A l'aide!!!! 4 virus a enlever

marie -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j'ai chopé 4 virus a enlever et je pense que ces virus me bloque mon imprimante car mon ordi recherche sans arret les apllication de mon imprimante pouvez vous m'aider
Configuration: Windows XP
Firefox 2.0.0.14

14 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _____________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

    ______________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  2. marie
     
    tous d'abord merci de m'aider je suis en train de faire ce que tu m'a dis en revanche je sais pas si ca un interet quelqconque mais j'avais effectué un scan avec avira qui ma donc detecté 4 virus et je les ai mis en quarantaine ...alors est ce que je continu a faire ce que tu ma conseillé?
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport antivir alors !!!

    et hijackhtis
    0
    1. marie
       
      Avira AntiVir Personal
      Report file date: 2008-05-22 16:27

      Scanning for 1282221 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: MARIE

      Version information:
      BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-16 20:21:20
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-16 20:21:20
      LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-16 20:21:21
      LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-16 20:21:21
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 20:23:02
      ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 10:24:17
      ANTIVIR3.VDF : 7.0.4.77 103936 Bytes 2008-05-22 10:20:35
      Engineversion : 8.1.0.46
      AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-16 20:21:21
      AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-16 10:21:19
      AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-16 10:21:15
      AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-25 10:19:34
      AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-16 10:21:13
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-19 10:19:18
      AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-16 10:21:08
      AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-19 10:19:17
      AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-16 10:20:50
      AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-08 10:17:47
      AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-16 10:20:42
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-16 20:21:20
      AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-16 20:21:20
      AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
      AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-16 20:21:20
      AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-16 20:21:20
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-16 20:21:20
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-16 20:21:21
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-16 20:21:21
      NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-16 20:21:21
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-16 20:21:16
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-16 20:21:16

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: 2008-05-22 16:27

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'lxbvbmon.exe' - '1' Module(s) have been scanned
      Scan process 'lxbvbmgr.exe' - '1' Module(s) have been scanned
      Scan process 'msiexec.exe' - '1' Module(s) have been scanned
      Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
      Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
      Scan process 'slserv.exe' - '1' Module(s) have been scanned
      Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
      Scan process 'mdm.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
      Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
      Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      40 processes with 40 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '22' files ).


      Starting the file scan:

      Begin scan in 'C:\' <HDD>
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\bibiche\Local Settings\Temp\NI.UGESV_0001_N122M0303\setup.exe
      [DETECTION] Contains detection pattern of the dropper DR/FraudTool.SysKontroller.A.3
      [NOTE] The file was moved to '48a984b9.qua'!
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP872\A0121704.dll
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [NOTE] The file was moved to '486688e8.qua'!
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP873\A0121737.dll
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [NOTE] The file was moved to '486688f2.qua'!
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP874\A0121772.dll
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [NOTE] The file was moved to '486688f9.qua'!


      End of the scan: 2008-05-22 17:15
      Used time: 47:44 min

      The scan has been done completely.

      6388 Scanning directories
      262528 Files were scanned
      4 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      262524 Files not concerned
      7678 Archives were scanned
      2 Warnings
      4 Notes






      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:49, on 2008-05-22
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\spider.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsc80.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: dcads - {cbff3611-0a66-9cf5-7ce2-586ad258c5ef} - C:\WINDOWS\system32\nszBD0.dll
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\bibiche\Bureau\Unlocker\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\bibiche\Bureau\setup_fr.exe"
      O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{31BDDD12-A6C7-4592-9EF8-1C35E7D4F9B8}: NameServer = 192.168.1.1
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok tu es infecté:

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    ________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. marie
       
      ComboFix 08-05-21.2 - bibiche 2008-05-22 19:14:06.3 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.260 [GMT 2:00]
      Endroit: C:\Documents and Settings\bibiche\Bureau\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\bibiche\Application Data\urlredir.cfg
      C:\WINDOWS\system32\dcads-remove.exe
      C:\WINDOWS\system32\dcads_sidebar.dll
      C:\WINDOWS\system32\DcadsSocial-uninstall.exe
      C:\WINDOWS\system32\iebrowserc.dll
      C:\WINDOWS\system32\MSINET.oca
      C:\WINDOWS\system32\nszBD0.dll
      C:\WINDOWS\system32\sttss.ini
      C:\WINDOWS\system32\sttss.ini2

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-22 19:03 . 2008-05-22 19:03 <REP> d-------- C:\Program Files\CCleaner
      2008-05-22 18:41 . 2008-05-22 18:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-05-22 18:41 . 2008-05-22 18:41 <REP> d-------- C:\Documents and Settings\bibiche\Application Data\Malwarebytes
      2008-05-22 18:41 . 2008-05-22 18:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-05-22 18:41 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-05-22 18:41 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-22 16:18 . 2008-05-22 16:20 <REP> d-------- C:\Program Files\Lexmark 2200 Series

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-22 16:49 --------- d-----w C:\Program Files\Trend Micro
      2008-05-22 14:22 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
      2008-05-21 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-05-14 09:03 --------- d-----w C:\Program Files\eMule
      2008-05-12 11:46 --------- d-----w C:\Documents and Settings\bibiche\Application Data\AdobeUM
      2008-04-07 19:00 --------- d-----w C:\Program Files\PhotoFiltre Studio
      2008-03-30 20:55 --------- d-----w C:\Program Files\Google
      2008-03-10 20:32 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
      2008-03-10 20:32 290,816 ------w C:\WINDOWS\Setup1.exe
      2008-02-19 22:30 108,312 ----a-w C:\Documents and Settings\bibiche\Application Data\GDIPFONTCACHEV1.DAT
      .
      [code]<pre>
      ----a-w 335,872 2008-01-15 08:08:13 C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
      ----a-w 313,472 2008-01-14 19:37:46 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
      ----a-w 57,344 2008-01-15 08:08:30 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
      ----a-w 151,597 2008-01-15 08:08:20 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
      ----a-w 68,856 2008-01-15 08:09:00 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
      ----a-w 83,608 2008-01-15 08:08:35 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
      ----a-w 132,496 2008-01-29 16:31:06 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
      ----a-w 294,912 2008-01-15 08:08:16 C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
      ----a-w 1,694,208 2008-01-15 08:09:09 C:\Program Files\Messenger\msmsgs .exe
      ----a-w 5,674,352 2008-01-29 16:31:35 C:\Program Files\MSN Messenger\msnmsgr .exe
      ----a-w 5,562,368 2008-01-15 08:09:34 C:\Program Files\MySpace\IM\MySpaceIM .exe
      ----a-w 20,058,152 2008-01-15 08:10:18 C:\Program Files\Skype\Phone\Skype .exe
      ----a-w 32,768 2008-01-15 08:09:54 C:\Program Files\Wanadoo\GestMaj .exe
      ----a-w 122,880 2008-01-15 08:10:19 C:\Program Files\Wanadoo\Shell .exe
      ----a-w 20,480 2008-01-15 08:10:46 C:\Program Files\Wanadoo\Watch .exe
      ----a-w 33,792 2008-01-15 08:08:23 C:\Program Files\Winamp\winampa .exe
      ----a-w 15,360 2008-01-29 16:18:12 C:\WINDOWS\system32\ctfmon .exe
      ----a-w 155,648 2008-01-15 08:08:18 C:\WINDOWS\system32\NeroCheck .exe
      </pre>/code


      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
      2008-02-08 19:53 233472 --a------ C:\WINDOWS\system32\nsc80.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 01:26 68856]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
      "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-16 22:21 262401]
      "UnlockerAssistant"="C:\Documents and Settings\bibiche\Bureau\Unlocker\UnlockerAssistant.exe" [ ]
      "NI.UGESV_0001_N122M0303"="C:\Documents and Settings\bibiche\Bureau\setup_fr.exe" [ ]
      "Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.3ivx"= 3ivxVfWCodec.dll
      "vidc.3iv2"= 3ivxVfWCodec.dll
      "msacm.divxa32"= divxa32.acm
      "VIDC.HFYU"= huffyuv.dll
      "VIDC.i263"= i263_32.drv
      "msacm.imc"= imc32.acm
      "VIDC.VP31"= vp31vfw.dll
      "VIDC.JPGL"= jpgl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr .exe"=
      "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule
      "4672:UDP"= 4672:UDP:emule
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 10:56]
      R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 10:56]
      S3 DivioUSBDCam;PC-USB CCD-A Camera;C:\WINDOWS\system32\DRIVERS\pcam.sys [2000-01-10 17:34]
      S3 SPC610NC;Philips SPC500NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-10-13 16:41]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{514d5ed7-b207-11dc-939b-00038a000015}]
      \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a249165d-0c59-11dc-9338-00038a000015}]
      \Shell\AutoRun\command - I:\LaunchU3.exe -a

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-22 17:00:00 C:\WINDOWS\Tasks\A82E5EA69181D562.job"
      - c:\docume~1\bibiche\applic~1\mpegin~1\download up default.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-22 19:21:15
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
      "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PAStiSvc.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-22 19:27:13 - machine was rebooted [bibiche]
      ComboFix-quarantined-files.txt 2008-05-22 17:27:05

      Pre-Run: 16,820,817,920 octets libres
      Post-Run: 16,887,332,864 octets libres

      152 --- E O F --- 2008-05-19 06:13:45
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    __________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\nsc80.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  7. marie
     
    ComboFix 08-05-21.2 - bibiche 2008-05-22 19:45:36.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.230 [GMT 2:00]
    Endroit: C:\Documents and Settings\bibiche\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\bibiche\Bureau\CFscript
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 19:03 . 2008-05-22 19:03 <REP> d-------- C:\Program Files\CCleaner
    2008-05-22 18:41 . 2008-05-22 18:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-22 18:41 . 2008-05-22 18:41 <REP> d-------- C:\Documents and Settings\bibiche\Application Data\Malwarebytes
    2008-05-22 18:41 . 2008-05-22 18:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-22 18:41 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-22 18:41 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-22 16:18 . 2008-05-22 16:20 <REP> d-------- C:\Program Files\Lexmark 2200 Series

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-22 16:49 --------- d-----w C:\Program Files\Trend Micro
    2008-05-22 14:22 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
    2008-05-21 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-14 09:03 --------- d-----w C:\Program Files\eMule
    2008-05-12 11:46 --------- d-----w C:\Documents and Settings\bibiche\Application Data\AdobeUM
    2008-04-07 19:00 --------- d-----w C:\Program Files\PhotoFiltre Studio
    2008-03-30 20:55 --------- d-----w C:\Program Files\Google
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-10 20:32 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-03-10 20:32 290,816 ------w C:\WINDOWS\Setup1.exe
    2008-02-19 22:30 108,312 ----a-w C:\Documents and Settings\bibiche\Application Data\GDIPFONTCACHEV1.DAT
    .
    [code]<pre>
    ----a-w 335,872 2008-01-15 08:08:13 C:\ATI Technologies\ATI Control Panel\atiptaxx .exe
    ----a-w 313,472 2008-01-14 19:37:46 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
    ----a-w 57,344 2008-01-15 08:08:30 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
    ----a-w 151,597 2008-01-15 08:08:20 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    ----a-w 68,856 2008-01-15 08:09:00 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    ----a-w 83,608 2008-01-15 08:08:35 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
    ----a-w 132,496 2008-01-29 16:31:06 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 294,912 2008-01-15 08:08:16 C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
    ----a-w 1,694,208 2008-01-15 08:09:09 C:\Program Files\Messenger\msmsgs .exe
    ----a-w 5,674,352 2008-01-29 16:31:35 C:\Program Files\MSN Messenger\msnmsgr .exe
    ----a-w 5,562,368 2008-01-15 08:09:34 C:\Program Files\MySpace\IM\MySpaceIM .exe
    ----a-w 20,058,152 2008-01-15 08:10:18 C:\Program Files\Skype\Phone\Skype .exe
    ----a-w 32,768 2008-01-15 08:09:54 C:\Program Files\Wanadoo\GestMaj .exe
    ----a-w 122,880 2008-01-15 08:10:19 C:\Program Files\Wanadoo\Shell .exe
    ----a-w 20,480 2008-01-15 08:10:46 C:\Program Files\Wanadoo\Watch .exe
    ----a-w 33,792 2008-01-15 08:08:23 C:\Program Files\Winamp\winampa .exe
    ----a-w 15,360 2008-01-29 16:18:12 C:\WINDOWS\system32\ctfmon .exe
    ----a-w 155,648 2008-01-15 08:08:18 C:\WINDOWS\system32\NeroCheck .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
    2008-02-08 19:53 233472 --a------ C:\WINDOWS\system32\nsc80.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 01:26 68856]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-16 22:21 262401]
    "UnlockerAssistant"="C:\Documents and Settings\bibiche\Bureau\Unlocker\UnlockerAssistant.exe" [ ]
    "NI.UGESV_0001_N122M0303"="C:\Documents and Settings\bibiche\Bureau\setup_fr.exe" [ ]
    "Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-10 20:16:01 125624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.3ivx"= 3ivxVfWCodec.dll
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "msacm.divxa32"= divxa32.acm
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.i263"= i263_32.drv
    "msacm.imc"= imc32.acm
    "VIDC.VP31"= vp31vfw.dll
    "VIDC.JPGL"= jpgl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr .exe"=
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule
    "4672:UDP"= 4672:UDP:emule
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 10:56]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 10:56]
    S3 DivioUSBDCam;PC-USB CCD-A Camera;C:\WINDOWS\system32\DRIVERS\pcam.sys [2000-01-10 17:34]
    S3 SPC610NC;Philips SPC500NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-10-13 16:41]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{514d5ed7-b207-11dc-939b-00038a000015}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a249165d-0c59-11dc-9338-00038a000015}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-22 17:00:00 C:\WINDOWS\Tasks\A82E5EA69181D562.job"
    - c:\docume~1\bibiche\applic~1\mpegin~1\download up default.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 19:50:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
    .
    Temps d'accomplissement: 2008-05-22 19:53:22
    ComboFix-quarantined-files.txt 2008-05-22 17:52:57
    ComboFix2.txt 2008-05-22 17:27:16

    Pre-Run: 16,856,276,992 octets libres
    Post-Run: 16,844,795,904 octets libres

    135 --- E O F --- 2008-05-19 06:13:45

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:54:46, on 22/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsc80.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\bibiche\Bureau\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\bibiche\Bureau\setup_fr.exe"
    O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{31BDDD12-A6C7-4592-9EF8-1C35E7D4F9B8}: NameServer = 192.168.1.1
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge BTFix de Bibi26
    http://cluster1.easy-hebergement.net/
    http://ftp1.toocharger.com/loIjyIT/btfix_1_27178.zip
    Dézippe l'archive sur ton Bureau.
    Ouvre le dossier BTFix.
    Double clique sur BTFix.exe.
    Clique sur Rechercher.
    Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    0
    1. marie
       
      BTFix 1.095 (par bibi26) - 22/05/2008 20:20:27 - Analyse
      Lancé depuis C:\Documents and Settings\bibiche\Bureau\BTFix\BTFix.exe

      ---> Fichiers/Dossiers trouvés

      - [Spécial : AdRotator] C:\WINDOWS\system32\nsc80.dll
      - C:\WINDOWS\system32\WhoisCL.exe
      - C:\Program Files\BrowsingAdvisor\
      - C:\Program Files\Mozilla Firefox\components\nsbrowseropt.dll

      ---> Analyse terminée le 22/05/2008 20:20:28
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
    Démarre l'ordinateur.
    Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
    En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

    Ouvre BTFix.
    Clique sur Nettoyer.
    Un rapport va apparaître.

    Redémarre normalement

    _______________

    recolle un hiajkchtis et dis tes soucis
    0
    1. marie
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:37:15, on 22/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\bibiche\Bureau\Unlocker\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\bibiche\Bureau\setup_fr.exe"
      O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{31BDDD12-A6C7-4592-9EF8-1C35E7D4F9B8}: NameServer = 192.168.1.1
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsc80.dll
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\bibiche\Bureau\setup_fr.exe"
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    _____________

    mon imprimante remarche merci
    dis j'aurais une derniere question comme tu a vu j'ai avira comme antivirus mais je recois de leur part des ads server qui me casse les pied tu sais comment je peu les enlever enfin si c'est possible!

    non on peut pas en version gratuite, tu as les pubs a achque mise a jour...

    _____________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Documents and Settings\bibiche\Bureau\setup_fr.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________
    vire ce qui est dans moved files en allant dans poste de travail puis c puis otmovit

    ___________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _____________

    colle un rapport avec antivir que tu as

    et un nouvel hijakchits
    0
  11. marie
     
    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 777

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 95355
    Temps écoulé: 42 minute(s), 54 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\bibiche\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\bibiche\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport avec antivir que tu as

    et un nouvel hijakchits
    0
    1. marie
       
      Avira AntiVir Personal
      Report file date: jeudi 22 mai 2008 21:43

      Scanning for 1282221 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: MARIE

      Version information:
      BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 16/04/2008 20:21:20
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 16/04/2008 20:21:20
      LUKE.DLL : 8.1.2.9 151809 Bytes 16/04/2008 20:21:21
      LUKERES.DLL : 8.1.2.1 12033 Bytes 16/04/2008 20:21:21
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:23:02
      ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 10:24:17
      ANTIVIR3.VDF : 7.0.4.77 103936 Bytes 22/05/2008 10:20:35
      Engineversion : 8.1.0.46
      AEVDF.DLL : 8.1.0.5 102772 Bytes 16/04/2008 20:21:21
      AESCRIPT.DLL : 8.1.0.33 266618 Bytes 16/05/2008 10:21:19
      AESCN.DLL : 8.1.0.18 119156 Bytes 16/05/2008 10:21:15
      AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 10:19:34
      AEPACK.DLL : 8.1.1.5 364918 Bytes 16/05/2008 10:21:13
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 10:19:18
      AEHEUR.DLL : 8.1.0.29 1253750 Bytes 16/05/2008 10:21:08
      AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 10:19:17
      AEGEN.DLL : 8.1.0.21 303477 Bytes 16/05/2008 10:20:50
      AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 10:17:47
      AECORE.DLL : 8.1.0.29 168311 Bytes 16/05/2008 10:20:42
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 16/04/2008 20:21:20
      AVPREF.DLL : 8.0.0.1 25857 Bytes 16/04/2008 20:21:20
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
      AVREG.DLL : 8.0.0.0 30977 Bytes 16/04/2008 20:21:20
      AVARKT.DLL : 1.0.0.23 307457 Bytes 16/04/2008 20:21:20
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 16/04/2008 20:21:20
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 16/04/2008 20:21:21
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 16/04/2008 20:21:21
      NETNT.DLL : 8.0.0.1 7937 Bytes 16/04/2008 20:21:21
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 16/04/2008 20:21:16
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 16/04/2008 20:21:16

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: jeudi 22 mai 2008 21:43

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'lxbvaiox.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lxbvbmon.exe' - '1' Module(s) have been scanned
      Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
      Scan process 'slserv.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'lxbvbmgr.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
      Scan process 'mdm.exe' - '1' Module(s) have been scanned
      Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
      Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
      Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      41 processes with 41 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '19' files ).


      Starting the file scan:

      Begin scan in 'C:\' <HDD>
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP886\A0122849.exe
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE] The file was moved to '4866d2e5.qua'!


      End of the scan: jeudi 22 mai 2008 22:26
      Used time: 42:56 min

      The scan has been done completely.

      6156 Scanning directories
      257618 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      257617 Files not concerned
      7509 Archives were scanned
      2 Warnings
      1 Notes

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:27:41, on 22/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
      C:\WINDOWS\system32\spider.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\bibiche\Bureau\Unlocker\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{31BDDD12-A6C7-4592-9EF8-1C35E7D4F9B8}: NameServer = 192.168.1.1
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans

    puis redemarre ton ordi
    puis réactive là :

    https://www.informatruc.com

    ________

    pour virer ce que je t'ai fais mettre:

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-)

    ____________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    _______________

    voila si pas de soucis c'est bon

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
    WINDOWS DEFENDER ou SPYWARE TERMINATOR

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
  14. marie
     
    merci beaucoup pour ton aide....
    ça a marché c'est cool....
    bonne soirée
    marie
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    de rien bonne continuation
    0