-02 21:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
        2009-08-27 13:32 . 2009-10-15 10:51 833024 ----a-w- c:\windows\system32\wininet.dll
        2009-08-27 13:29 . 2009-10-15 10:51 78336 ----a-w- c:\windows\system32\ieencode.dll
        2009-08-27 10:58 . 2009-10-15 10:51 26624 ----a-w- c:\windows\system32\ieUnatt.exe
        2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
        2009-08-16 10:42 . 2009-08-16 10:42 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
        2009-08-16 09:23 . 2009-08-15 16:46 75656 ----a-w- c:\users\Aurore\AppData\Local\GDIPFONTCACHEV1.DAT
        2009-08-15 16:40 . 2009-08-15 16:40 75264 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
        2009-08-14 17:07 . 2009-09-10 09:33 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
        2009-08-14 16:29 . 2009-09-10 09:33 104960 ----a-w- c:\windows\system32\netiohlp.dll
        2009-08-14 16:29 . 2009-09-10 09:33 17920 ----a-w- c:\windows\system32\netevent.dll
        2009-08-14 14:16 . 2009-09-10 09:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
        2009-08-14 14:16 . 2009-09-10 09:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
        2009-08-14 14:16 . 2009-09-10 09:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
        2009-08-14 14:16 . 2009-09-10 09:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
        2009-08-14 14:16 . 2009-09-10 09:33 19968 ----a-w- c:\windows\system32\ARP.EXE
        2009-08-14 14:16 . 2009-09-10 09:33 10240 ----a-w- c:\windows\system32\finger.exe
        2009-08-14 14:16 . 2009-09-10 09:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
        2009-02-27 04:43 . 2009-02-27 04:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
        .

        ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
        REGEDIT4

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
        "{364d4e0c-543f-4b85-abe3-19551139da4f}"= "c:\program files\Softonic_France\tbSof1.dll" [2009-08-16 2215960]

        [HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{364d4e0c-543f-4b85-abe3-19551139da4f}]
        2009-08-16 21:37 2215960 ----a-w- c:\program files\Softonic_France\tbSof1.dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
        "{364d4e0c-543f-4b85-abe3-19551139da4f}"= "c:\program files\Softonic_France\tbSof1.dll" [2009-08-16 2215960]

        [HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
        "{364D4E0C-543F-4B85-ABE3-19551139DA4F}"= "c:\program files\Softonic_France\tbSof1.dll" [2009-08-16 2215960]

        [HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
        "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
        "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
        "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
        "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
        "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
        "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
        "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
        "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]
        "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
        "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
        "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
        "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
        "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
        "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
        "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
        "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-26 136600]
        "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
        "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
        "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
        "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
        "Device Detector"="c:\program files\Common Files\ACD Systems\FR\DevDetect.exe" [2005-06-27 221184]
        "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
        "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
        "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

        c:\users\Aurore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        Notification de cadeaux MSN.lnk - c:\users\Aurore\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-8-15 135680]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "EnableUIADesktopToggle"= 0 (0x0)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
        "mixer"=wdmaud.drv

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
        @="Driver"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
        @="Service"

        R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31/10/2009 22:09 114768]
        R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe [09/06/2009 02:39 81920]
        R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31/10/2009 22:09 20560]
        R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31/10/2009 22:08 53328]
        R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
        R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [26/02/2009 22:44 365952]
        R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/02/2009 21:46 222512]
        R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [22/09/2008 06:49 112128]

        --- Autres Services/Pilotes en mémoire ---

        *NewlyCreated* - MBR
        *NewlyCreated* - PROCEXP113
        *Deregistered* - mbr
        *Deregistered* - PROCEXP113

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
        ezSharedSvc

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
        "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
        .
        Contenu du dossier 'Tâches planifiées'

        2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{1DE755C7-9F35-46C2-BBC1-CDB0564CB1A6}.job
        - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
        .
        .
        ------- Examen supplémentaire -------
        .
        uStart Page = hxxp://www.google.fr/
        mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Presario&pf=cnnb
        uInternet Settings,ProxyOverride = *.local
        IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
        IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
        .
        - - - - ORPHELINS SUPPRIMES - - - -

        HKCU-Run-Java Quick Start - c:\users\Aurore\jusched.exe



        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2009-11-03 19:33
        Windows 6.0.6001 Service Pack 1 NTFS

        Recherche de processus cachés ...

        Recherche d'éléments en démarrage automatique cachés ...

        Recherche de fichiers cachés ...

        Scan terminé avec succès
        Fichiers cachés: 0

        **************************************************************************

        Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

        device: opened successfully
        user: MBR read successfully
        called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x86B32F61]<<
        kernel: MBR read successfully
        user & kernel MBR OK

        **************************************************************************
        .
        Heure de fin: 2009-11-03 19:41
        ComboFix-quarantined-files.txt 2009-11-03 18:41

        Avant-CF: 90 849 329 152 octets libres
        Après-CF: 90 983 849 984 octets libres




        et celui du scan


        ;***********************************************************************************************************************************************************************************
        ANALYSIS: 2009-11-04 10:53:50
        PROTECTIONS: 1
        MALWARE: 45
        SUSPECTS: 0
        ;***********************************************************************************************************************************************************************************
        PROTECTIONS
        Description Version Active Updated
        ;===================================================================================================================================================================================
        avast! antivirus Yes Yes
        ;===================================================================================================================================================================================
        MALWARE
        Id Description Type Active Severity Disinfectable Disinfected Location
        ;===================================================================================================================================================================================
        00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@casalemedia[1].txt
        00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@doubleclick[1].txt
        00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@doubleclick[1].txt
        00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@atdmt[2].txt
        00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@atdmt[1].txt
        00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@tradedoubler[2].txt
        00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@tradedoubler[1].txt
        00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@247realmedia[2].txt
        00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@247realmedia[1].txt
        00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@fastclick[1].txt
        00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@tribalfusion[1].txt
        00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@mediaplex[2].txt
        00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@mediaplex[1].txt
        00145792 Cookie/SexList TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@sexlist[2].txt
        00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@clickbank[1].txt
        00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@ccbill[2].txt
        00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@revenue[2].txt
        00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@yadro[2].txt
        00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@xiti[1].txt
        00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@xiti[1].txt
        00167706 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter3.sextracker[1].txt
        00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@toplist[2].txt
        00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@statcounter[2].txt
        00167759 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter9.sextracker[1].txt
        00167764 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter7.sextracker[1].txt
        00167770 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter15.sextracker[2].txt
        00167783 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter6.sextracker[1].txt
        00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@ad.yieldmanager[1].txt
        00168058 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter4.sextracker[2].txt
        00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@apmebf[1].txt
        00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@apmebf[1].txt
        00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@burstnet[1].txt
        00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@serving-sys[2].txt
        00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@serving-sys[1].txt
        00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@bs.serving-sys[2].txt
        00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@bs.serving-sys[2].txt
        00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@weborama[1].txt
        00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@weborama[2].txt
        00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@adtech[1].txt
        00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@adtech[1].txt
        00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@server.iad.liveperson[1].txt
        00168116 Cookie/Comclick TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@fl01.ct2.comclick[2].txt
        00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@advertising[1].txt
        00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@advertising[1].txt
        00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@sextracker[1].txt
        00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@ads.pointroll[2].txt
        00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@overture[1].txt
        00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@questionmarket[2].txt
        00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@questionmarket[1].txt
        00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@zedo[1].txt
        00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@bluestreak[1].txt
        00180153 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter2.sextracker[2].txt
        00180154 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter16.sextracker[2].txt
        00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@xxxcounter[2].txt
        00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@adrevolver[2].txt
        00206953 Cookie/Sextracker TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@counter14.sextracker[1].txt
        00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@adviva[1].txt
        00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@adviva[1].txt
        00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\aurore@smartadserver[1].txt
        00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\aurore\appdata\roaming\microsoft\windows\cookies\low\aurore@smartadserver[2].txt
        ;===================================================================================================================================================================================
        SUSPECTS
        Sent Location
        ;===================================================================================================================================================================================
        ;===================================================================================================================================================================================
        VULNERABILITIES
        Id Severity Description
        ;===================================================================================================================================================================================
        ;===================================================================================================================================================================================


        (je ne sais pas si l analyse du scan est complete)
        0
  8. Utilisateur anonyme
     
    fait une copie de tes docs. et réinstalle windows (ou au mieux avec une image de ta partition)
    tu gagnera beaucoup de temps et tu partira sur des bonnes bases.
    1. utilise q'un seul antivirus (avast est tres bien)
    2. si ton pc est infecté ou a été infecté sérieusement, Il n'y a pas de remedes miracles,
    certaines données(ou fichiers) ont changéés (systeme 32, dll. registre, dao,das,dat etc. etc.. )
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    passe un coup de ccleaner pour virer les traces de net, cookies ...

    https://www.malekal.com/tutoriel-ccleaner/
    ______________________

    comment va ton pc?
    0
    1. or14
       
      j ai passé un coup de ccleaner comme tu me l as conseillé

      je ne sais pas encore comment va on pc mas j'espere comme un charme !

      dc c st bon je suis normalement debarassé de ce virus ?
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui c'est bon

    lance tools cleaner pour virer ce qui a été utilisé
    0
    1. or14
       
      ok

      merci d avoir pris le tps de lire mon message et de m aider à resoudre mon probleme

      j aprécie énormément

      amicalement
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    de rien

    garde avast + ccleaner + spybot + malwarebyte

    bonne suite
    0