Virus internet page redirigé

Question

Bonjour, J'ai un énorme problème, depuis une semaine, lorsque j'éffectue une recherche sur internet(mozilla), j'essaye d'acceder à un site, mais celle-ci est redirigé en permanence.
AVG free Edition à détécté plusieurs menaces.
Merci D'avance.

eZula · Answer

Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

azn-21 · Answer

Genproc ne marche pas. PAr contre, J'ai Hijackthis.

azn-21 · Answer

Window ne trouve pas  'C:/GenProc/go.bat'. Vérifiez que vous avez entré le nom correct , puis réessayez.

azn-21 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:12, on 07/11/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32	askhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32undll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Julien\Desktop\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\smss.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Star - {BC613301-D9C6-4D89-8418-4A50E265913A} - C:\Windows\system32\4b78.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Star - {BC613300-D9C6-4D89-8418-4A50E265913A} - C:\Windows\system32\4b78.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\Windows\system32\kbdnet.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @comres.dll,-947 (COMSysApp) - Unknown owner - C:\Windows\system32\dllhost.exe (file missing)
O23 - Service: fastnetsrv  Service (fastnetsrv) - Netopsystems A - C:\Windows\system32\FastNetSrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision
vSCPAPISvr.exe

eZula · Answer

Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

azn-21 · Answer

Impossible de l'ouvrir, J'utilise Dr.wEb et je vous tient au courant.

azn-21 · Answer

ComboFix 09-11-06.03 - Julien 07/11/2009 18:55.1.2 - NTFSx86
Microsoft Windows 7 Édition Intégrale   6.1.7600.0.1252.33.1033.18.3071.1736 [GMT 1:00]
Lancé depuis: c:\users\Julien\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\1966,516.exe
c:\windows\system32\3447,382.exe
c:\windows\system32\4504,969.exe
c:\windows\system32\5598,566.exe
c:\windows\system32\6763,27.exe
c:\windows\system32\9468,958.exe
c:\windows\system32\9833,729.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\mscert.dll
c:\windows\TEMP\mta13187.dll
c:\windows\TEMP	mp0_237805110000.bk.old
c:\windows\TEMP\x1c108657.dll

c:\windowsegedit.exe . . . est infecté!!

c:\windows\bfsvc.exe . . . est infecté!!

c:\windows\explorer.exe . . . est infecté!!

c:\windows\fveupdate.exe . . . est infecté!!

c:\windows\HelpPane.exe . . . est infecté!!

c:\windows\hh.exe . . . est infecté!!

c:\windows
otepad.exe . . . est infecté!!

c:\windows	wunk_32.exe . . . est infecté!!

c:\windows\winhlp32.exe . . . est infecté!!

c:\windows\write.exe . . . est infecté!!

c:\windows\ehome\ehexthost.exe . . . est infecté!!

c:\windows\ehome\ehmsas.exe . . . est infecté!!

c:\windows\ehome\ehprivjob.exe . . . est infecté!!

c:\windows\ehome\ehrec.exe . . . est infecté!!

c:\windows\ehome\ehrecvr.exe . . . est infecté!!

c:\windows\ehome\ehsched.exe . . . est infecté!!

c:\windows\ehome\ehshell.exe . . . est infecté!!

c:\windows\ehome\ehvid.exe . . . est infecté!!

c:\windows\ehome\loadmxf.exe . . . est infecté!!

c:\windows\ehome\mcGlidHost.exe . . . est infecté!!

c:\windows\ehome\mcspad.exe . . . est infecté!!

c:\windows\ehome\mcupdate.exe . . . est infecté!!

c:\windows\ehome\Mcx2Prov.exe . . . est infecté!!

c:\windows\ehome\McxTask.exe . . . est infecté!!

c:\windows\ehome\MediaCenterWebLauncher.exe . . . est infecté!!

c:\windows\ehome\RegisterMCEApp.exe . . . est infecté!!

c:\windows\ehome\CreateDisc\SBEServer.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe . . . est infecté!!

Une copie infectée de c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe 

c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe . . . est infecté!!

c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe . . . est infecté!!

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-10-07 au 2009-11-07  ))))))))))))))))))))))))))))))))))))
.

2009-11-07 18:18 . 2009-11-07 18:20	--------	d-----w-	c:\users\Julien\AppData\Local	emp
2009-11-07 18:18 . 2009-11-07 18:18	--------	d-----w-	c:\users\Default\AppData\Local	emp
2009-11-07 15:29 . 2009-11-07 17:54	--------	d-----w-	C:\GenProc
2009-11-07 00:58 . 2009-11-07 00:58	104	----a-w-	C:\wuhj108.bat
2009-11-07 00:58 . 2009-11-07 00:58	122	----a-w-	c:\windows\system32\107515.BAT
2009-11-06 11:16 . 2009-11-06 11:08	15880	----a-w-	c:\windows\system32\lsdelete.exe
2009-11-06 11:07 . 2009-11-06 11:07	163728	----a-w-	c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-06 11:06 . 2009-11-06 11:06	5908024	----a-w-	c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-06 11:05 . 2009-11-06 11:05	815760	----a-w-	c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-06 11:03 . 2009-10-03 08:15	2924848	-c--a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-06 00:09 . 2009-11-06 00:09	104	----a-w-	C:\kr108.bat
2009-11-06 00:09 . 2009-11-06 00:09	120	----a-w-	c:\windows\system32\88078.BAT
2009-11-05 03:07 . 2009-11-05 03:07	104	----a-w-	C:\u7s5z108.bat
2009-11-05 03:07 . 2009-11-05 03:07	122	----a-w-	c:\windows\system32\106765.BAT
2009-11-04 13:48 . 2009-11-04 13:48	--------	d-----w-	c:\users\Julien\AppData\Roaming\AVG8
2009-11-04 10:30 . 2009-11-04 10:30	104	----a-w-	C:\s1f108.bat
2009-11-04 10:30 . 2009-11-04 10:30	122	----a-w-	c:\windows\system32\119203.BAT
2009-11-03 06:57 . 2009-11-07 01:10	350	----a-w-	c:\windows\system32\uses32.dat
2009-11-03 06:56 . 2009-11-03 06:56	104	----a-w-	C:\ka108.bat
2009-11-03 06:56 . 2009-11-03 06:56	122	----a-w-	c:\windows\system32\111609.BAT
2009-11-02 21:50 . 2009-11-02 22:02	4096	d-----w-	c:\program files\PhotoFiltre
2009-11-02 16:19 . 2009-11-02 16:22	--------	d-----w-	C:\$AVG
2009-11-02 16:19 . 2009-11-07 10:59	4096	d-----w-	c:\windows\system32\drivers\Avg
2009-11-02 16:19 . 2009-11-02 16:19	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2009-11-02 16:19 . 2009-11-02 16:19	333192	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-11-02 16:19 . 2009-11-02 16:19	28424	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-11-02 16:19 . 2009-11-04 17:47	--------	d-----w-	c:\program files\AVG
2009-11-02 16:19 . 2009-11-07 11:21	4096	d-----w-	c:\programdata\avg9
2009-11-02 16:08 . 2009-11-02 16:08	--------	d-----w-	c:\program files\CCleaner
2009-11-02 15:16 . 2009-11-02 15:16	--------	d-----w-	c:\program files\VS Revo Group
2009-11-02 09:57 . 2009-11-02 09:57	112	----a-w-	c:\windows\system32\101375.BAT
2009-11-01 17:47 . 2009-11-01 17:47	782336	----a-w-	c:\windows\system32\4b78.dll
2009-11-01 17:46 . 2009-11-01 17:46	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2009-11-01 15:54 . 2009-11-01 15:54	--------	d-----w-	c:\program files\IZArc
2009-10-31 23:04 . 2009-10-31 23:04	4096	d-----w-	c:\program files\iTunes
2009-10-31 23:04 . 2009-10-31 23:04	--------	d-----w-	c:\program files\iPod
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 23:01 . 2009-10-31 23:01	79144	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-24 21:54 . 2009-10-24 21:54	--------	d-----w-	c:\programdata\KONAMI
2009-10-24 14:12 . 2009-10-24 14:16	--------	d-----w-	c:\users\Julien\AppData\Local\Microsoft Games
2009-10-20 15:56 . 2009-11-07 17:46	2632704	----a-w-	c:\windows\explorer.exe
2009-10-20 15:56 . 2009-10-02 04:06	728648	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2009-10-20 15:56 . 2009-09-03 07:04	1320960	----a-w-	c:\windows\system32\CertEnroll.dll
2009-10-20 15:56 . 2009-08-19 07:20	442920	----a-w-	c:\windows\system32\winresume.exe
2009-10-20 15:56 . 2009-08-19 07:20	507568	----a-w-	c:\windows\system32\winload.exe
2009-10-20 15:56 . 2009-07-30 16:29	108544	----a-w-	c:\windows\system32	2embed.dll
2009-10-20 15:56 . 2009-07-30 16:27	71168	----a-w-	c:\windows\system32\fontsub.dll
2009-10-20 15:56 . 2009-07-30 04:44	293888	----a-w-	c:\windows\system32\atmfd.dll
2009-10-20 15:56 . 2009-08-29 06:54	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2009-10-15 20:26 . 2009-09-10 05:52	257024	----a-w-	c:\windows\system32\msv1_0.dll
2009-10-15 20:25 . 2009-10-15 20:25	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2009-10-15 15:34 . 2009-10-15 15:34	--------	d-----w-	c:\users\Julien\AppData\Roaming\dvdcss
2009-10-15 15:12 . 2009-08-29 06:57	34816	----a-w-	c:\windows\system32\msasn1.dll
2009-10-12 19:46 . 2008-10-27 08:04	514384	----a-w-	c:\windows\system32\XAudio2_3.dll
2009-10-12 19:46 . 2008-10-27 08:04	235856	----a-w-	c:\windows\system32\xactengine3_3.dll
2009-10-12 19:46 . 2008-10-27 08:04	23376	----a-w-	c:\windows\system32\X3DAudio1_5.dll
2009-10-12 19:46 . 2008-10-27 08:04	70992	----a-w-	c:\windows\system32\XAPOFX1_2.dll
2009-10-12 18:05 . 2009-10-12 18:05	--------	d-----w-	c:\programdata\Ubisoft
2009-10-12 18:04 . 2009-10-12 18:04	22328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-10-12 18:04 . 2009-10-12 18:04	22328	----a-w-	c:\users\Julien\AppData\Roaming\PnkBstrK.sys
2009-10-12 18:04 . 2009-10-12 18:04	107832	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-10-12 18:04 . 2009-10-12 18:04	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-10-12 18:04 . 2009-10-12 18:04	2337865	----a-w-	c:\windows\system32\pbsvc.exe
2009-10-12 17:49 . 2009-10-12 19:46	--------	d--h--w-	c:\program files\InstallShield Installation Information

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 18:20 . 2009-11-07 18:20	51200	----a-w-	c:\windows\system32\C525.tmp
2009-11-07 18:20 . 2009-11-07 18:20	52	----a-w-	c:\windows\system32\BD45.tmp
2009-11-07 18:20 . 2009-10-04 20:49	4096	d-----w-	c:\programdata\NVIDIA
2009-11-07 18:06 . 2009-11-07 18:06	51200	----a-w-	c:\windows\system32\7ABC.tmp
2009-11-07 18:06 . 2009-11-07 18:06	52	----a-w-	c:\windows\system32\7859.tmp
2009-11-07 17:53 . 2009-10-04 18:30	697522	----a-w-	c:\windows\system32\perfh00C.dat
2009-11-07 17:53 . 2009-10-04 18:30	128356	----a-w-	c:\windows\system32\perfc00C.dat
2009-11-07 17:52 . 2009-11-07 17:52	51200	----a-w-	c:\windows\system32\7FDC.tmp
2009-11-07 17:52 . 2009-11-07 17:52	52	----a-w-	c:\windows\system32\7E64.tmp
2009-11-07 17:42 . 2009-07-13 23:30	274432	----a-w-	c:\windows\system32\wbem\WmiPrvSE.exe
2009-11-07 17:42 . 2009-07-13 23:31	397824	----a-w-	c:\windows\system32\wbem\WMIC.exe
2009-11-07 17:42 . 2009-07-13 23:31	138240	----a-w-	c:\windows\system32\wbem\WmiApSrv.exe
2009-11-07 17:42 . 2009-07-13 23:30	117248	----a-w-	c:\windows\system32\wbem\WMIADAP.exe
2009-11-07 17:42 . 2009-07-13 23:30	80384	----a-w-	c:\windows\system32\wbem\WinMgmt.exe
2009-11-07 17:42 . 2009-07-13 23:30	176128	----a-w-	c:\windows\system32\wbem\wbemtest.exe
2009-11-07 17:42 . 2009-07-13 23:30	44544	----a-w-	c:\windows\system32\wbem\scrcons.exe
2009-11-07 17:22 . 2009-07-13 23:51	43520	----a-w-	c:\windows\system32\xwizard.exe
2009-11-07 17:22 . 2009-07-14 00:24	3407360	----a-w-	c:\windows\system32\xpsrchvw.exe
2009-11-07 17:20 . 2009-07-13 23:47	336384	----a-w-	c:\windows\system32\wisptis.exe
2009-11-07 17:19 . 2009-07-14 07:47	215552	----a-w-	c:\windows\system32\vmicsvc.exe
2009-11-07 17:18 . 2009-07-13 23:48	76288	----a-w-	c:\windows\system32	abcal.exe
2009-11-07 17:17 . 2009-07-13 23:22	450048	----a-w-	c:\windows\system32\spinstall.exe
2009-11-07 17:16 . 2009-07-14 00:04	52224	----a-w-	c:\windows\system32rinstaller.exe
2009-11-07 17:15 . 2009-07-14 00:02	161792	----a-w-	c:\windows\system32dpinit.exe
2009-11-07 17:14 . 2009-07-13 23:20	159232	----a-w-	c:\windows\system32\perfmon.exe
2009-11-07 17:14 . 2009-07-13 23:19	14336	----a-w-	c:\windows\system32\pcwrun.exe
2009-11-07 17:14 . 2009-07-13 23:20	11776	----a-w-	c:\windows\system32\pcawrk.exe
2009-11-07 17:14 . 2009-07-13 23:20	10240	----a-w-	c:\windows\system32\pcalua.exe
2009-11-07 17:14 . 2009-07-13 23:20	17920	----a-w-	c:\windows\system32\pcaui.exe
2009-11-07 17:14 . 2009-07-13 23:55	15360	----a-w-	c:\windows\system32\PATHPING.EXE
2009-11-07 17:14 . 2009-07-13 23:56	154112	----a-w-	c:\windows\system32\p2phost.exe
2009-11-07 17:14 . 2009-07-14 00:14	648192	----a-w-	c:\windows\system32\osk.exe
2009-11-07 17:14 . 2009-07-13 23:40	99328	----a-w-	c:\windows\system32\OptionalFeatures.exe
2009-11-07 17:14 . 2009-07-13 23:15	64512	----a-w-	c:\windows\system32\openfiles.exe
2009-11-07 16:24 . 2009-07-13 23:53	26112	----a-w-	c:\windows\system32
etbtugc.exe
2009-11-07 16:23 . 2009-07-13 23:32	1403392	----a-w-	c:\windows\system32\mmc.exe
2009-11-07 16:22 . 2009-07-13 23:46	146944	----a-w-	c:\windows\system32\iscsicli.exe
2009-11-07 16:21 . 2009-07-13 23:15	75776	----a-w-	c:\windows\system32\fsutil.exe
2009-11-07 16:20 . 2009-07-13 23:38	30720	----a-w-	c:\windows\system32\dnscacheugc.exe
2009-11-07 16:19 . 2009-07-13 23:26	10752	----a-w-	c:\windows\system32\ctfmon.exe
2009-11-07 16:18 . 2009-07-13 23:33	265216	----a-w-	c:\windows\system32\certreq.exe
2009-11-07 15:39 . 2009-11-07 15:39	51200	----a-w-	c:\windows\system32\2595.tmp
2009-11-07 15:39 . 2009-11-07 15:39	52	----a-w-	c:\windows\system32\2361.tmp
2009-11-07 14:59 . 2009-11-07 14:59	51200	----a-w-	c:\windows\system32\2B23.tmp
2009-11-07 14:59 . 2009-11-07 14:59	52	----a-w-	c:\windows\system32\28EF.tmp
2009-11-07 13:01 . 2009-11-07 13:01	51200	----a-w-	c:\windows\system32\B16F.tmp
2009-11-07 13:01 . 2009-11-07 13:01	52	----a-w-	c:\windows\system32\AF4B.tmp
2009-11-07 11:28 . 2009-11-07 11:28	51200	----a-w-	c:\windows\system32\4361.tmp
2009-11-07 11:28 . 2009-11-07 11:28	52	----a-w-	c:\windows\system32\418B.tmp
2009-11-07 10:59 . 2009-11-07 10:59	51200	----a-w-	c:\windows\system32\63E1.tmp
2009-11-07 10:59 . 2009-11-07 10:59	51200	----a-w-	c:\windows\system32\63E0.tmp
2009-11-07 10:59 . 2009-11-07 10:59	52	----a-w-	c:\windows\system32\6258.tmp
2009-11-07 10:59 . 2009-11-07 00:58	52	----a-w-	c:\windows\system32\C7FE.tmp
2009-11-06 20:44 . 2009-10-04 20:10	45056	----a-w-	c:\users\Julien\AppData\Roaming\Apple Computer\iTunes\iTunes Plug-ins\mmkeys.dll
2009-11-06 16:57 . 2009-11-06 16:57	51200	----a-w-	c:\windows\system32\147E.tmp
2009-11-06 16:57 . 2009-11-06 16:57	92	----a-w-	c:\windows\system32\12B8.tmp
2009-11-06 14:44 . 2009-11-06 14:44	51200	----a-w-	c:\windows\system32\5C74.tmp
2009-11-06 14:44 . 2009-11-06 14:44	92	----a-w-	c:\windows\system32\4B8B.tmp
2009-11-06 11:12 . 2009-11-06 11:12	92	----a-w-	c:\windows\system32\4987.tmp
2009-11-06 11:07 . 2009-11-06 11:07	163728	----a-w-	c:\programdata\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-06 11:06 . 2009-11-06 11:06	5908024	----a-w-	c:\programdata\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-06 11:05 . 2009-11-06 11:05	815760	----a-w-	c:\programdata\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-06 11:03 . 2009-11-06 10:45	4096	dc-h--w-	c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-06 11:03 . 2009-11-06 11:03	--------	d-----w-	c:\program files\Lavasoft
2009-11-06 10:49 . 2009-11-06 10:49	92	----a-w-	c:\windows\system32\4234.tmp
2009-11-06 10:36 . 2009-11-06 10:36	92	----a-w-	c:\windows\system32\FD9.tmp
2009-11-06 00:09 . 2009-11-06 00:09	92	----a-w-	c:\windows\system32\5167.tmp
2009-11-05 20:34 . 2009-11-05 20:34	92	----a-w-	c:\windows\system32\A6FD.tmp
2009-11-05 20:24 . 2009-11-05 20:24	92	----a-w-	c:\windows\system32\143E.tmp
2009-11-05 16:40 . 2009-11-05 16:40	92	----a-w-	c:\windows\system32\75AF.tmp
2009-11-05 03:07 . 2009-11-05 03:07	92	----a-w-	c:\windows\system32\AED8.tmp
2009-11-04 17:14 . 2009-11-04 17:14	92	----a-w-	c:\windows\system32\F397.tmp
2009-11-04 11:53 . 2009-11-04 11:53	92	----a-w-	c:\windows\system32\E7E0.tmp
2009-11-04 11:39 . 2009-11-04 11:39	92	----a-w-	c:\windows\system32\FF9D.tmp
2009-11-04 10:30 . 2009-11-04 10:30	92	----a-w-	c:\windows\system32\90D1.tmp
2009-11-03 14:43 . 2009-11-03 14:43	92	----a-w-	c:\windows\system32\BC6C.tmp
2009-11-03 07:08 . 2009-11-03 07:08	92	----a-w-	c:\windows\system32\40C7.tmp
2009-11-03 06:56 . 2009-11-03 06:56	0	----a-w-	c:\windows\system32\CDFC.tmp
2009-11-03 06:56 . 2009-11-03 06:56	92	----a-w-	c:\windows\system32\C771.tmp
2009-11-02 18:38 . 2009-11-02 18:38	92	----a-w-	c:\windows\system32\F057.tmp
2009-11-02 16:17 . 2009-11-02 16:17	92	----a-w-	c:\windows\system32\1325.tmp
2009-11-02 15:54 . 2009-11-02 15:54	92	----a-w-	c:\windows\system32\8468.tmp
2009-11-02 15:41 . 2009-11-02 15:41	92	----a-w-	c:\windows\system32\A7.tmp
2009-11-02 15:19 . 2009-11-02 15:19	92	----a-w-	c:\windows\system32\E33.tmp
2009-11-02 15:02 . 2009-11-02 15:02	92	----a-w-	c:\windows\system32\9B50.tmp
2009-11-02 14:01 . 2009-11-02 14:01	92	----a-w-	c:\windows\system32\D884.tmp
2009-11-02 11:03 . 2009-11-02 11:03	92	----a-w-	c:\windows\system32\1AA7.tmp
2009-11-02 09:57 . 2009-11-02 09:57	92	----a-w-	c:\windows\system32\A94B.tmp
2009-11-01 17:47 . 2009-11-01 17:47	0	----a-w-	c:\windows\system32\77C2.tmp
2009-11-01 17:47 . 2009-11-01 17:47	92	----a-w-	c:\windows\system32\6FFE.tmp
2009-11-01 17:43 . 2009-10-04 20:41	4096	d-----w-	c:\users\Julien\AppData\Roaming\vlc
2009-11-01 16:36 . 2009-11-01 16:36	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-31 23:04 . 2009-10-04 19:58	--------	d-----w-	c:\programdata\Apple Computer
2009-10-31 23:04 . 2009-10-04 19:57	--------	d-----w-	c:\program files\Common Files\Apple
2009-10-15 20:25 . 2009-10-05 17:44	12288	d-----w-	c:\programdata\Microsoft Help
2009-10-11 14:06 . 2009-10-04 20:33	8192	d-----w-	c:\program files\Steam
2009-10-07 19:14 . 2009-10-07 19:14	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-10-07 19:13 . 2009-10-06 17:00	12288	d-----w-	c:\program files\AGEIA Technologies
2009-10-07 19:12 . 2009-10-07 19:12	4096	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-10-07 19:08 . 2009-10-06 16:03	--------	d-----w-	c:\program files\Java
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
.

------- Sigcheck -------

[-] 2009-11-07 . 24A58D9BF27650B2B542B6C80D82B288 . 335872 . . [6.1.7600.16385] . . c:\windows\System32\spoolsv.exe

[-] 2009-11-07 . F79832429F69456F0EAD091604434103 . 49152 . . [7.3.7600.16385] . . c:\windows\System32\wuauclt.exe

[-] 2009-11-07 . 2C6A2462065A121C5598DB698481D403 . 28160 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe

[-] 2009-11-07 . 72C810D649F050438A58024C66543631 . 2632704 . . [6.1.7600.16385] . . c:\windows\explorer.exe

[-] 2009-11-07 . CB6A46D42811CD758CFE6D404C5B47B8 . 10752 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC613301-D9C6-4D89-8418-4A50E265913A}]
2009-11-01 17:47	782336	----a-w-	c:\windows\System32\4b78.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BC613300-D9C6-4D89-8418-4A50E265913A}"= "c:\windows\system32\4b78.dll" [2009-11-01 782336]

[HKEY_CLASSES_ROOT\clsid\{bc613300-d9c6-4d89-8418-4a50e265913a}]
[HKEY_CLASSES_ROOT\TypeLib\{E61EA6DC-86FC-4DAA-B035-770499B63836}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC613300-D9C6-4D89-8418-4A50E265913A}"= "c:\windows\system32\4b78.dll" [2009-11-01 782336]

[HKEY_CLASSES_ROOT\clsid\{bc613300-d9c6-4d89-8418-4a50e265913a}]
[HKEY_CLASSES_ROOT\TypeLib\{E61EA6DC-86FC-4DAA-B035-770499B63836}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-11-07 692224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-07 421888]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-02 2010904]
"combofix"="c:\combofix\CF25176.exe" [2009-11-07 303616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\System32\kbdnet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution optionseader_s.exe]
"Debugger"=c:\windows\system32\ahui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sys64_nov.exe]
"Debugger"=c:\windows\system32\ahui.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll	REG_SZ         	c:\windows\system32\mscert.dll

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [06/11/2009 12:08 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [02/11/2009 17:19 333192]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14/07/2009 00:52 48128]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [02/11/2009 17:19 285392]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [14/07/2009 00:19 20992]
R2 fastnetsrv;fastnetsrv  Service;c:\windows\System32\FastNetSrv.exe [14/07/2009 02:15 47104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1179232]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision
vSCPAPISvr.exe [27/09/2009 15:48 240232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
BtwSrv
.
Contenu du dossier 'Tâches planifiées'

2009-11-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:05]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Julien\AppData\Roaming\Mozilla\Firefox\Profiles\6jbtwlny.default\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- Associations de fichier -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-net - c:\windows\system32
et.net


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32
vvsvc.exe
c:\windows\system32
vvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-11-07 19:26 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-11-07 18:26

Avant-CF: 29 734 690 816 octets libres
Après-CF: 29 639 753 728 octets libres

- - End Of File - - 868273C01430CCE8429320F17BD2A252

eZula · Answer

Ca va mal finir je pense
Et drweb, il a trouvé quoi ?

azn-21 · Answer

Dr Web, Je m'en rappelle plus. Mai il a désinfecté des menaces et supprimés..

azn-21 · Answer

Rien D'autres à faire ?

eZula · Answer

Oui ceci http://pagesperso-orange.fr/rue-du-montceau/tutoriels.html#Killdisk

azn-21 · Answer

Comment réinstaller Windows 7(je le possède sur un DVD) après le formatage ?

eZula · Answer

tu vérifies dans le bios que l'amorçage se fait sur le lecteur dvd, tu l'insères, et tu suis les instructions.

C'est con d'en arriver là, mais avec ce que tu as ramassé (virut), je ne vois pas de solution plus sure. J'espère juste que tu as une idée de comment ça a pu t'arriver.

azn-21 · Answer

Non pas du tout..

eZula · Answer

t'as pas téléchargé un crack, un keygen ou qquechose dans le genre ? toi ou qqu'un d'autre d'ailleurs

azn-21 · Answer

Je pense pas.

azn-21 · Answer

Qu'est-ce que je risque si je ne formate pas mon disque dur ?

eZula · Answer

Plus l'ordi fonctionnera, plus il y aura de fichiers contaminés et rien n'arrêtera le mouvement.
https://fr.wikipedia.org/wiki/Virut

Virus internet page redirigé

18 réponses

Votre réponse

Newsletters