aidez moi svp à supprimer xpantivirus 2008 Fermé

Question

Bonjour,
svp AIDEZ moi c'est vraiment urgent, j'ai choppé un virus xp antivirus vista 2008 et je n'arrive pas à le supprimer. J'ai essayé plusieurs manip mais rien , svp aidez moi je suis en plein période d'examen et j'ai besoin de mon pc. MERCI
voila le rapport hijackthis

O2 - BHO: QXK Olive - {354CDB3B-5A71-4F97-A0C7-E3D682B1D713} - C:\WINDOWS\kvsdpfeaksr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {e1cb3dcf-172b-a93a-95e4-fdbbe1ed9fa8} - {8af9de1e-bbdf-4e59-a39a-b271fcd3bc1e} - C:\WINDOWS\system32\dswwtkbc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A74D8A13-D9F1-4BF4-8368-C5798A219ACB} - C:\WINDOWS\system32\jkkKecya.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - C:\WINDOWS\system32\ljJAQIAS.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F722D753-A64D-48B0-8F41-F2258E0CEA6E} - C:\WINDOWS\system32\fccaYonM.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: rtsplgob - {13DB4CF9-A377-42C1-8E49-96428FC8582C} - C:\WINDOWS\rtsplgob.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\STC\AutoMailChkr\MailChkr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsMedia\ItsTV.exe"
O4 - HKLM\..\Run: [1c1f6341] rundll32.exe "C:\WINDOWS\system32\vjeqcwyy.dll",b
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\SALIMA~1\LOCALS~1\Temp\srvprint.exe/r
O4 - HKLM\..\Run: [BM1f2c50dd] Rundll32.exe "C:\WINDOWS\system32\juujpbqc.dll",s
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljJAQIAS - C:\WINDOWS\SYSTEM32\ljJAQIAS.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: xkefqtgs - {1AB4A434-6BCE-46E3-9AE3-BD57FEDF3CD2} - C:\WINDOWS\xkefqtgs.dll
O21 - SSODL: rnopbfgt - {3C5EE435-3D65-45AB-8B4A-5B9F57FFADEB} - C:\WINDOWS\rnopbfgt.dll
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

slt
il y a du boulot sur ton ordi!!!

utilise rogue remover:
et colle le rapport
http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

https://www.01net.com/telecharger/

____________

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php



2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée 
___________



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

____________

tu as quel antivirus????

si tu n'en as pas installe antivir et colle le rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/
recolle un hijakhcits et dis tes soucis

salma · Answer

voila le rapport que vous m'avez demandé...SmitFraudFix v2.323

Rapport fait à 16:48:25,29, 11/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

jlpjlp · Answer

colle le rapport après desinfection et complet cette fois

sinon riogue remover a viré des choses???

salma · Answer

voila j'ai procédé à la 2eme étape et voici le rapport complet. alors ou j'en suis??

SmitFraudFix v2.323

Rapport fait à 17:01:01,80, 11/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\kvsdpfeaksr.dll deleted.
C:\WINDOWS\rtsplgob.dll deleted.
C:\WINDOWS\xkefqtgs.dll deleted.
C:\WINDOWS\rnopbfgt.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NETGEAR MA521 802.11b Wireless PC Card - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B82E693C-2616-4956-B1E8-D970C23CC954}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B82E693C-2616-4956-B1E8-D970C23CC954}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B82E693C-2616-4956-B1E8-D970C23CC954}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

amari02 · Answer

salut mon amie j espere que tout va bien pour toi et ton pc:!

salma · Answer

j'ai redémarré mais le virus est toujours la...comment je fais pour avoir le rapport de rogue remover??? svp me laissez pas tomber
salma

salma · Answer

Merci j'ai lancé combofix et c'est parti je crois.
Merci pour votre aide.

salma · Answer

voila re rapport toutefois aprés désinfection.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51, on 2008-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A74D8A13-D9F1-4BF4-8368-C5798A219ACB} - C:\WINDOWS\system32\jkkKecya.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\STC\AutoMailChkr\MailChkr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsMedia\ItsTV.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

jlpjlp · Answer

colle le rapport combofix

____________


relance hijakchits, fais do a system scan only et fix ces lignes (fix cheked)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {A74D8A13-D9F1-4BF4-8368-C5798A219ACB} - C:\WINDOWS\system32\jkkKecya.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm 

______________


redemarre ton ordinateur

____________


tu as quel antivirus????

si tu n'en as pas installe antivir et colle le rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/

_______________

mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
______________

recolle un hijakhcits et dis tes soucis

salma · Answer

Merci vraiment pour votre assistance....vous me sauvez la vie....Je ne trouve pas le rapport combofix j'ai perdu l'ordi de vue quelques minutes et c parti avant q je ne le copie. Y A t'il un moyen de le retrouver??? mais j'ai bien fixed les lignes que vous m'avez indiqué en relanchant hijackchits. J'ai installé antivir j'ai lancé les scan et il a trouvé plein de virus et voici le rapport: Avira AntiVir Personal Report file date: 2008-06-11 18:23 Scanning for 1327179 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: salima moulti Computer name: MOI-9CBE56AFECF Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 2008-06-01 15:59:50 ANTIVIR3.VDF : 7.0.4.180 326144 Bytes 2008-06-11 15:59:55 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 2008-06-11 16:00:23 AESCN.DLL : 8.1.0.21 119156 Bytes 2008-06-11 16:00:20 AERDL.DLL : 8.1.0.20 418165 Bytes 2008-06-11 16:00:19 AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-06-11 16:00:15 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-06-11 16:00:12 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 2008-06-11 16:00:10 AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-06-11 16:00:03 AEGEN.DLL : 8.1.0.28 307572 Bytes 2008-06-11 16:00:02 AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-06-11 15:59:59 AECORE.DLL : 8.1.0.31 168310 Bytes 2008-06-11 15:59:57 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-06-11 18:23 The scan of running processes will be started Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned Scan process 'btdna.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'slserv.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 28 processes with 28 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '24' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\LabelCommand\LabelCommand.dll [DETECTION] Is the Trojan horse TR/Agent.247296 [NOTE] The file was deleted! C:\QooBox\Quarantine\catchme2008-06-11_173327,05.zip [0] Archive type: ZIP --> Winjp27.sys [1] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Dldr.Mutant.aea --> fccaYonM.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\dswwtkbc.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\fccaYonM.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\juujpbqc.dll.vir [DETECTION] Is the Trojan horse TR/Monder.103424.2 [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ljJAQIAS.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\vjeqcwyy.dll.vir [DETECTION] Is the Trojan horse TR/Monder.94720.2 [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir [DETECTION] Is the Trojan horse TR/Dldr.Mutant.aea [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir [DETECTION] Is the Trojan horse TR/Dldr.Mutant.aea [NOTE] The file was deleted! C:\WINDOWS\system32\awtqoNDu.VIR [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was deleted! C:\WINDOWS\system32\ewblmqsp.VIR [DETECTION] Is the Trojan horse TR/Monder.94720.2 [NOTE] The file was deleted! C:\WINDOWS\system32\jkkKecya.VIR [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was deleted! C:\WINDOWS\system32\mlJBSjiH.VIR000 [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was deleted! C:\WINDOWS\system32\wiaatomb.VIR [DETECTION] Is the Trojan horse TR/Monder.94720.2 [NOTE] The file was deleted! Begin scan in 'D:\' Begin scan in 'E:\' Begin scan in 'F:\' Begin scan in 'G:\' End of the scan: 2008-06-11 19:36 Used time: 1:13:38 min The scan has been done completely. 4713 Scanning directories 211899 Files were scanned 15 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 14 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 211884 Files not concerned 8277 Archives were scanned 1 Warnings 14 Notes

jlpjlp · Answer

vire ce qui est dans quarantine en allant dans psote de travail puis 

C:\QooBox\Quarantine

_________________


scan avec 
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport (tu le gardera par la suite avec antivir)

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 


_________________

le rapport combofix est dans poste de travail puis
C:\ComboFix.txt 



sinon rescanne avec et colle le rapport
______________


recolle un nouvel hijakchits et dis tes soucis

salma · Answer

Bonsoir VOICI LE RAPPORT COMBOFIX, j'ai bien supprimé ce qu'il y avait dans la quarantaine. 2008-06-03 21:21 . 2008-06-03 21:21 d-------- C:\Program Files\Fichiers communs\Java 2008-06-03 21:13 . 2008-06-06 17:58 d-------- C:\Program Files\LimeWire 2008-06-03 20:33 . 2008-06-03 20:33 268 --ah----- C:\sqmdata04.sqm 2008-06-03 20:33 . 2008-06-03 20:33 244 --ah----- C:\sqmnoopt04.sqm 2008-06-03 20:24 . 2008-06-11 13:29 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-03 20:20 . 2008-06-03 20:20 268 --ah----- C:\sqmdata03.sqm 2008-06-03 20:20 . 2008-06-03 20:20 244 --ah----- C:\sqmnoopt03.sqm 2008-06-03 20:17 . 2008-06-03 20:17 268 --ah----- C:\sqmdata02.sqm 2008-06-03 20:17 . 2008-06-03 20:17 244 --ah----- C:\sqmnoopt02.sqm 2008-06-03 19:35 . 2008-06-03 19:55 d-------- C:\Program Files\adslTV 2008-06-03 18:06 . 2008-06-10 19:20 d-------- C:\Program Files\Google 2008-06-03 12:11 . 2008-06-03 12:11 208 --ah----- C:\sqmdata01.sqm 2008-06-03 12:11 . 2008-06-03 12:11 172 --ah----- C:\sqmnoopt01.sqm 2008-06-03 12:10 . 2008-06-03 12:10 268 --ah----- C:\sqmdata00.sqm 2008-06-03 12:10 . 2008-06-03 12:10 244 --ah----- C:\sqmnoopt00.sqm 2008-06-03 12:03 . 2008-06-03 12:03 d-------- C:\Program Files\Windows Live Favorites 2008-06-03 11:58 . 2008-06-03 12:06 d-------- C:\Program Files\Windows Live Toolbar 2008-06-03 11:41 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-06-03 11:40 . 2008-06-03 11:40 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-06-03 11:39 . 2008-06-04 21:03 d----c--- C:\WINDOWS\system32\DRVSTORE 2008-06-03 11:32 . 2008-06-03 11:36 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-06-03 11:31 . 2008-06-03 11:56 d-------- C:\Program Files\Windows Live 2008-06-03 11:31 . 2008-06-03 11:31 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-02 23:33 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-06-02 23:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-06-02 23:25 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-06-02 23:25 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-06-02 23:25 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-06-02 23:25 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-06-02 23:22 . 2008-06-02 23:22 d---s---- C:\Documents and Settings\salima moulti\UserData 2008-06-02 23:06 . 2008-06-02 23:06 d-------- C:\Program Files\NETGEAR 2008-06-02 23:06 . 2003-04-16 13:53 151,808 --------- C:\WINDOWS\system32\drivers\MA521nd5.sys 2008-06-02 23:06 . 2002-10-02 08:57 13,532 --------- C:\WINDOWS\system32\drivers\SjyPkt.sys 2008-06-02 23:06 . 2008-06-11 01:21 1,746 --a------ C:\WINDOWS\OEM.tmp 2008-06-02 20:16 . 2008-06-02 20:16 d-------- C:\Program Files\Ontrack 2008-06-02 20:12 . 2008-06-02 20:12 d-------- C:\Program Files\FreeUndelete 2008-06-02 18:08 . 2008-06-02 18:08 d-------- C:\Program Files\QuickTime 2008-06-02 18:08 . 2008-06-02 18:08 d-------- C:\Program Files\ImTOO 2008-06-02 18:08 . 2008-06-03 19:35 d-------- C:\Documents and Settings\salima moulti\Application Data\vlc 2008-06-02 18:06 . 2008-06-02 18:06 d-------- C:\Program Files\VideoLAN 2008-06-02 17:46 . 2008-06-02 17:48 d-------- C:\Documents and Settings\All Users\Application Data\UDL 2008-06-02 17:45 . 2008-06-02 17:45 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint 2008-06-02 17:41 . 2006-04-05 03:05 73,216 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL 2008-06-02 17:41 . 2005-04-11 03:01 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 14:25 --------- d-----w C:\Program Files\Hijackthis Version Française 2008-06-10 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 15:50 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-06-02 15:47 --------- d-----w C:\Program Files\epson 2008-06-02 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-02 12:40 --------- d-----w C:\Program Files\MSBuild 2008-06-02 12:40 --------- d-----w C:\Program Files\Microsoft Works 2008-06-02 12:23 --------- d-----w C:\Program Files\Synaptics 2008-06-02 12:22 --------- d-----w C:\Program Files\Intel 2008-06-02 12:21 --------- d-----w C:\Program Files\AvRack 2008-06-02 12:21 --------- d-----w C:\Program Files\Avance Sound Manager 2008-06-02 12:13 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-02 12:08 --------- d-----w C:\Program Files\Services en ligne . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A74D8A13-D9F1-4BF4-8368-C5798A219ACB}] C:\WINDOWS\system32\jkkKecya.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B40E9CC1-7CCC-4033-92A6-153D95D11D8D}] C:\WINDOWS\system32\mlJBSjiH.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B51993D8-0A68-4BD4-8A4C-6E5E782DF33E}] C:\WINDOWS\system32\awtqoNDu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 18:22 68856] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 23:16 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-15 20:48 126976] "AutoMailChecker"="C:\Program Files\STC\AutoMailChkr\MailChkr.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-04-16 12:01 565248] "ItsTV"="C:\Program Files\ItsLabel\ItsMedia\ItsTV.exe" [2007-04-26 16:19 2908160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2001-09-04 03:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] --a------ 2002-03-12 04:30 286720 C:\WINDOWS\system32\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 01:54 15360 C:\WINDOWS\system32\CTFMON.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series] --a------ 2006-02-14 06:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter] --a------ 2007-04-26 19:03 2693248 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2008-01-15 20:48 569344 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WLSetupSvc"=3 (0x3) "usnjsvc"=3 (0x3) "ServiceLayer"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "gusvc"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "aspnet_state"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "C:\Program Files\DNA\btdna.exe"= "C:\Program Files\BitTorrent\bittorrent.exe"= S3 rtl8180;%RTL8180.Service.DispName%;C:\WINDOWS\system32\DRIVERS\MA521nd5.SYS [2003-04-16 13:53] S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-11 12:46:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

salma · Answer

voici le rapport de malwarebytes.....JE suis étonnée d'avoir trouvé autant de virus j'au cru le pb résolu.

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 850

22:27:34 2008-06-12
mbam-log-6-12-2008 (22-27-33).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 100886
Temps écoulé: 49 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\labelcommand.labelcommand (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\labelcommand.labelcommand.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\LogicFunctions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\salima moulti\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\salima moulti\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\salima moulti\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\salima moulti\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\salima moulti\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\salima moulti\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 850

22:27:25 2008-06-12
mbam-log-6-12-2008 (22-27-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 100886
Temps écoulé: 49 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\labelcommand.labelcommand (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\labelcommand.labelcommand.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\Software\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_CURRENT_USER\Software\LogicFunctions (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\salima moulti\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\salima moulti\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\salima moulti\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\salima moulti\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\salima moulti\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\salima moulti\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.

salma · Answer

voila le rapport hijackchits final... j'attends votre réponse. MERCI INFINIMENT. VOUS ETES VRAIMENT TRES FORT!!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39, on 2008-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AutoMailChecker] C:\Program Files\STC\AutoMailChkr\MailChkr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

ok le rapport est bon!


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {B40E9CC1-7CCC-4033-92A6-153D95D11D8D} - C:\WINDOWS\system32\mlJBSjiH.dll (file missing)
O2 - BHO: (no name) - {B51993D8-0A68-4BD4-8A4C-6E5E782DF33E} - C:\WINDOWS\system32\awtqoNDu.dll (file missing)

___________________


mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

__________________

pour virer ce que je t'ai fais utiliser et qui n'est plus necessaire sur ton ordi:

Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-) 
___________________

installe pour être mieux protégée spybot

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

___________________

et CCLEANER pour nettoyer regulierement tes traces

https://www.malekal.com/tutoriel-ccleaner/

_____________________









voilà c'est bon





pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

 un antivirus

ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT 
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) 

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

 https://forum.pcastuces.com/sujet.asp?f=25&s=35606 
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus  touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/

Aidez moi svp à supprimer xpantivirus 2008

15 réponses

Discussions similaires