Sujet Précédent Sujet Suivant

Incapable de supprimer ANTIVIRUS PRO 08

Fermé
lololanovice Messages postés 4 Date d'inscription jeudi 24 juillet 2008 Statut Membre Dernière intervention 24 juillet 2008 - 24 juil. 2008 à 17:00
 Utilisateur anonyme - 24 juil. 2008 à 19:20
Hello,,

Toute première fois sur un forum, j'implore votre indulgence!

J'ai tenté de suivre les indications pour me débarasser d'antivirus pro 2008, mais à priori ca n'a pas fonctionné comme ca aurait du!
Voila ce qui a été fait:
Téléchargement de Malwarebytes,
Mise à jours,
Redémarrage en mode échec
Lancement du scan
Rapport
Puis l'ordi n'a pas réussi à redémarrer, j'ai donc du le forcer à s'éteindre pour le rallumer!


Voici ci dessous le rapport de Malwarebytes!


Malwarebytes' Anti-Malware 1.23
Version de la base de données: 985
Windows 5.1.2600 Service Pack 2

16:18:41 24/07/2008
mbam-log-7-24-2008 (16-18-41).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 94993
Temps écoulé: 2 hour(s), 24 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 17
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 39

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxywWmki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yaywutTK.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cde98df-75c2-411c-af2e-8598360a09a9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6cde98df-75c2-411c-af2e-8598360a09a9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6ff72fa-6762-4a65-a34f-05f9f0aa5850} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e6ff72fa-6762-4a65-a34f-05f9f0aa5850} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywuttk (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/setup.dll (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46f34f6a-e6f3-495a-8399-4fb57cf2a6dd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3fb5ab4b-4eca-49fa-b111-1cd1f5bf22bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f4ec69c2-044d-4f97-ba24-342be6cb1ea1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{538e1d28-25ac-4dc3-a7c2-5ab450ec9c03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bgfp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6230596f-3a44-4cdf-815b-372fa03c75d6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{538e1d28-25ac-4dc3-a7c2-5ab450ec9c03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywwmki -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywwmki -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116 85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4a8f6892-852d-4445-b0ac-cbdd972b1f58}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{585f5077-e942-4057-b683-8bf27a66081b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{585f5077-e942-4057-b683-8bf27a66081b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d9bf3e0d-8906-4281-b8db-e9d4a9437416}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116 85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4a8f6892-852d-4445-b0ac-cbdd972b1f58}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{585f5077-e942-4057-b683-8bf27a66081b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{585f5077-e942-4057-b683-8bf27a66081b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d9bf3e0d-8906-4281-b8db-e9d4a9437416}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116 85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4a8f6892-852d-4445-b0ac-cbdd972b1f58}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{585f5077-e942-4057-b683-8bf27a66081b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{585f5077-e942-4057-b683-8bf27a66081b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d9bf3e0d-8906-4281-b8db-e9d4a9437416}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.116,85.255.112.173 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\uvnxus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxywWmki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ikmWwyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikmWwyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywutTK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\cqege_navps.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\cqege_nav.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\cqege.dat (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\cqege.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\~BE.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\nsd15C.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\nsj161.tmp\blowfish.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP266\A0065551.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP266\A0065552.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP266\A0065553.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP266\A0065554.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\egxv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\ac8zt2\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Bureau\antivirus-2008pro.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.


HELP HELLLLLLLLLLLLLLPP

MERCI D'AVANCE
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
24 juil. 2008 à 17:20
de rien ,

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

1
lololanovice
24 juil. 2008 à 18:01
J'envoie ce mail d'un autre ordi.

J'ai donc lancé COMBO, et exactement comme tout à l'heure l'ordi ne redémarre pas tout seul! Il est allumé et l'écran est noir avec un tiré en haut à gauche de l'écran.
J'ai préféré vous contacter avant de l'éteindre manuellement!

Dois je faire quelque chose en particulier ou puis-je forcer l'ordi à s'éteindre?
0
Réponse 2 / 7
Utilisateur anonyme
24 juil. 2008 à 17:08
Salut

y a plusieurs soucis a priori

détournement de dns rogue vundo navipromo etc

réouvre malewarebyte
va sur quarantaine
supprime tout


Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...
0
lololanovice Messages postés 4 Date d'inscription jeudi 24 juillet 2008 Statut Membre Dernière intervention 24 juillet 2008
24 juil. 2008 à 17:17
merci infiniement pour la réactivité!

voici le rapport!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:11, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [b41810ad] rundll32.exe "C:\WINDOWS\system32\hmnbtbnv.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cqege] c:\documents and settings\compaq_propriétaire\local settings\application data\cqege.exe cqege
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
0
Réponse 3 / 7
Utilisateur anonyme
24 juil. 2008 à 18:03
force le et fait la manip en mode sans echec
0
lololanovice
24 juil. 2008 à 18:09
c'est parti en mode sans échec.
Compte-rendu en cours de préparation.
0
lololanovice > lololanovice
24 juil. 2008 à 18:29
Rapport effectué.
J'ai quité le mode sans échec.

Par contre, j'un soucis quelque peu ridicule, je ne parviens pas à redémarrer les services de mon antivirus avast 4.8!
Je me suis déconnectée et suis maintenant incapable de le réactiver.... : (
0
Réponse 4 / 7
Utilisateur anonyme
24 juil. 2008 à 18:32
va dans programe files puis recherche le dossier alwil (avast) tu rentre dedans et recherche ashDisp.exe tu click dessus > l´icone d´avast devrait reaparaitre


Post le raport combofix C:\Combofix.txt

va dans poste de travail
entre dans le disque C et cherche : Combofix.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
lololanovice Messages postés 4 Date d'inscription jeudi 24 juillet 2008 Statut Membre Dernière intervention 24 juillet 2008
24 juil. 2008 à 18:48
voici:

ComboFix 08-07-23.5 - Compaq_Propriétaire 2008-07-24 17:40:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.39 [GMT 2:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Antivirus 2008 PRO
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\WINDOWS\Downloaded Program Files\setup.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\ikmWwyxx.ini
C:\WINDOWS\system32\ikmWwyxx.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vnbtbnmh.ini
C:\WINDOWS\system32\xxywWmki.dll
C:\WINDOWS\system32\yaywutTK.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
.

2008-07-24 17:25 . 2008-07-24 17:25 <REP> d-------- C:\WINDOWS\LastGood
2008-07-24 17:14 . 2008-07-24 17:14 <REP> d-------- C:\Program Files\Trend Micro
2008-07-24 13:27 . 2008-07-24 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 10:58 . 2008-07-24 10:58 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-07-24 10:33 . 2008-07-24 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 17:09 --------- d-----w C:\Program Files\eMule
2008-07-19 09:00 --------- d-----w C:\Program Files\Apple Software Update
2008-06-17 21:42 --------- d-----w C:\Program Files\Smallvideosoft
2008-06-13 22:55 --------- d-----w C:\Program Files\iTunes
2008-06-13 22:55 --------- d-----w C:\Program Files\iPod
2008-06-13 22:52 --------- d-----w C:\Program Files\Bonjour
2008-06-13 22:51 --------- d-----w C:\Program Files\QuickTime
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-02 01:08 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 10:47 249856]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
"CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 14:54 503808]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 17:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 17:06 2027792]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"VTTimer"="VTTimer.exe" [2004-03-26 22:07 49152 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:21 50176 C:\WINDOWS\ALCXMNTR.EXE]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-18 22:21:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-24 15:40:04 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-07-24 10:00:02 C:\WINDOWS\Tasks\HPpromotions hp photosmart 7700 series.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-YeppStudioAgent - C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
HKLM-Run-DaemonTools_WhenUSave_Installer - C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
HKLM-Run-b41810ad - C:\WINDOWS\system32\hmnbtbnv.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - hxxp://scanner.vav-x-scanner.com/setup/setup.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\setup.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 18:07:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-24 18:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-24 16:12:33

Pre-Run: 9,396,887,552 octets libres
Post-Run: 9,689,145,344 octets libres

123 --- E O F --- 2007-12-16 01:31:00
0
Réponse 6 / 7
Utilisateur anonyme
24 juil. 2008 à 18:53
Désinstal java car pas a jours et telecharge et instal cette version :

https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe&BHost=javadl.sun.com&File=jre-6u7-windows-i586-p-s.exe&AuthParam=1580978146_46494a57fbc0e7c89e79cfb72e28cd3a&ext=.exe

internet explorer n est pas a jours (faille de sécurité) telecharge et instal cette version :

ftp://ftp.telecharger.com/01net/IE7Setup.exe

apres installation redémarre le pc

ensuite refais un scan hijackthis et dis tes soucis stp
0
lololanovice Messages postés 4 Date d'inscription jeudi 24 juillet 2008 Statut Membre Dernière intervention 24 juillet 2008
24 juil. 2008 à 19:18
Java fait.

L'install de W internet explorer prend un temps fou! Ca fait au moins 10 minutes!
Normal?

Avast a mis en quarantaine Win32:trojan-gen

Je le supprime je suppose?

Merci merci merci merci!

Est ce votre métier? Comment marche ce forum?
C'est en tous les cas, et tout simplement GENIAL!!
0
Réponse 7 / 7
Utilisateur anonyme
24 juil. 2008 à 19:20
Pour internet oui c est normal

avec avast oui supprime

et c est pas mon métier

et c est vrai que CCM.net est tres utilie
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses