Virus cafards mangent l'écran

Question

Bonjour à tous,

Depuis samedi j'ai attrapé un virus qui a complètement infesté mon ordinateur avec changement de fond d'écran pour dire que l'ordinateur est contaminé, juste à côté de l'horloge un message s'affiche "VIRUS ALERT". De plus, lorsque mon ordinateur est inactif, je vois apparaitre des cafards qui mangent mon écran petit à petit. Enfin, j'ai un antivirus "pest patrol" qui s'active tout seul au démarrage de l'ordinateur, impossible de le désinstaller, il me reconnait une tonne de virus mais il me dit que je dois m'enregistrer pour pouvoir les éliminer. J'ai passé avast et la version d'essai de kaspersky sans qu'il détecte de virus.

Merci de bien vouloir m'aider.

Utilisateur anonyme · Answer

Salut 

# Télécharge ceci: (merci a S!RI pour ce petit programme). 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip 

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, 
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php 
il va générer un rapport : copie/colle le sur le poste stp. 




--,



A découvrir : Estopa, Rosario Flores, La oreja de van gogh.. Bonne écoute

saga · Answer

Voila je l'ai fait:

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JACQUOT1


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JACQUOT1\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JACQUOT1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8A5849C4-93F3-429D-FF34-660A2068897C}"="OpenGL additional"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3DFA2EC-7F81-433C-98A5-77481751ABB0}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C3DFA2EC-7F81-433C-98A5-77481751ABB0}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3DFA2EC-7F81-433C-98A5-77481751ABB0}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Telecharge malwarebytes 

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

ps : les rapport sont aussi rangé dans l onglet rapport/log

saga · Answer

Voila scan terminé, je met le rapport:

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 800

18:48:21 02/06/2008
mbam-log-6-2-2008 (18-47-50).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 139272
Temps écoulé: 48 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 79
Valeur(s) du Registre infectée(s): 18
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\byXQJbYS.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\iewarning.warningbho (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{56fa7933-dc3e-403b-8d47-bb5e3f345a21} (Rogue.PestPatrol) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56fa7933-dc3e-403b-8d47-bb5e3f345a21} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\iewarning.warningbho.1 (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8499c835-defd-267e-3dce-d3832cc3f983} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{05589faf-c356-11ce-bf01-00aa0055595a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{060af76c-68dd-11d0-8fc1-00c04fd9189d} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0618aa30-6bc4-11cf-bf36-00aa0055595a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{06b32aee-77da-484b-973b-5d64f47201b0} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07167665-5011-11cf-bf33-00aa0055595a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b65360-c445-11ce-afde-00aa006c14f4} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1643e180-90f5-11ce-97d5-00aa0055595a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1b544c20-fd0b-11ce-8c63-00aa0044b51e} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1bb05961-5fbf-11d2-a521-44df07c10000} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1da08500-9edc-11cf-bc10-00aa00ac74f6} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e651cc0-b199-11d0-8212-00c04fc32c45} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{301056d0-6dff-11d2-9eeb-006008039e37} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{336475d0-942a-11ce-a870-00aa002feab5} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{33facfe0-a9be-11d0-a520-00a0d10129c0} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37e92a92-d9aa-11d2-bf84-8ef2b1555aed} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{418afb70-f8b8-11ce-aac6-0020af0b99a3} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4444ac9e-242e-471b-a3c7-45dcd46352bc} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{48025243-2d39-11ce-875d-00608cb78066} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a2286e0-7bef-11ce-9bd9-0000e202599c} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{51b4abf3-748f-4e3b-a276-c828330e926a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59ce6880-acf8-11cf-b56e-0080c7c4b68a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6a08cf80-0e18-11cf-a24d-0020afd79767} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6bc1cffa-8fc1-4261-ac22-cfb4cc38db50} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6f26a6cd-967b-47fd-874a-7aed2c9d25a2} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70e102b0-5556-11ce-97c0-00aa0055595a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{79376820-07d0-11cf-a24d-0020afd79767} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7d8aa343-6e63-4663-be90-6b80f66540a3} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92a3a302-da7c-4a1f-ba7e-1802bb5d2d02} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{92a3a302-da7c-4a1f-ba7e-1802bb5d2d02} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{944d4c00-dd52-11ce-bf0e-00aa0055595a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{99d54f63-1a69-41ae-aa4d-c976eb3f0713} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a888df60-1e90-11cf-ac98-00aa004c0fa9} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a8dfb9a0-8a20-479f-b538-9387c5eeba2b} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b80ab0a0-7416-11d2-9eeb-006008039e37} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b87beb7b-8d29-423f-ae4d-6582c10175ac} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cc785860-b2ca-11ce-8d2b-0000e202599c} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cda42200-bd88-11d0-bd4e-00a0c911ce86} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbd8d00-c193-11d0-bd4e-00a0c911ce86} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cf49d4e0-1115-11ce-b03a-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d3588ab0-0781-11ce-b03a-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a0-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a1-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a2-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a3-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a5-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e30629d1-27e5-11ce-875d-00608cb78066} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e4206432-01a1-4bee-b3e1-3702c8edc574} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e436ebb1-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e436ebb2-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e436ebb3-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e436ebb5-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e436ebb6-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e436ebb7-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e436ebb8-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e4979309-7a32-495e-8a92-7b014aad4961} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e5b4eaa0-b2ca-11ce-8d2b-0000e202599c} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fdfe9681-74a3-11d0-afa7-00aa00b67a42} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{feb50740-7bef-11ce-9bd9-0000e202599c} (Rogue.PestPatrol) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34cf6660-9bd3-431a-ba32-6b511d4126da} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_CURRENT_USER\Software\Pest-Patrol (Rogue.PestPatrol) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\AntiVirProtect (Rogue.AntiVirProtect) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxqjbys (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\e405.e405mgr (Trojan.Zlob) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pest-Patrol (Rogue.VirusHeat) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pest-Patrol 2.1.0 (Rogue.VirusHeat) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\BootDrv (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\Montorgueil (Diler) -> No action taken.
C:\Program Files\AntiVirProtect (Rogue.AntiVirProtect) -> No action taken.
C:\Program Files\Pest-Patrol (Rogue.PestPatrol) -> No action taken.
C:\WINDOWS\system32\824223 (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\818646 (Trojan.BHO) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\Pest-Patrol\Pest-Patrol.exe  (Rogue.VirusHeat) -> No action taken.
C:\Program Files\Pest-Patrol\Pest-Patrol.exe (Rogue.VirusHeat) -> No action taken.
C:\Program Files\Pest-Patrol\IEWarning.dll (Rogue.PestPatrol) -> No action taken.
C:\WINDOWS\system32\quartz.dll (Rogue.PestPatrol) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\824223\824223.dll (Trojan.BHO) -> No action taken.
C:\Program Files\Montorgueil\14.06128 (Diler) -> No action taken.
C:\Program Files\AntiVirProtect\AntiVirProtect.lic (Rogue.AntiVirProtect) -> No action taken.
C:\Program Files\AntiVirProtect\AntiVirProtect0.ap (Rogue.AntiVirProtect) -> No action taken.
C:\Program Files\AntiVirProtect\AntiVirProtect1.ap (Rogue.AntiVirProtect) -> No action taken.
C:\Program Files\AntiVirProtect\Uninstall.exe (Rogue.AntiVirProtect) -> No action taken.
C:\WINDOWS\system32\818646\818646.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pmnkIXNe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXQJbYS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS	emp\BN1A.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS	emp\BN29.tmp (Trojan.Agent) -> No action taken.

Utilisateur anonyme · Answer

No action taken

as tu supprimé la selection a la fin du scan ??

Si oui as tu le rapport qui le confirme ??

les rapports sont rangés dans l onglet rapport/log

saga · Answer

J'ai enregistré le rapport avant de supprimer la sélection, j'ai bien tout supprimé.

Utilisateur anonyme · Answer

dans ce cas réouvre malewarebyte
va sur quarantaine 
supprime tout

ensuite va sur rapport/log
et envoi le dernier rapport 

et fais ça :

Télécharge clean.zip, de Malekal 
http://www.malekal.com/download/clean.zip 



(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 

(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd 

une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 

(3) Choisis l'option 1 puis patiente 
Poste le rapport obtenu 


pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt. 
et copie/colle le sur ta prochaine réponse . 

Ne passe pas à l'option 2 sans notre avis !

saga · Answer

Voila le rapport de malwarebyte:

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 800

18:48:42 02/06/2008
mbam-log-6-2-2008 (18-48-42).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 139272
Temps écoulé: 48 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 79
Valeur(s) du Registre infectée(s): 18
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\byXQJbYS.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\iewarning.warningbho (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56fa7933-dc3e-403b-8d47-bb5e3f345a21} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56fa7933-dc3e-403b-8d47-bb5e3f345a21} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iewarning.warningbho.1 (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8499c835-defd-267e-3dce-d3832cc3f983} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{05589faf-c356-11ce-bf01-00aa0055595a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{060af76c-68dd-11d0-8fc1-00c04fd9189d} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0618aa30-6bc4-11cf-bf36-00aa0055595a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{06b32aee-77da-484b-973b-5d64f47201b0} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07167665-5011-11cf-bf33-00aa0055595a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b65360-c445-11ce-afde-00aa006c14f4} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1643e180-90f5-11ce-97d5-00aa0055595a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1b544c20-fd0b-11ce-8c63-00aa0044b51e} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1bb05961-5fbf-11d2-a521-44df07c10000} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1da08500-9edc-11cf-bc10-00aa00ac74f6} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e651cc0-b199-11d0-8212-00c04fc32c45} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{301056d0-6dff-11d2-9eeb-006008039e37} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{336475d0-942a-11ce-a870-00aa002feab5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{33facfe0-a9be-11d0-a520-00a0d10129c0} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37e92a92-d9aa-11d2-bf84-8ef2b1555aed} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{418afb70-f8b8-11ce-aac6-0020af0b99a3} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4444ac9e-242e-471b-a3c7-45dcd46352bc} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48025243-2d39-11ce-875d-00608cb78066} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a2286e0-7bef-11ce-9bd9-0000e202599c} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51b4abf3-748f-4e3b-a276-c828330e926a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59ce6880-acf8-11cf-b56e-0080c7c4b68a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6a08cf80-0e18-11cf-a24d-0020afd79767} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6bc1cffa-8fc1-4261-ac22-cfb4cc38db50} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f26a6cd-967b-47fd-874a-7aed2c9d25a2} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70e102b0-5556-11ce-97c0-00aa0055595a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{79376820-07d0-11cf-a24d-0020afd79767} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d8aa343-6e63-4663-be90-6b80f66540a3} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92a3a302-da7c-4a1f-ba7e-1802bb5d2d02} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{92a3a302-da7c-4a1f-ba7e-1802bb5d2d02} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{944d4c00-dd52-11ce-bf0e-00aa0055595a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99d54f63-1a69-41ae-aa4d-c976eb3f0713} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a888df60-1e90-11cf-ac98-00aa004c0fa9} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8dfb9a0-8a20-479f-b538-9387c5eeba2b} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b80ab0a0-7416-11d2-9eeb-006008039e37} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b87beb7b-8d29-423f-ae4d-6582c10175ac} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc785860-b2ca-11ce-8d2b-0000e202599c} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cda42200-bd88-11d0-bd4e-00a0c911ce86} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbd8d00-c193-11d0-bd4e-00a0c911ce86} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cf49d4e0-1115-11ce-b03a-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3588ab0-0781-11ce-b03a-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a0-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a1-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a2-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a3-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d51bd5a5-7548-11cf-a520-0080c77ef58a} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e30629d1-27e5-11ce-875d-00608cb78066} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e4206432-01a1-4bee-b3e1-3702c8edc574} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e436ebb1-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e436ebb2-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e436ebb3-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e436ebb5-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e436ebb6-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e436ebb7-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e436ebb8-524f-11ce-9f53-0020af0ba770} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e4979309-7a32-495e-8a92-7b014aad4961} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5b4eaa0-b2ca-11ce-8d2b-0000e202599c} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fdfe9681-74a3-11d0-afa7-00aa00b67a42} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{feb50740-7bef-11ce-9bd9-0000e202599c} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34cf6660-9bd3-431a-ba32-6b511d4126da} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Pest-Patrol (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiVirProtect (Rogue.AntiVirProtect) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxqjbys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pest-Patrol (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pest-Patrol 2.1.0 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\BootDrv (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4f26bedb-d89b-44a1-948b-5d523292dadf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Montorgueil (Diler) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirProtect (Rogue.AntiVirProtect) -> Quarantined and deleted successfully.
C:\Program Files\Pest-Patrol (Rogue.PestPatrol) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\824223 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\818646 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Pest-Patrol\Pest-Patrol.exe  (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\Pest-Patrol\Pest-Patrol.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\Pest-Patrol\IEWarning.dll (Rogue.PestPatrol) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\quartz.dll (Rogue.PestPatrol) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\824223\824223.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\14.06128 (Diler) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirProtect\AntiVirProtect.lic (Rogue.AntiVirProtect) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirProtect\AntiVirProtect0.ap (Rogue.AntiVirProtect) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirProtect\AntiVirProtect1.ap (Rogue.AntiVirProtect) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirProtect\Uninstall.exe (Rogue.AntiVirProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\818646\818646.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pmnkIXNe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQJbYS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS	emp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS	emp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

ok vide la quarantaine malewarebyte et fais clean stp

saga · Answer

Probleme, je n'arrive plus à utiliser l'ordinateur, dès que je l'ouvre il y a le bureau qui disparait, il ne reste que le fond d'écran après ça revient mais pas assez longtemps pour je puisse exécuter "clean" puis ça se rebloque sur le fond d'écran. Ca me faisait ça déjà avant de commencer malewarebyte mais j'étais arriver à l'enlever en utilisant un point de restauration et en démarrant en mode sans échec. Mais là, depuis que j'ai passé maleware, je n'ai plus de point de restauration et donc je ne peux plus exécuter "clean".
Je ne travaille pas sur l'ordinateur infesté, j'importe tout d'un autre ordinateur avec une clé USB.

Merci de m'aider.

Utilisateur anonyme · Answer

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


-> Double clique combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

saga · Answer

Mais je n'ai pas assez le temps pour exécuter le logiciel.

Utilisateur anonyme · Answer

essai en mode sans echec

saga · Answer

j'ai déjà essayé, rien ne change.

Utilisateur anonyme · Answer

t as le cd windows ??

saga · Answer

Oui

Utilisateur anonyme · Answer

COOL !!

dans ton cas vu que tu ne peux rien faire du pc !

demarre le pc ensuite insere le cd windows 

redémarre le pc 

au demarrage t auras un message te disant de presser une touche pour demarrer le cd 

fais le 

ensuite durant l installation forrmate le disque C et continue l installation 

tu dois savoir que ceci effacera tes documents tes logiciels etc 

donc sauvegarde tes docs etc sur une cle usb par exemple 

avant de réinstaller windows

saga · Answer

Bon en faite je suis arrivé à faire démarrer combofix gràce au gestionnaire des taches, en faisant nouvelle tâche. Il est en train de scanner l'ordinateur, je met le résultat plus tard.

Utilisateur anonyme · Answer

ok cool

saga · Answer

Pas de changement.

Utilisateur anonyme · Answer

t as passé combofix ?? t as le rapport ??

saga · Answer

J'ai repassé ComboFix, et en faite ça marche, ça l'air d'être redevenu "potable", ça buggé la 1ère parce que je n'avais pas enlevé mon antivirus à cause du blocage. Dois-je passer clean maintenant? Je met le rapport de combo fix :

ComboFix 08-06-01.6 - 2008-06-03 15:39:46.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.626 [GMT 2:00]
Endroit: G:\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\popcorn Terms.html
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\aceKRqss.ini2
C:\WINDOWS\system32\BLRCfMoq.ini
C:\WINDOWS\system32\BLRCfMoq.ini2
C:\WINDOWS\system32\byXQJbYS.dll
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\drivers\saG41.sys
C:\WINDOWS\system32\NVuBeMoq.ini
C:\WINDOWS\system32\NVuBeMoq.ini2
C:\WINDOWS\system32\pVybcccf.ini2
C:\WINDOWS\system32\qoMfCRLB.dll
C:\WINDOWS\system32\WinCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_SAG41
-------\Service_saG41

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.

2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\JACQUOT1\Application Data\Malwarebytes
2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 17:51 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 17:51 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 17:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-02 17:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-02 17:40 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-02 17:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-02 17:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-02 17:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-02 17:22 . 2008-06-02 17:31 <REP> d-------- C:\WINDOWS\LastGood(2)
2008-06-01 22:31 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-01 22:30 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-01 22:29 . 2004-08-05 14:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-06-01 22:29 . 2004-08-05 14:00 281,600 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx
2008-06-01 22:29 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-06-01 22:29 . 2004-08-05 14:00 96,768 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-06-01 22:29 . 2004-08-05 14:00 77,824 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2008-06-01 22:29 . 2004-08-05 14:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-01 21:33 . 2008-06-01 22:51 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 21:33 . 2008-06-01 22:51 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 21:32 . 2008-06-01 21:32 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-06-01 21:27 . 2008-06-01 21:27 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-06-01 21:27 . 2008-06-02 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 21:27 . 2008-06-03 15:50 3,603,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 21:27 . 2008-06-03 15:50 511,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 21:27 . 2008-06-03 15:44 50,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 21:27 . 2008-06-03 15:44 48,932 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 21:24 . 2008-06-01 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-01 18:51 . 2008-06-01 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-01 11:26 . 2008-06-01 11:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 11:25 . 2008-06-01 11:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 20:00 . 2008-05-31 20:00 <REP> d-------- C:\Program Files\Alwil Software
2008-05-31 19:55 . 2008-05-31 19:47 23,167,480 --a------ C:\avast_avast_4.8.1201_francais_anglais_11113.exe
2008-05-31 19:48 . 2008-06-01 21:32 28,899 --a------ C:\WINDOWS\setupapi.old
2008-05-31 19:24 . 2008-06-01 11:28 <REP> d-------- C:\Program Files\Lavasoft
2008-05-31 16:56 . 2008-05-31 16:57 <REP> d-------- C:\sUBs
2008-05-31 12:24 . 2008-05-31 12:24 <REP> d-------- C:\Program Files\Sun
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-31 11:48 . 2006-07-06 22:03 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-31 11:48 . 2006-07-06 23:39 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-31 11:48 . 2008-06-02 19:18 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-31 11:29 . 2008-06-02 17:22 14,848 --a------ C:\WINDOWS\system32\WinCtrl32(2)(2).dll
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-03 08:16 . 2008-05-03 08:16 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 13:50 --------- d-----w C:\Program Files\Wanadoo
2008-06-02 18:01 3,458 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-02 16:59 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-02 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 17:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-01 17:36 --------- d-----w C:\Program Files\XoftSpySE
2008-06-01 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 09:27 --------- d-----w C:\Documents and Settings\JACQUOT1\Application Data\Lavasoft
2008-05-31 20:03 --------- d-----w C:\Program Files\Realtek AC97
2008-05-31 10:24 --------- d-----w C:\Program Files\Java
2008-05-03 06:15 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-11-18 15:30 23,504 ----a-w C:\Documents and Settings\JACQUOT1\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 06:07 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-12-04 22:25 4,318 ----a-w C:\Documents and Settings\JACQUOT1\gotgo.exe
2006-10-09 19:17 29,784 ----a-w C:\Program Files\ Terms.html
1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-07-28 19:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD01187-8BF9-43E3-BBCF-10092B14DEF1}]
C:\WINDOWS\system32\qoMeBuVN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 12:05 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-03 13:18 282624]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-03 08:11 69632]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-03 08:11 185896]
"PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 09:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"System Anti-Virus Server"="C:\WINDOWS\system32\system.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hpV06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipU28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqV28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqV52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pwD17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qxE62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\taG62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msrr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.3\\cnc3game.dat"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S0 kqV52;kqV52;C:\WINDOWS\system32\Drivers\kqV52.sys []
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 hpV06;hpV06;C:\WINDOWS\System32\drivers\hpV06.sys []
S3 ipU28;ipU28;C:\WINDOWS\System32\drivers\ipU28.sys []
S3 jqV28;jqV28;C:\WINDOWS\System32\drivers\jqV28.sys []
S3 jswmidin;jswmidin;C:\DOCUME~1\JACQUOT1\LOCALS~1\Temp\jswmidin.sys []
S3 lsY41;lsY41;C:\WINDOWS\System32\drivers\lsY41.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2005-05-20 16:27]
S3 pwD17;pwD17;C:\WINDOWS\System32\drivers\pwD17.sys []
S3 qxE62;qxE62;C:\WINDOWS\System32\drivers\qxE62.sys []
S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2005-06-04 14:01]
S3 taG62;taG62;C:\WINDOWS\System32\drivers\taG62.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd4a092e-b207-11dc-9b15-001109f84a84}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Portail-Pharma-salon-cleUSB.pdf

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-16 19:28:13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 15:49:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-03 15:53:35 - machine was rebooted [JACQUOT1]
ComboFix-quarantined-files.txt 2008-06-03 13:53:28
ComboFix2.txt 2008-05-31 14:56:53

Pre-Run: 17,750,618,112 octets libres
Post-Run: 17,968,070,656 octets libres

240 --- E O F --- 2008-06-03 01:00:22

Utilisateur anonyme · Answer

ok refais un scan hijackthis et poste le rapport stp

saga · Answer

Voila le rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:12, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
G:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {EDD01187-8BF9-43E3-BBCF-10092B14DEF1} - C:\WINDOWS\system32\qoMeBuVN.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunServices: [System Anti-Virus Server] C:\WINDOWS\system32\system.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
C:\WINDOWS\system32\system.exe
C:\WINDOWS\system32\WinCtrl32(2)(2).dll 
C:\WINDOWS\system32\lsdelete.exe 
C:\WINDOWS\LastGood(2) 
C:\Documents and Settings\JACQUOT1\gotgo.exe 
C:\WINDOWS\system32\qoMeBuVN.dll 



Registry:: 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD01187-8BF9-43E3-BBCF-10092B14DEF1}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 
"System Anti-Virus Server"=-




Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt. 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

saga · Answer

Voici le rapproy combofix :

ComboFix 08-06-01.6 - 2008-06-03 17:01:11.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.635 [GMT 2:00]
Endroit: C:\Documents and Settings\JACQUOT1\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\JACQUOT1\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\JACQUOT1\gotgo.exe
C:\WINDOWS\LastGood(2)
C:\WINDOWS\system32\lsdelete.exe
C:\WINDOWS\system32\qoMeBuVN.dll
C:\WINDOWS\system32\system.exe
C:\WINDOWS\system32\WinCtrl32(2)(2).dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JACQUOT1\gotgo.exe
C:\WINDOWS\system32\lsdelete.exe
C:\WINDOWS\system32\WinCtrl32(2)(2).dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.

2008-06-03 15:53 . 2008-06-03 15:53 <REP> d-------- C:\Documents and Settings\InvitÚ
2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\JACQUOT1\Application Data\Malwarebytes
2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 17:51 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 17:51 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 17:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-02 17:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-02 17:40 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-02 17:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-02 17:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-02 17:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-02 17:22 . 2008-06-02 17:31 <REP> d-------- C:\WINDOWS\LastGood(2)
2008-06-01 22:31 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-01 22:30 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-01 22:29 . 2004-08-05 14:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-06-01 22:29 . 2004-08-05 14:00 281,600 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx
2008-06-01 22:29 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-06-01 22:29 . 2004-08-05 14:00 96,768 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-06-01 22:29 . 2004-08-05 14:00 77,824 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2008-06-01 22:29 . 2004-08-05 14:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-01 22:28 . 2008-06-01 22:28 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-01 21:33 . 2008-06-01 22:51 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 21:33 . 2008-06-01 22:51 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 21:32 . 2008-06-01 21:32 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-06-01 21:27 . 2008-06-01 21:27 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-06-01 21:27 . 2008-06-02 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 21:27 . 2008-06-03 17:12 3,691,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 21:27 . 2008-06-03 17:11 513,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 21:27 . 2008-06-03 15:44 50,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 21:27 . 2008-06-03 15:44 48,932 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 21:24 . 2008-06-01 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-01 18:51 . 2008-06-01 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-01 11:26 . 2008-06-01 11:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 11:25 . 2008-06-01 11:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 20:00 . 2008-05-31 20:00 <REP> d-------- C:\Program Files\Alwil Software
2008-05-31 19:55 . 2008-05-31 19:47 23,167,480 --a------ C:\avast_avast_4.8.1201_francais_anglais_11113.exe
2008-05-31 19:48 . 2008-06-01 21:32 28,899 --a------ C:\WINDOWS\setupapi.old
2008-05-31 19:24 . 2008-06-01 11:28 <REP> d-------- C:\Program Files\Lavasoft
2008-05-31 16:56 . 2008-05-31 16:57 <REP> d-------- C:\sUBs
2008-05-31 12:24 . 2008-05-31 12:24 <REP> d-------- C:\Program Files\Sun
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-31 11:48 . 2006-07-06 22:03 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-31 11:48 . 2006-07-06 23:39 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-31 11:48 . 2008-06-02 19:18 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-03 08:16 . 2008-05-03 08:16 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 14:56 --------- d-----w C:\Program Files\Wanadoo
2008-06-02 18:01 3,458 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-02 16:59 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-02 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 17:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-01 17:36 --------- d-----w C:\Program Files\XoftSpySE
2008-06-01 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 09:27 --------- d-----w C:\Documents and Settings\JACQUOT1\Application Data\Lavasoft
2008-05-31 20:03 --------- d-----w C:\Program Files\Realtek AC97
2008-05-31 10:24 --------- d-----w C:\Program Files\Java
2008-05-03 06:15 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-11-18 15:30 23,504 ----a-w C:\Documents and Settings\JACQUOT1\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 06:07 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2006-10-09 19:17 29,784 ----a-w C:\Program Files\ Terms.html
1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-07-28 19:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_15.52.14.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 13:48:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 14:55:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD01187-8BF9-43E3-BBCF-10092B14DEF1}]
C:\WINDOWS\system32\qoMeBuVN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 12:05 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-03 13:18 282624]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-03 08:11 69632]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-03 08:11 185896]
"PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 09:00 81920 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hpV06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipU28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqV28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqV52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pwD17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qxE62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\taG62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msrr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.3\\cnc3game.dat"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S0 kqV52;kqV52;C:\WINDOWS\system32\Drivers\kqV52.sys []
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 hpV06;hpV06;C:\WINDOWS\System32\drivers\hpV06.sys []
S3 ipU28;ipU28;C:\WINDOWS\System32\drivers\ipU28.sys []
S3 jqV28;jqV28;C:\WINDOWS\System32\drivers\jqV28.sys []
S3 jswmidin;jswmidin;C:\DOCUME~1\JACQUOT1\LOCALS~1\Temp\jswmidin.sys []
S3 lsY41;lsY41;C:\WINDOWS\System32\drivers\lsY41.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2005-05-20 16:27]
S3 pwD17;pwD17;C:\WINDOWS\System32\drivers\pwD17.sys []
S3 qxE62;qxE62;C:\WINDOWS\System32\drivers\qxE62.sys []
S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2005-06-04 14:01]
S3 taG62;taG62;C:\WINDOWS\System32\drivers\taG62.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd4a092e-b207-11dc-9b15-001109f84a84}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Portail-Pharma-salon-cleUSB.pdf

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-10-16 19:28:13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:11:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-03 17:13:40
ComboFix-quarantined-files.txt 2008-06-03 15:13:32
ComboFix2.txt 2008-06-03 13:53:37
ComboFix3.txt 2008-05-31 14:56:53

Pre-Run: 17,933,586,432 octets libres
Post-Run: 17,929,228,288 octets libres

227 --- E O F --- 2008-06-03 01:00:22

Voila le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:38, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
G:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {EDD01187-8BF9-43E3-BBCF-10092B14DEF1} - C:\WINDOWS\system32\qoMeBuVN.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

Utilisateur anonyme · Answer

ok on termine 

réouvre hijackthis 
fais scan only
coche ces lignes :


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 

O2 - BHO: (no name) - {EDD01187-8BF9-43E3-BBCF-10092B14DEF1} - C:\WINDOWS\system32\qoMeBuVN.dll (file missing) 
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 


O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab 
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx 
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab 


tu les coches et tu clic sur fix checked 

ensuite ta version d internet explorer n est pas a jours telecharge et instal cette version :

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

ensuite :

telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo 

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien 

ensuite fais registre

fais chercher les erreures 

ensuite fais corriger les erreures 

repete l opération jusqu a ce qu il trouve rien 

pour completer le nettoyage tu peux faire ça :


Télecharge et instal AVG anti spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware


instal le et met le a jours

ensuite lance le scan et supprime

et pour finir :

* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe 
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


A découvrir : Estopa, Rosario Flores, La oreja de van gogh.. Bonne écoute

saga · Answer

Voila le rapport toolscleaner :



-->- Recherche: 

C:\Rustbfix: trouvé !
C:\!Killbox: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudFix.zip: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudFix.zip: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\vundoFix.exe: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudfix: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitfraudFix\SmitFraudfix: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitfraudFix\SmitfraudFix\SmitFraudFix.zip: trouvé !
C:\Documents and Settings\JACQUOT1\Bureau\SmitfraudFix\SmitFraudfix: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudFix.zip: supprimé !
C:\Documents and Settings\JACQUOT1\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudFix.zip: supprimé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\vundoFix.exe: supprimé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitfraudFix\SmitfraudFix\SmitFraudFix.zip: supprimé !
C:\Rustbfix: supprimé !
C:\!Killbox: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudfix: supprimé !

Utilisateur anonyme · Answer

voila tous est clean 

comment va le pc ??

Si tu es satisfait de mon intervention

et que tu n as plus de probleme 

change le statut du sujet en résolu stp

pour cela va en haut sur ta premiere question et la tu as le choix

saga · Answer

Alors, il y a juste le fond d'écran qui est resté mais à part ça tout va bien, tout à l'air d'être revenu à la normale.

Je te remercie pour ton aide, ça m'a été super utile en + avec une efficacité et une rapidité exemplaire, je ne pensais pas que ça irait aussi vite.

Utilisateur anonyme · Answer

pour le fond d ecran : a toi de le changer 

ciao @++

saga · Answer

Ok

A+ et encore merci pour l'aide.

Utilisateur anonyme · Answer

de nada ciao

Virus cafards mangent l'écran - Page 2

Discussions similaires

Newsletters