Aidez moi svp à supprimer xpantivirus 2008

salma -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
svp AIDEZ moi c'est vraiment urgent, j'ai choppé un virus xp antivirus vista 2008 et je n'arrive pas à le supprimer. J'ai essayé plusieurs manip mais rien , svp aidez moi je suis en plein période d'examen et j'ai besoin de mon pc. MERCI
voila le rapport hijackthis

O2 - BHO: QXK Olive - {354CDB3B-5A71-4F97-A0C7-E3D682B1D713} - C:\WINDOWS\kvsdpfeaksr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {e1cb3dcf-172b-a93a-95e4-fdbbe1ed9fa8} - {8af9de1e-bbdf-4e59-a39a-b271fcd3bc1e} - C:\WINDOWS\system32\dswwtkbc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A74D8A13-D9F1-4BF4-8368-C5798A219ACB} - C:\WINDOWS\system32\jkkKecya.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - C:\WINDOWS\system32\ljJAQIAS.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F722D753-A64D-48B0-8F41-F2258E0CEA6E} - C:\WINDOWS\system32\fccaYonM.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: rtsplgob - {13DB4CF9-A377-42C1-8E49-96428FC8582C} - C:\WINDOWS\rtsplgob.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\STC\AutoMailChkr\MailChkr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsMedia\ItsTV.exe"
O4 - HKLM\..\Run: [1c1f6341] rundll32.exe "C:\WINDOWS\system32\vjeqcwyy.dll",b
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\SALIMA~1\LOCALS~1\Temp\srvprint.exe/r
O4 - HKLM\..\Run: [BM1f2c50dd] Rundll32.exe "C:\WINDOWS\system32\juujpbqc.dll",s
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljJAQIAS - C:\WINDOWS\SYSTEM32\ljJAQIAS.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: xkefqtgs - {1AB4A434-6BCE-46E3-9AE3-BD57FEDF3CD2} - C:\WINDOWS\xkefqtgs.dll
O21 - SSODL: rnopbfgt - {3C5EE435-3D65-45AB-8B4A-5B9F57FFADEB} - C:\WINDOWS\rnopbfgt.dll
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Configuration: Windows XP
Internet Explorer 6.0

15 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    il y a du boulot sur ton ordi!!!

    utilise rogue remover:
    et colle le rapport
    http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

    https://www.01net.com/telecharger/

    ____________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

    3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
    ___________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.
    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ____________

    tu as quel antivirus????

    si tu n'en as pas installe antivir et colle le rapport

    https://www.malekal.com/avira-free-security-antivirus-gratuit/
    recolle un hijakhcits et dis tes soucis
    0
  2. salma
     
    voila le rapport que vous m'avez demandé...SmitFraudFix v2.323

    Rapport fait à 16:48:25,29, 11/06/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport après desinfection et complet cette fois

    sinon riogue remover a viré des choses???
    0
  4. salma
     
    voila j'ai procédé à la 2eme étape et voici le rapport complet. alors ou j'en suis??

    SmitFraudFix v2.323

    Rapport fait à 17:01:01,80, 11/06/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    C:\WINDOWS\kvsdpfeaksr.dll deleted.
    C:\WINDOWS\rtsplgob.dll deleted.
    C:\WINDOWS\xkefqtgs.dll deleted.
    C:\WINDOWS\rnopbfgt.dll deleted.

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NETGEAR MA521 802.11b Wireless PC Card - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B82E693C-2616-4956-B1E8-D970C23CC954}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B82E693C-2616-4956-B1E8-D970C23CC954}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B82E693C-2616-4956-B1E8-D970C23CC954}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. amari02 Messages postés 1 Statut Membre
     
    salut mon amie j espere que tout va bien pour toi et ton pc:!
    0
  7. salma
     
    j'ai redémarré mais le virus est toujours la...comment je fais pour avoir le rapport de rogue remover??? svp me laissez pas tomber
    salma
    0
  8. salma
     
    Merci j'ai lancé combofix et c'est parti je crois.
    Merci pour votre aide.
    0
  9. salma
     
    voila re rapport toutefois aprés désinfection.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:51, on 2008-06-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A74D8A13-D9F1-4BF4-8368-C5798A219ACB} - C:\WINDOWS\system32\jkkKecya.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
    O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\STC\AutoMailChkr\MailChkr.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsMedia\ItsTV.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MA521 Configuration Utility.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport combofix

    ____________

    relance hijakchits, fais do a system scan only et fix ces lignes (fix cheked)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: (no name) - {A74D8A13-D9F1-4BF4-8368-C5798A219ACB} - C:\WINDOWS\system32\jkkKecya.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

    O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
    O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    ______________

    redemarre ton ordinateur

    ____________

    tu as quel antivirus????

    si tu n'en as pas installe antivir et colle le rapport

    https://www.malekal.com/avira-free-security-antivirus-gratuit/

    _______________

    mets a jour internet explorer:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
    ______________

    recolle un hijakhcits et dis tes soucis
    0
  11. salma
     
    Merci vraiment pour votre assistance....vous me sauvez la vie....Je ne trouve pas le rapport combofix j'ai perdu l'ordi de vue quelques minutes et c parti avant q je ne le copie. Y A t'il un moyen de le retrouver??? mais j'ai bien fixed les lignes que vous m'avez indiqué en relanchant hijackchits.
    J'ai installé antivir j'ai lancé les scan et il a trouvé plein de virus et voici le rapport:

    Avira AntiVir Personal
    Report file date: 2008-06-11 18:23

    Scanning for 1327179 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: salima moulti
    Computer name: MOI-9CBE56AFECF

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
    ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 2008-06-01 15:59:50
    ANTIVIR3.VDF : 7.0.4.180 326144 Bytes 2008-06-11 15:59:55
    Engineversion : 8.1.0.55
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
    AESCRIPT.DLL : 8.1.0.40 266618 Bytes 2008-06-11 16:00:23
    AESCN.DLL : 8.1.0.21 119156 Bytes 2008-06-11 16:00:20
    AERDL.DLL : 8.1.0.20 418165 Bytes 2008-06-11 16:00:19
    AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-06-11 16:00:15
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-06-11 16:00:12
    AEHEUR.DLL : 8.1.0.30 1253750 Bytes 2008-06-11 16:00:10
    AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-06-11 16:00:03
    AEGEN.DLL : 8.1.0.28 307572 Bytes 2008-06-11 16:00:02
    AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-06-11 15:59:59
    AECORE.DLL : 8.1.0.31 168310 Bytes 2008-06-11 15:59:57
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, F:, G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-06-11 18:23

    The scan of running processes will be started
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
    Scan process 'btdna.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    28 processes with 28 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '24' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\LabelCommand\LabelCommand.dll
    [DETECTION] Is the Trojan horse TR/Agent.247296
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\catchme2008-06-11_173327,05.zip
    [0] Archive type: ZIP
    --> Winjp27.sys
    [1] Archive type: RSRC
    --> Object
    [DETECTION] Is the Trojan horse TR/Dldr.Mutant.aea
    --> fccaYonM.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\dswwtkbc.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\fccaYonM.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\juujpbqc.dll.vir
    [DETECTION] Is the Trojan horse TR/Monder.103424.2
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ljJAQIAS.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\vjeqcwyy.dll.vir
    [DETECTION] Is the Trojan horse TR/Monder.94720.2
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Mutant.aea
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Mutant.aea
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\awtqoNDu.VIR
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\ewblmqsp.VIR
    [DETECTION] Is the Trojan horse TR/Monder.94720.2
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\jkkKecya.VIR
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\mlJBSjiH.VIR000
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\wiaatomb.VIR
    [DETECTION] Is the Trojan horse TR/Monder.94720.2
    [NOTE] The file was deleted!
    Begin scan in 'D:\' <DONNEEES 2GA>
    Begin scan in 'E:\' <AUTRES DONNES>
    Begin scan in 'F:\' <INDY_LASTCRUSADE_EN>
    Begin scan in 'G:\' <WinLite>

    End of the scan: 2008-06-11 19:36
    Used time: 1:13:38 min

    The scan has been done completely.

    4713 Scanning directories
    211899 Files were scanned
    15 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    14 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    211884 Files not concerned
    8277 Archives were scanned
    1 Warnings
    14 Notes
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est dans quarantine en allant dans psote de travail puis

    C:\QooBox\Quarantine

    _________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport (tu le gardera par la suite avec antivir)

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _________________

    le rapport combofix est dans poste de travail puis
    C:\ComboFix.txt

    sinon rescanne avec et colle le rapport
    ______________

    recolle un nouvel hijakchits et dis tes soucis
    0
  13. salma
     
    Bonsoir
    VOICI LE RAPPORT COMBOFIX, j'ai bien supprimé ce qu'il y avait dans la quarantaine.

    2008-06-03 21:21 . 2008-06-03 21:21 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-06-03 21:13 . 2008-06-06 17:58 <REP> d-------- C:\Program Files\LimeWire
    2008-06-03 20:33 . 2008-06-03 20:33 268 --ah----- C:\sqmdata04.sqm
    2008-06-03 20:33 . 2008-06-03 20:33 244 --ah----- C:\sqmnoopt04.sqm
    2008-06-03 20:24 . 2008-06-11 13:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-03 20:20 . 2008-06-03 20:20 268 --ah----- C:\sqmdata03.sqm
    2008-06-03 20:20 . 2008-06-03 20:20 244 --ah----- C:\sqmnoopt03.sqm
    2008-06-03 20:17 . 2008-06-03 20:17 268 --ah----- C:\sqmdata02.sqm
    2008-06-03 20:17 . 2008-06-03 20:17 244 --ah----- C:\sqmnoopt02.sqm
    2008-06-03 19:35 . 2008-06-03 19:55 <REP> d-------- C:\Program Files\adslTV
    2008-06-03 18:06 . 2008-06-10 19:20 <REP> d-------- C:\Program Files\Google
    2008-06-03 12:11 . 2008-06-03 12:11 208 --ah----- C:\sqmdata01.sqm
    2008-06-03 12:11 . 2008-06-03 12:11 172 --ah----- C:\sqmnoopt01.sqm
    2008-06-03 12:10 . 2008-06-03 12:10 268 --ah----- C:\sqmdata00.sqm
    2008-06-03 12:10 . 2008-06-03 12:10 244 --ah----- C:\sqmnoopt00.sqm
    2008-06-03 12:03 . 2008-06-03 12:03 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-06-03 11:58 . 2008-06-03 12:06 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-06-03 11:41 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-06-03 11:40 . 2008-06-03 11:40 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-06-03 11:39 . 2008-06-04 21:03 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-06-03 11:32 . 2008-06-03 11:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-03 11:31 . 2008-06-03 11:56 <REP> d-------- C:\Program Files\Windows Live
    2008-06-03 11:31 . 2008-06-03 11:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-02 23:33 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-06-02 23:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2008-06-02 23:25 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-06-02 23:25 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-06-02 23:25 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-06-02 23:25 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-06-02 23:22 . 2008-06-02 23:22 <REP> d---s---- C:\Documents and Settings\salima moulti\UserData
    2008-06-02 23:06 . 2008-06-02 23:06 <REP> d-------- C:\Program Files\NETGEAR
    2008-06-02 23:06 . 2003-04-16 13:53 151,808 --------- C:\WINDOWS\system32\drivers\MA521nd5.sys
    2008-06-02 23:06 . 2002-10-02 08:57 13,532 --------- C:\WINDOWS\system32\drivers\SjyPkt.sys
    2008-06-02 23:06 . 2008-06-11 01:21 1,746 --a------ C:\WINDOWS\OEM.tmp
    2008-06-02 20:16 . 2008-06-02 20:16 <REP> d-------- C:\Program Files\Ontrack
    2008-06-02 20:12 . 2008-06-02 20:12 <REP> d-------- C:\Program Files\FreeUndelete
    2008-06-02 18:08 . 2008-06-02 18:08 <REP> d-------- C:\Program Files\QuickTime
    2008-06-02 18:08 . 2008-06-02 18:08 <REP> d-------- C:\Program Files\ImTOO
    2008-06-02 18:08 . 2008-06-03 19:35 <REP> d-------- C:\Documents and Settings\salima moulti\Application Data\vlc
    2008-06-02 18:06 . 2008-06-02 18:06 <REP> d-------- C:\Program Files\VideoLAN
    2008-06-02 17:46 . 2008-06-02 17:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
    2008-06-02 17:45 . 2008-06-02 17:45 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
    2008-06-02 17:41 . 2006-04-05 03:05 73,216 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
    2008-06-02 17:41 . 2005-04-11 03:01 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-11 14:25 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-06-10 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 15:50 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-02 15:47 --------- d-----w C:\Program Files\epson
    2008-06-02 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-02 12:40 --------- d-----w C:\Program Files\MSBuild
    2008-06-02 12:40 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-02 12:23 --------- d-----w C:\Program Files\Synaptics
    2008-06-02 12:22 --------- d-----w C:\Program Files\Intel
    2008-06-02 12:21 --------- d-----w C:\Program Files\AvRack
    2008-06-02 12:21 --------- d-----w C:\Program Files\Avance Sound Manager
    2008-06-02 12:13 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-02 12:08 --------- d-----w C:\Program Files\Services en ligne
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A74D8A13-D9F1-4BF4-8368-C5798A219ACB}]
    C:\WINDOWS\system32\jkkKecya.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B40E9CC1-7CCC-4033-92A6-153D95D11D8D}]
    C:\WINDOWS\system32\mlJBSjiH.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B51993D8-0A68-4BD4-8A4C-6E5E782DF33E}]
    C:\WINDOWS\system32\awtqoNDu.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 18:22 68856]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 23:16 289088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-15 20:48 126976]
    "AutoMailChecker"="C:\Program Files\STC\AutoMailChkr\MailChkr.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-04-16 12:01 565248]
    "ItsTV"="C:\Program Files\ItsLabel\ItsMedia\ItsTV.exe" [2007-04-26 16:19 2908160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
    --a------ 2001-09-04 03:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
    --a------ 2002-03-12 04:30 286720 C:\WINDOWS\system32\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-04 01:54 15360 C:\WINDOWS\system32\CTFMON.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
    --a------ 2006-02-14 06:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
    --a------ 2007-04-26 19:03 2693248 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2008-01-15 20:48 569344 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "ServiceLayer"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "gusvc"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "aspnet_state"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=

    S3 rtl8180;%RTL8180.Service.DispName%;C:\WINDOWS\system32\DRIVERS\MA521nd5.SYS [2003-04-16 13:53]
    S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-11 12:46:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    0
  14. salma
     
    voici le rapport de malwarebytes.....JE suis étonnée d'avoir trouvé autant de virus j'au cru le pb résolu.

    Malwarebytes' Anti-Malware 1.17
    Version de la base de données: 850

    22:27:34 2008-06-12
    mbam-log-6-12-2008 (22-27-33).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 100886
    Temps écoulé: 49 minute(s), 6 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\labelcommand.labelcommand (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\labelcommand.labelcommand.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\LogicFunctions (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\salima moulti\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\salima moulti\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\salima moulti\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\salima moulti\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\salima moulti\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\salima moulti\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    Malwarebytes' Anti-Malware 1.17
    Version de la base de données: 850

    22:27:25 2008-06-12
    mbam-log-6-12-2008 (22-27-19).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 100886
    Temps écoulé: 49 minute(s), 6 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\labelcommand.labelcommand (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\labelcommand.labelcommand.1 (Trojan.BHO) -> No action taken.
    HKEY_CURRENT_USER\Software\VAV (Rogue.VistaAntivirus2008) -> No action taken.
    HKEY_CURRENT_USER\Software\LogicFunctions (Rogue.Multiple) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.

    Fichier(s) infecté(s):
    C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
    C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> No action taken.
    C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
    C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
    C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\salima moulti\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\salima moulti\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\salima moulti\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\salima moulti\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\salima moulti\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
    C:\Documents and Settings\salima moulti\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
    0
  15. salma
     
    voila le rapport hijackchits final... j'attends votre réponse. MERCI INFINIMENT. VOUS ETES VRAIMENT TRES FORT!!!!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:39, on 2008-06-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
    O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\STC\AutoMailChkr\MailChkr.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: MA521 Configuration Utility.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok le rapport est bon!

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
    O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)

    ___________________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    __________________

    pour virer ce que je t'ai fais utiliser et qui n'est plus necessaire sur ton ordi:

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-)
    ___________________

    installe pour être mieux protégée spybot

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    ___________________

    et CCLEANER pour nettoyer regulierement tes traces

    https://www.malekal.com/tutoriel-ccleaner/

    _____________________

    voilà c'est bon

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    un antivirus

    ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT
    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0