infection DIAL/140760.A.2

Question

Bonjour,

Je suis infecté par DIAL/140760.A.2 qui se traduit par des apparitions intempestives de publicité du genre porno + faux avertissements me conseillant de télécharger un antivirus à la noix + spams en tout genre. Pour couronner le tout il me met des icones sur le bureau. j'ai essayé de m'en débarrasser avec avira, avg antirootkit + defenza (antispyware) mais le bougre est tenace et revient obstinément aves les mêmes messages. Qui peut m'aider ?

Merci d'avance

Utilisateur anonyme · Answer

bonsoir pour commencer desinstal defenza c'est un faux utilitaire 


bonsoir fait ceci dans l'ordre 



Télécharge sur le bureau" outil de diagnostic et reparation"
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Clic-droit sur Hijackthis
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe) <== Important
=Double-clic dessus
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm








une fois le rapport hijackthis poster enchaine avec malwarebytes




1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://www.malwarebytes.com/

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" n'est pas coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. copie et colle le rapport dans ta prochaine reponse ensuiteFerme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.


poste le rapport de malwarebytes et relance hijackthis do a scan systeme and save logfiles copie et colle le nouveau rapport hijackthis

loliv69 · Answer

voilà le rapport MBAM

Y avait du monde......

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 921
Windows 5.1.2600 Service Pack 2

00:13:09 05/07/2008
mbam-log-7-5-2008 (00-13-09).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 87180
Temps écoulé: 49 minute(s), 32 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 74
Fichier(s) infecté(s): 112

Processus mémoire infecté(s):
C:\WINDOWS\system32
sinet.exe (Adware.NaviPromo) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (Adware.Need2Find) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4d1c4e80-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e89-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e8b-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{630d6140-04c5-4db0-b27a-020d766ff09b} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\egdhtml (Adware.NaviPromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ParisHilton (Adware.NaviPromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ParisHilton (Adware.NaviPromo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.NaviPromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p2p networking (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> Delete on reboot.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\external-api.dlv4.com\hits (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (Adware.Need2Find) -> Delete on reboot.
C:\Program Files\Instant Access\Center\CrazyGirls.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\ParisHilton.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\SerialPlayers.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center	ray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\external-api.dlv4.com\hits\af8c45573406069617f2f003a8c86692 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\external-api.dlv4.com\js\40414d8a631a52d3bab3430be65bb791 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com\5c6b4245548c82fb68223315468fd98c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com\5c6b4245548c82fb68223315468fd98c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1009546326\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\CrazyGirls.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\external-api.dlv4.com\hits\1aa22e15ee96db8e6d9c898123df58ab (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\external-api.dlv4.com\js\68b9babcbf19e1886a84ade397808723 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com\24dcc8926c5f68c2096a28a11d64455c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com\24dcc8926c5f68c2096a28a11d64455c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\105787309\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\SerialPlayers.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\external-api.dlv4.com\hits\5ab02e8570b184253d254a131c49d1a6 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\external-api.dlv4.com\hits\f77e14a2615883a65dfb4be6c51bbd71 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\external-api.dlv4.com\js\670794345350975fabe7228d3f0f60f0 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\3ccfab3b6e6236c710b77eec1c56dd75.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\3ccfab3b6e6236c710b77eec1c56dd75.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1082583084\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\CrazyGirls.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\external-api.dlv4.com\hits\099d30eef3f3027af44181897fe6b186 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\external-api.dlv4.com\js\68b9babcbf19e1886a84ade397808723 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com\24dcc8926c5f68c2096a28a11d64455c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com\24dcc8926c5f68c2096a28a11d64455c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\1210823457\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\external-api.dlv4.com\hits\d445a1a33ece1d285200bf2cbf8ed979 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\external-api.dlv4.com\js\424bf192b57f52163b07b3f07864b9b9 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\86fec478d59939428738b417912d753c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\86fec478d59939428738b417912d753c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\bg.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\index_01.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\index_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\index_03.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\index_04.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\index_05.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\index_07.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\122238214\fp.pc-on-internet.com\50256\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\external-api.dlv4.com\hits\78ac8e7f49a7713f427c55bb9fce620c (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\external-api.dlv4.com\js\16ccb55f0c808134f1131dc21f7e9c7a (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\faa29a8b2569e296cb7e1a435fd6e6d1.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\faa29a8b2569e296cb7e1a435fd6e6d1.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330eflection.js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330\images\01.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330\images\slogan.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330\images\slogan02.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\141755755\fp.pc-on-internet.com\50330\images\slogan03.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\external-api.dlv4.com\hits\7f59b698a23363455610e7e563d425c1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\external-api.dlv4.com\js\424bf192b57f52163b07b3f07864b9b9 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\86fec478d59939428738b417912d753c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\86fec478d59939428738b417912d753c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\bg.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\index_01.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\index_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\index_03.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\index_04.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\index_05.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\index_07.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\358269907\fp.pc-on-internet.com\50256\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\CrazyGirls.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\external-api.dlv4.com\hits\158836686dd5bad46f7a9675e18348ae (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\external-api.dlv4.com\hits\a63b21955c973c56bbed9568cb105ee7 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\external-api.dlv4.com\js\68b9babcbf19e1886a84ade397808723 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com\24dcc8926c5f68c2096a28a11d64455c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com\24dcc8926c5f68c2096a28a11d64455c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\692394627\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\external-api.dlv4.com\hits\2780511a9f38a7655f8ced09900c6b5e (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\external-api.dlv4.com\hits\8520676a63f672b44a7d94dc44768977 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\external-api.dlv4.com\js\c4417227a142efcd9a2a0724cecbd6c6 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\6dccba84921dd11f09e3b3c9bbc16864.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\6dccba84921dd11f09e3b3c9bbc16864.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\732798208\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\external-api.dlv4.com\hits\0d1369ba5fe4a25656ae9b967034cf73 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\external-api.dlv4.com\js\40414d8a631a52d3bab3430be65bb791 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com\5c6b4245548c82fb68223315468fd98c.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com\5c6b4245548c82fb68223315468fd98c.html_0.loginvis (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\939674146\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Antispyware\avgas-setup-7.5.1.43.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
sinet.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
vs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\olivier\Menu Démarrer\SerialPlayers.lnk (Adware.NaviPromo) -> Quarantined and deleted successfully.

loliv69 · Answer

Et le 2eme rapport hijackthis. apparemment le premier n'a pas été posté. J'ai toujours des fausses alertes sécurité

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:59, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files
ecmfk
ecmfk.exe
C:\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files
ecmfk
ecmfk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'Default user')
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50531BEE-95FB-4E86-B1F8-8B8274F2BB5D}: NameServer = 86.64.145.146 84.103.237.146
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Utilisateur anonyme · Answer

bonjour le rapport de malwarebytes montre une infection qu'il ne peu traiter , il faut executer un autre outil fait ceci



Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
TUTO :: http://www.malekal.com/Adware.Magic_Control.php

Utilisateur anonyme · Answer

voici pour la suppression


Double cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valides.

Le fix va t'informer qu'il va alors redémarrer ton PC
Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuies sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc-notes. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

Postes le rapport içi.

loliv69 · Answer

Voila le rapport Navilog
Là je pense qu'il a pris cher le dial machin chose
Bien joué merci !



Clean Navipromo version 3.6.0 commencé le 06/07/2008 à  7:40:19,95

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "olivier" 

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme *** 

Copie vers "C:\Program Files
avilog1\Backupnavi"

Copie C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq.dat réalisée avec succès ! 
Copie C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq.exe réalisée avec succès ! 
Copie C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq_nav.dat réalisée avec succès ! 
Copie C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq_navps.dat réalisée avec succès ! 

*** Suppression des fichiers trouvés avec Catchme ***

C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq.dat supprimé ! 
C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq.exe supprimé ! 
C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq_nav.dat supprimé ! 
C:\Documents and Settings\olivier\Local Settings\Application Data\skmwq_navps.dat supprimé ! 
 
** 2ème passage avec résultats Catchme ** 

* Dans "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\skmwq*.pf trouvé ! 
Copie C:\WINDOWS\prefetch\skmwq*.pf réalisée avec succès !
C:\WINDOWS\prefetch\skmwq*.pf supprimé !

* Dans "C:\Documents and Settings\olivier\locals~1\applic~1" * 


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\olivier\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\PROPRI~1\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\olivier\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\olivier\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\olivier\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\olivier\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\olivier\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\PROPRI~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 06/07/2008 à  7:45:59,59 ***

Utilisateur anonyme · Answer

bonjour , bien joué tu as reussi ;-)


execute le complement de desinfection navipromo egdacces , ...


Ensuite

C'est un complément de désinfection
Il supprime des fichiers appartenant à des malwares.
Il ne vise pas des infections particulières.

Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip
Tuto
http://mickael.barroux.free.fr/securite/clean.php
Une fois sur le bureau, tu fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu clics sur extrait tout ou extraire ici.
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Un rapport Va etre généré, colle le contenu entier ici.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

Bon courage

loliv69 · Answer

Voilà le rapport clean

06/07/2008 a 17:49:04,32 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
C:\WINDOWS\system32\bdod.bin FOUND 
"C:\WINDOWS\system32\P2P Networking v126.cpl" FOUND 
"C:\WINDOWS\system32\P2P Networking\" FOUND 
C:\WINDOWS\system32\SBFC.dat FOUND 
C:\WINDOWS\system32\SBRC.dat FOUND 
 
*** Recherche des fichiers dans C:\Program Files 
"C:\Program Files\Need2Find\" FOUND 
"C:\Program Files\Surfairy\" FOUND 
"C:\Program Files\Surfairy\" FOUND

Utilisateur anonyme · Answer

he bien , tu en cache du monde , lol


fait ceci


Redémarre ton PC en mode sans échec :
Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Double-clic sur clean. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 2 en appuyant sur la touche 2 de ton clavier.
Clean va travailler.
Un rapport Va etre généré, envoie le moi dans ta prochaine réponse !

loliv69 · Answer

Script execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script execute en mode sans echec 09/07/2008 a 20:58:38,85 

Je suis plutot accueillant comme mec mais franchement y en a qui abusent.
voici le rapport clean

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression des fichiers dans C: 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
tentative de suppression de C:\WINDOWS\system32\bdod.bin 
tentative de suppression de "C:\WINDOWS\system32\P2P Networking v126.cpl" 
tentative de suppression de "C:\WINDOWS\system32\P2P Networking\" 
tentative de suppression de C:\WINDOWS\system32\SBFC.dat 
tentative de suppression de C:\WINDOWS\system32\SBRC.dat 
 
*** Suppression des fichiers dans C:\Program Files 
tentative de suppression de "C:\Program Files\Need2Find\" 
tentative de suppression de "C:\Program Files\Surfairy\" 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport !

Utilisateur anonyme · Answer

bonjour et tous celas sans invitations ,  poste un nouveau rapport hijackthis stp

loliv69 · Answer

Bonjour

voici le nouveau rapport hijackthis




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:35, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files
ecmfk
ecmfk.exe
C:\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files
ecmfk
ecmfk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-299502267-484763869-854245398-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'Default user')
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50531BEE-95FB-4E86-B1F8-8B8274F2BB5D}: NameServer = 84.103.237.145 86.64.145.145
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Utilisateur anonyme · Answer

bonjour , tu va bien ? apres analyse de ton rapport j'ai une mauvaise nouvel a t'annoncer , il reste des infections sur ton pc , il faut approfondire la desinfection on va essayer avec msnfix 




Télécharge MSNFix.zip (de !aur3n7 et Regis59) sur le bureau :
http://sosvirus.changelog.fr/MSNFix.zip
Tuto
https://www.malekal.com/supprimer-virus-desinfecter-pc/

Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour.
Remarque: Il est possible que l'antivirus détécte un virus au téléchargement, il s'agit de Process.exe qui est un faux positif.

Décompresse-le (clic droit : Extraire ici).
A la racine du système, déplace le dossier décompressé, comme suit :
C:\MSNFix.
Ouvre-le et double clique sur le fichier MSNFix.bat
.
- Exécutez l'option R.
- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
- Sauvegarde ce rapport puis fais-en un copier/coller sur le forum, ainsi qu'un scan HijackThis fait en mode normal.
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste-le dans une réponse.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

loliv69 · Answer

Et voici le rapport HJT

Bon courage !!!!!!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:50, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files
ecmfk
ecmfk.exe
C:\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files
ecmfk
ecmfk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'Default user')
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50531BEE-95FB-4E86-B1F8-8B8274F2BB5D}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Utilisateur anonyme · Answer

bonjour ton pc est encore bien infecté on va utiliser un outil plus puissant



Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

&#9658; Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

&#9658; Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

&#9658; Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

&#9658; Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Utilisateur anonyme · Answer

bonjour ton rapport est incomplet 
regarde ici C:\Combofix.txt

et reposte le en entier stp

loliv69 · Answer

Bonjour, désolé j'ai été absent quelque temps voici le rapport combofix complet cette fois. à bientot si tu ne finis pas par te lasser de cette histoire....merci ! ComboFix 08-07-15.4 - olivier 2008-07-16 20:49:30.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.177 [GMT 2:00] Endroit: C:\Program Files\COMBO FIX\ComboFix.exe * Création d'un nouveau point de restauration . [i] ADS - svchost.exe: deleted 36 bytes in 1 streams. /i (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\MabryObj.dll C:\WINDOWS\tmlpwin.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))))))) . 2008-07-16 20:44 . 2008-07-16 20:45 d-------- C:\Program Files\COMBO FIX 2008-07-15 19:12 . 2008-07-15 19:16 d-------- C:\MSNFix 2008-07-15 19:09 . 2008-07-16 20:44 d-------- C:\Program Files\MSNFIX 2008-07-06 17:49 . 2008-07-06 17:49 17,439,267 --a------ C:\upload_moi_SN100402450134.tar.gz 2008-07-06 16:08 . 2008-07-06 17:47 d-------- C:\Program Files\CLEAN 2008-07-05 21:10 . 2008-07-06 07:45 d-------- C:\Program Files\Navilog1 2008-07-05 21:07 . 2008-07-06 16:05 d-------- C:\Program Files\NAVILOG 2008-07-04 23:18 . 2008-07-05 00:12 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-04 23:18 . 2008-07-04 23:18 d-------- C:\Documents and Settings\olivier\Application Data\Malwarebytes 2008-07-04 23:18 . 2008-07-04 23:18 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-04 23:18 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-04 23:18 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-04 23:15 . 2008-07-04 23:15 d-------- C:\Program Files\MBAM 2008-07-03 22:25 . 2008-07-03 22:25 d-------- C:\Program Files\Trend Micro 2008-06-29 11:19 . 2008-06-29 11:19 244 --ah----- C:\sqmnoopt07.sqm 2008-06-29 11:19 . 2008-06-29 11:19 232 --ah----- C:\sqmdata07.sqm 2008-06-22 13:49 . 2008-06-22 13:49 36 --a------ C:\WINDOWS\TSNPL.dat 2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-16 18:54 --------- d-----w C:\Documents and Settings\olivier\Application Data\Skype 2008-07-16 18:33 --------- d-----w C:\Documents and Settings\olivier\Application Data\skypePM 2008-07-03 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-03 20:14 --------- d-----w C:\Program Files\Defenza 2008-06-30 18:06 --------- d-----w C:\Program Files\Kazaa 2008-06-26 20:04 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-25 16:51 --------- d-----w C:\Program Files\antirootkit 2008-05-22 20:25 --------- d-----w C:\Program Files\Instafinder 2008-05-21 21:27 --------- d-----w C:\Documents and Settings\olivier\Application Data\Grisoft 2008-05-21 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-21 19:52 --------- d-----w C:\Program Files\Avira 2008-05-21 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-05-21 19:51 --------- d-----w C:\Program Files\antivir 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-01-08 19:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-02-03 17:20 18,257,616 ----a-w C:\Program Files\avg75free_432a904.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 16:20 21686568] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-14 22:37 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2005-10-25 22:08 30208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-08-08 14:44 122880] "NECMFK"="C:\Program Files\necmfk\necmfk.exe" [2001-08-23 01:44 66879] "ATIPTA"="C:\ATI Control Panel\atiptaxx.exe" [2002-07-24 17:34 290816] "KAZAA"="C:\Program Files\Kazaa\kazaa.exe" [2007-01-24 16:05 5237248] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "AGRSMMSG"="AGRSMMSG.exe" [2002-06-21 11:47 87439 C:\WINDOWS\AGRSMMSG.exe] "ATIModeChange"="Ati2mdxx.exe" [2002-07-17 21:21 28672 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "WelcomePad"="C:\Program Files\Apoint2K\ApWelcom.exe" [2002-08-19 16:40 90112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Kazaa\kazaa.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= R1 MFKGTKEY;MFKGTKEY;C:\WINDOWS\system32\drivers\mfkgtkey.sys [2002-07-19 13:32] R1 Ps2LedIF;Ps2LedIF;C:\WINDOWS\system32\drivers\ps2ledif.sys [2001-05-16 23:06] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38] R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17] R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 18:52] R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;C:\WINDOWS\system32\DRIVERS\Ps2Led.sys [2001-05-16 23:00] S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [] S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [] S3 ids00118;ids00118;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2005-10-25 20:44:44 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-msnappau - C:\Program Files\MSN Apps\Updater\[u]0/u1.02.0002.1001\fr\msnappau.exe HKLM-Run-Instafinder - C:\Program Files\Instafinder\instafinder.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-16 20:54:25 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-07-16 21:01:40 ComboFix-quarantined-files.txt 2008-07-16 19:00:35 Pre-Run: 28,501,827,584 octets libres Post-Run: 28,565,843,968 octets libres 132 --- E O F --- 2008-07-09 18:54:01

Utilisateur anonyme · Answer

bonsoir

poste un nouveau rapport hijackthis stp

loliv69 · Answer

et voilà
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:17, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files
ecmfk
ecmfk.exe
C:\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files
ecmfk
ecmfk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WelcomePad] C:\Program Files\Apoint2K\ApWelcom.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50531BEE-95FB-4E86-B1F8-8B8274F2BB5D}: NameServer = 86.64.145.142 84.103.237.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Utilisateur anonyme · Answer

bonjour cherche et supprime ce programme :C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

Utilisateur anonyme · Answer

bon oublie le poste 23 et execute ceci , bien plus complet 






Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX­XXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"NECMFK"=-
"KAZAA"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
"C:\Program Files\Kazaa\kazaa.exe"=-


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX­XXXXXXXXXXXXXXXXXXXXXX
note : regedit 4 est sur la premiere ligne et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png­

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"





ensuite




télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste standard List of Files/Folders to be moved.

Citation :



C:\Program Files\Fichiers communs\Teknum Systems 
C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe
C:\Program Files
ecmfk
ecmfk.exe
C:\Program Files\Kazaa\kazaa.exe" 
C:\Program Files\Defenza 
C:\Program Files\Kazaa 
C:\Program Files\Instafinder 
C:\Program Files\MSNFIX 
C:\MSNFix 
C:\upload_moi_SN100402450134.tar.gz
C:\Program Files\CLEAN
C:\Program Files\Navilog1 
C:\Program Files\NAVILOG





clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
copie et colle le rapport ici
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Infection DIAL/140760.A.2

21 réponses

Votre réponse

Discussions similaires

Newsletters