c'est quoi ce virus AGC? Fermé

Question

Bonjour, 

aidez moi s'il vous plait mon ordi ne fonctionne pas normal un virus qui bloc mes programmes et meme mon antivirus il m'indique ce dernier que virus systeme32 AGC agent je ne sais pas quoi encore autorun etc....
mon message est unpeu moin claire mais je n'arrive pas a detecte le problemee.
merci pour votre aide.

cabrier · Answer

golden, 

C'est un cheval de Troie. 
Un cheval de Troie est un code (programme) nuisible qui s'installe souvent par le biais d'un mail ou d'une page web piégée et peut par exemple : 
-  voler des mots de passe ; 
-  copier des données sensibles ; 
-  installer d'autres programmes malveillants 
-  exécuter tout autre action nuisible ; 
-  etc. 

* Télécharge Roguekiller (de Tigzy) sur le Bureau 
* Quitte tous tes programmes en cours 
* Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur") 
* Clique sur le bouton (Scan) 
* S'il demande pour supprimer un proxy, tape 1 (supprimer) 
* Le scan terminé clique sur le bouton (Rapport) 
* Le bloc note s'ouvre contenant le rapport 
* Enregistre le sur ton bureau  
* Transmets moi le lien du fichier  
* Rappel des dépôts : cijoint ou pjjoint 
* Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois, ou renomme le en winlogon.exe 

A+ 
Heureux ceux qui peuvent donner sans s'en souvenir et prendre sans oublier !

golden004 · Answer

salut, merci pour votre aide voila la rapport: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Blog: http://tigzyrk.blogspot.com Mode: Recherche -- Date: 13/08/2012 17:14:24 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 12 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : MozillaPlugins (C:\Users\Youness\AppData\Roaming\844E5A.exe) -> FOUND [SUSP PATH] HKCU\[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> FOUND [SUSP PATH] HKLM\[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1435615870-4106794177-4158689774-1000[...]\Run : MozillaPlugins (C:\Users\Youness\AppData\Roaming\844E5A.exe) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1435615870-4106794177-4158689774-1000[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> FOUND [SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job @ : C:\Windows\msa.exe -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [SUSP PATH] [ON_E:youness]HKCU[...]\Run : FibReminder (c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++ --- User --- [MBR] 962e614e32953649cbfc78d69a73a358 [BSP] 6b3de0eb65103393d0271d69528e44c1 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119078 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246945792 | Size: 92589 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 436570112 | Size: 25305 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Clikfree Backup Drive USB Device +++++ --- User --- [MBR] a742309ca4c3a5511ddbf43561028673 [BSP] e1b6546b754dac1a850095bd1d624e14 : MBR Code unknown Partition table: 0 - [ACTIVE] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 417690 | Size: 953451 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt

golden004 · Answer

voila :https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 12 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : MozillaPlugins (C:\Users\Youness\AppData\Roaming\844E5A.exe) -> NOT SELECTED
[SUSP PATH] HKCU\[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> NOT SELECTED
[SUSP PATH] HKLM\[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> NOT SELECTED
[SUSP PATH] HKUS\S-1-5-21-1435615870-4106794177-4158689774-1000[...]\Run : MozillaPlugins (C:\Users\Youness\AppData\Roaming\844E5A.exe) -> NOT SELECTED
[SUSP PATH] HKUS\S-1-5-21-1435615870-4106794177-4158689774-1000[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> NOT SELECTED
[SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job @ : C:\Windows\msa.exe -> NOT SELECTED
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[SUSP PATH] [ON_E:youness]HKCU[...]\Run : FibReminder (c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe) -> NOT SELECTED

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++
--- User ---
[MBR] 962e614e32953649cbfc78d69a73a358
[BSP] 6b3de0eb65103393d0271d69528e44c1 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119078 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246945792 | Size: 92589 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 436570112 | Size: 25305 Mo
User = LL1 ... OK!
User = LL2 ... OK!

cabrier · Answer

golden004

Relances Roguekiller en mode [Suppression] et poste moi le rapport.

A+

golden004 · Answer

oui comment faire en mode suppression?

golden004 · Answer

voila : RogueKiller V7.6.6 [10/08/2012] par Tigzy mail: tigzyRKgmailcom Remontees: https://www.luanagames.com/index.fr.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: Youness [Droits d'admin] Mode: Recherche -- Date: 13/08/2012 18:10:35 ¤¤¤ Processus malicieux: 1 ¤¤¤ [SUSP PATH] HelpPane.exe -- C:\Windows\helppane.exe -> KILLED [TermProc] ¤¤¤ Entrees de registre: 12 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : MozillaPlugins (C:\Users\Youness\AppData\Roaming\844E5A.exe) -> FOUND [SUSP PATH] HKCU\[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> FOUND [SUSP PATH] HKLM\[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1435615870-4106794177-4158689774-1000[...]\Run : MozillaPlugins (C:\Users\Youness\AppData\Roaming\844E5A.exe) -> FOUND [SUSP PATH] HKUS\S-1-5-21-1435615870-4106794177-4158689774-1000[...]\Run : 06562ec (C:\Users\Youness\AppData\Roaming\06562ec\06562ec.exe) -> FOUND [SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job @ : C:\Windows\msa.exe -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [SUSP PATH] [ON_E:youness]HKCU[...]\Run : FibReminder (c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++ --- User --- [MBR] 962e614e32953649cbfc78d69a73a358 [BSP] 6b3de0eb65103393d0271d69528e44c1 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119078 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246945792 | Size: 92589 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 436570112 | Size: 25305 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Clikfree Backup Drive USB Device +++++ --- User --- [MBR] a742309ca4c3a5511ddbf43561028673 [BSP] e1b6546b754dac1a850095bd1d624e14 : MBR Code unknown Partition table: 0 - [ACTIVE] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 417690 | Size: 953451 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

cabrier · Answer

Ok,

Attention : Le logiciel qui suit peut faire des dégâts en cas de mauvaise utilisation ! Désactive tous tes logiciels de protection (antivirus et pare-feu) et ferme toutes les fenêtres ouvertes avant de l'utiliser.

¶ Télécharge ComboFix (de sUBs) sur ton Bureau.
¶ Double-clique sur ComboFix.exe afin de le lancer.
¶ Si tu es sous Windows XP, il va te demander d'installer la console de récupération : tu dois absolument accepter.
¶ Ne touche à rien pendant le scan.
¶ Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

A+

golden004 · Answer

(merci pour votre aide),voila le rapport :

ComboFix 12-08-13.01 - Youness 13/08/2012  20:04:59.1.2 - x86
Microsoft® Windows Vista(TM) Edition Familiale Premium   6.0.6002.2.1256.212.1036.18.2939.1008 [GMT 0:00]
Running from: c:\users\Youness\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files\Complitly\FireFoxUninstaller.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\System.Data.SQLite.dll
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\users\Public\sdelevURL.tmp
c:\users\Youness\AppData\Roaming\06562ec
c:\users\Youness\AppData\Roaming\06562ec\06562ec.cfg
c:\users\Youness\AppData\Roaming\06562ec\06562ec.exe
c:\users\Youness\AppData\Roaming\844E5A.exe
c:\users\Youness\AppData\Roaming\inst.exe
c:\users\Youness\AppData\Roaming\vso_ts_preview.xml
c:\users\Youness\videos\esetsmartinstaller_enu.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\pt
c:\windows\system32\pt	oscdspd.cpl.mui
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-13 to 2012-08-13  )))))))))))))))))))))))))))))))
.
.
2012-08-13 20:14 . 2012-08-13 20:14	--------	d-----w-	c:\users\yasmine\AppData\Local	emp
2012-08-13 20:14 . 2012-08-13 20:14	--------	d-----w-	c:\users\Default\AppData\Local	emp
2012-08-13 19:06 . 2012-08-13 19:06	14080	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2012-08-13 19:04 . 2012-08-13 19:04	--------	d-----w-	c:\programdata\TOSHIBA Tempro
2012-08-11 08:54 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{91C9D709-2FCB-4CA0-9253-E2091076C286}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 19:16 . 2012-04-05 23:58	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-02 19:16 . 2011-06-25 17:17	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 15:04 . 2012-06-25 15:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-06-13 13:40 . 2012-07-11 22:18	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 21:19	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 21:19	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 21:19	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 13:11	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:11	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:11	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:11	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 13:11	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 13:11	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 13:11	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 13:11	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-22 13:11	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 22:15	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:15	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:14	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:15	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:15	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 21:19	278528	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 21:19	204288	----a-w-	c:\windows\system32
crypt.dll
2012-05-31 12:25 . 2009-10-02 16:58	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{B9E567E4-BF93-4E31-838A-E7D7D01815BF}"= "c:\program files\SystemSecurityGuardToolbar\IEToolbar.dll" [2012-03-30 2491504]
.
[HKEY_CLASSES_ROOT\clsid\{b9e567e4-bf93-4e31-838a-e7d7d01815bf}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
2009-07-02 10:18	2215960	----a-w-	c:\program files\PHPNukeFR	bPHPN.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9E567E4-BF93-4E31-838A-E7D7D01815BF}]
2012-03-30 08:55	2491504	----a-w-	c:\program files\SystemSecurityGuardToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR	bPHPN.dll" [2009-07-02 2215960]
"{2793FB58-DCE3-4A83-97DE-7208CAD0341C}"= "c:\program files\SystemSecurityGuardToolbar\IEToolbar.dll" [2012-03-30 2491504]
.
[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
.
[HKEY_CLASSES_ROOT\clsid\{2793fb58-dce3-4a83-97de-7208cad0341c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1C491116-C175-45E1-A570-6FB14FEA8B7B}"= "c:\program files\PHPNukeFR	bPHPN.dll" [2009-07-02 2215960]
"{2793FB58-DCE3-4A83-97DE-7208CAD0341C}"= "c:\program files\SystemSecurityGuardToolbar\IEToolbar.dll" [2012-03-30 2491504]
.
[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
.
[HKEY_CLASSES_ROOT\clsid\{2793fb58-dce3-4a83-97de-7208cad0341c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Z810PNP"="c:\program files\Modem Samsung SCH-U209\SamsungPnPServiceManager.exe" [2009-02-13 176128]
"Z810SysStart"="c:\program files\Modem Samsung SCH-U209\sysctrlU.exe" [2009-02-11 311296]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-05-27 2285637]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-07-27 1133040]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2011-12-28 6148096]
"SystemSecurityGuardAutoStart"="c:\program files\System Security Guard\SystemSecurityGuardTray.exe" [2011-12-16 694784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-25 39408]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information	opi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba	raybar.exe" [2008-09-26 417792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Meditel Monaco ModemListener"="c:\program files\HSPA USB MODEM\BackgroundService\ModemListener.exe" [2010-07-23 106496]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater
su3ui_agent.exe" [2011-12-13 190768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\updateealsched.exe" [2012-05-02 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="RD" [X]
"removeSearchqutoolbar"="RD" [X]
.
c:\users\yasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Youness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\Youness\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-9-8 135680]
Registration Tom Clancy's Rainbow Six Lockdown.LNK - f:\ereg\RegistrationReminder.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:21]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 22:14]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 22:14]
.
2010-05-02 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11
ssstub.exe [2010-05-01 18:52]
.
2012-08-08 c:\windows\Tasks\ReclaimerResumeInstall_Youness.job
- c:\users\Youness\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.10\agentnupgagent.exe [2012-08-07 23:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/410
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Télécharger le site avec Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: chat-land.org
TCP: DhcpNameServer = 192.168.1.1
Handler: systemsecurityguardtoolbar - {89EECF8F-484D-4786-909C-83E5285003ED} - c:\program files\SystemSecurityGuardToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Youness\AppData\Roaming\Mozilla\Firefox\Profiles\g998t3cx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.findamo.com?ch=2&cid=
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.id - 7ea25f510000000000000024d21745d6
FF - user.js: extensions.BabylonToolbar_i.hardId - 7ea25f510000000000000024d21745d6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108988
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
BHO-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com	b4sha.dll
BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\SpeedBit Video Downloader\Toolbar	bcore3.dll
BHO-{389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\progra~1\SEARCH~2\SEARCH~1.DLL
Toolbar-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com	b4sha.dll
Toolbar-10 - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - c:\program files\4shared.com	b4sha.dll
WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-fsm - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKCU-Run-Akamai NetSession Interface - c:\users\Youness\AppData\Local\Akamai
etsession_win.exe
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-Toshiba TEMPO - c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-EoWeather - (no file)
HKLM-Run-USB Gamepad - c:\windows\USB Vibration\dr100&110\USB Gamepad.exe
MSConfigStartUp-vegas - c:\windows\system32\sshnas.dll
AddRemove-4shared.com Toolbar - c:\progra~1\4shared.com\UNWISE.EXE
AddRemove-SpeedBit Video Downloader - c:\program files\SpeedBit Video Downloader\GRRemove.exe
AddRemove-SWAT 4 - c:\windows\SWAT 4\uninstall.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 20:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Z810PNP = c:\program files\Modem Samsung SCH-U209\SamsungPnPServiceManager.exe???v+7??H?$?\??v????H?$?\??v?????????????????????=?v?_??H?$?\??v???????v???v?4??H?$?h?#??????????????=?v'????=?v?^?????????v??@?H?$?????????V?Ww??@??????????????????t ?0t ???????????_B?*?? 
  Z810SysStart = c:\program files\Modem Samsung SCH-U209\sysctrlU.exe??Xw?6Xw????}???????.6Xw?????????????????????\gw????????h????[gw????}???????????????D?A???Xwe?Xw??Xw????????????????V?Ww?&:???????????Ww??????????????????????A????????????? ???r?A???????????????????????A 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1435615870-4106794177-4158689774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*lv]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1435615870-4106794177-4158689774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*lv\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1435615870-4106794177-4158689774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*lv]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,59,6f,75,6e,65,73,73,5c,56,69,64,65,6f,73,
   5c,52,65,61,6c,50,6c,61,79,65,72,20,44,6f,77,6e,6c,6f,61,64,73,5c,d9,85,d8,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:43,3a,5c,55,73,65,72,73,5c,59,6f,75,6e,65,73,73,5c,56,69,64,65,6f,73,
   5c,52,65,61,6c,50,6c,61,79,65,72,20,44,6f,77,6e,6c,6f,61,64,73,5c,d9,85,d8,\
"2"=hex:43,3a,5c,55,73,65,72,73,5c,59,6f,75,6e,65,73,73,5c,56,69,64,65,6f,73,
   5c,52,65,61,6c,50,6c,61,79,65,72,20,44,6f,77,6e,6c,6f,61,64,73,5c,d9,85,d8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PAPI\DEV\*"!K¸*¯H^&  ?©*yN*¶*1_*8* U*¾°*©K¸*©  & ]
"Tested"=hex:00
.
Completion time: 2012-08-13  20:17:56
ComboFix-quarantined-files.txt  2012-08-13 20:17
.
Pre-Run: 51 158 880 256 octets libres
Post-Run: 78 193 815 552 octets libres
.
- - End Of File - - A1B34002E0AD748F41B0921EE43B2E11

cabrier · Answer

golden,

* Télécharge Malwaresbytes anti malware ici
* Choisis la version -Download free version-
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installation ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
* Tu as un tuto si tu en as besoin : tuto
* Avant de lancer le programme Déconnecte toi d'Internet et ferme toutes tes applications.
* /I\ Sous Vista ou Seven ---> clic droit "Exécuter en tant qu'administrateur"/I\
* Clique sur l'onglet "Mise à jour" si celle ci ne t'a pas été proposée lors de l'installation.
* Clique ensuite sur l'onglet "Recherche" puis coche "Exécuter un examen Complet"
* Le scan peut durer plusieurs heures, aussi ne t'impatiente pas et laisse tourner le programme sans rien faire d'autre sur ta machine.
* Lorsque le scan est terminé clique sur "Afficher les résultats"
* Vérifie que toutes les lignes des objets infectés soient cochées, puis clique sur "Supprimer la sélection"

PS : Redémarre ta machine pour achever le nettoyage.

*  Un rapport sera généré, enregistre-le dans un endroit approprié pour le retrouver et héberge-le sur ce site
*  Envoie-moi le lien fourni dans ta prochaine réponse.

A+

golden004 · Answer

salut merci pour votre aide je crois le problème est résolu, je continu avec Malwaresbytes anti malware. ou j'arrete?

cabrier · Answer

golden004,

Désolé du retard, je suis en déplacement.

Oui, il serait préférable de faire MBAM pour être sur !

A+

C'est quoi ce virus AGC?

11 réponses

Discussions similaires

Newsletters