Ouverture de page de pub intempestive , ads .

clapasol Messages postés 15 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
bonjour au forum VIRUS !!!
je viens de recuperer unb pc portable d'un copain qui est embeté par des fenetres de pub puis par "ads served" !!!
est ce qu une ame charitable pourrait me le sortir de ce petrin ?
merci d'avance
Configuration: Windows XP
Internet Explorer 7.0

16 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge HijackThis V 2.02 (HijackThis Installer) :
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    - Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    - Clique sur Install ensuite sur I Accept

    - Clique sur Do a scan system and save log file

    - Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
    0
  2. clapasol Messages postés 15 Statut Membre
     
    bonjour destrio5 et merci pour ton aide .
    voici le rapport de hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:20:48, on 29/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\acer\epm\epm-dm.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: targetedbanner browser optimizer - {d2479a0c-36ae-067a-582b-01f1cb44cfc6} - C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll
    O2 - BHO: (no name) - {D293AADB-5A01-4D05-AD41-CC1DF0D421A7} - C:\WINDOWS\system32\urqQifFv.dll (file missing)
    O2 - BHO: (no name) - {e60d0c50-15e4-40e9-9dd6-b7af2aabb0fe} - C:\WINDOWS\system32\ntuswl.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [{0080a652-b4e6-2613-4ca6-68f84d335e97}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll" DllStart
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\wwjtveoi.dll",b
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\pambwvlq.dll",s
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\w-w-w-dot-com\update.exe" /background
    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\w-w-w-dot-com\wupda.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ah oui, effectivement...

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
  4. clapasol Messages postés 15 Statut Membre
     
    re
    voici le rapport:ComboFix 08-07-28.6 - hamga 2008-07-29 20:20:42.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.631 [GMT 2:00]
    Endroit: C:\Documents and Settings\hamga\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\hamga\Application Data\DriveCleaner 2006 Free
    C:\Documents and Settings\hamga\Application Data\DriveCleaner 2006 Free\Logs\update.log
    C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\#SharedObjects\ZT2EHB8N\interclick.com
    C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\#SharedObjects\ZT2EHB8N\interclick.com\ud.sol
    C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\Program Files\dbar
    C:\Program Files\dbar\basis.xml
    C:\Program Files\dbar\channel.tmpl
    C:\Program Files\dbar\content.tmpl
    C:\Program Files\dbar\dbaruninst.exe
    C:\Program Files\dbar\deskbar.crc
    C:\Program Files\dbar\deskbar.inf
    C:\Program Files\dbar\edit_rss.tmpl
    C:\Program Files\dbar\local.xml
    C:\Program Files\dbar\nav1.bmp
    C:\Program Files\dbar\nav2.bmp
    C:\Program Files\dbar\new_alert.tmpl
    C:\Program Files\dbar\version.ini
    C:\Program Files\dbar\version.txt
    C:\Program Files\VAV
    C:\Program Files\VAV\vav.ooo
    C:\WINDOWS\BM313e2b3d.txt
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\anjgliwj.dll
    C:\WINDOWS\system32\aqtcaodi.ini
    C:\WINDOWS\system32\autorun.ini
    C:\WINDOWS\system32\bhvuyyyc.dll
    C:\WINDOWS\system32\cagifmox.ini
    C:\WINDOWS\system32\doowid.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\ducrdt.dll
    C:\WINDOWS\system32\eddfvlrj.ini
    C:\WINDOWS\system32\eokfyllw.dll
    C:\WINDOWS\system32\eyihblnj.dll
    C:\WINDOWS\system32\faeofhij.ini
    C:\WINDOWS\system32\heybam.dll
    C:\WINDOWS\system32\hhxkwlef.dll
    C:\WINDOWS\system32\htufcrhi.dll
    C:\WINDOWS\system32\ibvyqxsl.dll
    C:\WINDOWS\system32\ikaedg.dll
    C:\WINDOWS\system32\ioevtjww.ini
    C:\WINDOWS\system32\irmgnyod.dll
    C:\WINDOWS\system32\jcffrwtm.ini
    C:\WINDOWS\system32\jemtqtmm.dll
    C:\WINDOWS\system32\lmsrzz.dll
    C:\WINDOWS\system32\lppsioyl.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mftvgy.dll
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\mwvwjicd.dll
    C:\WINDOWS\system32\myhyqcqj.ini
    C:\WINDOWS\system32\ntuswl.dll
    C:\WINDOWS\system32\ogmqmbdv.ini
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pcgjqegu.ini
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\qldffhrc.ini
    C:\WINDOWS\system32\sdokpcmu.dll
    C:\WINDOWS\system32\sikumdvf.ini
    C:\WINDOWS\system32\suealgxt.dll
    C:\WINDOWS\system32\tmruynjy.dll
    C:\WINDOWS\system32\vFfiQqru.ini
    C:\WINDOWS\system32\vFfiQqru.ini2
    C:\WINDOWS\system32\vheuvrcp.ini
    C:\WINDOWS\system32\vvbxnjai.ini
    C:\WINDOWS\system32\vxnubedn.dll
    C:\WINDOWS\system32\wcrfaxmt.ini
    C:\WINDOWS\system32\wcwxrprj.dll
    C:\WINDOWS\system32\wivesatb.ini
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\wwjtveoi.dll
    C:\WINDOWS\system32\xvquhaav.dll
    C:\WINDOWS\system32\ykicli.dll
    C:\WINDOWS\system32\yksubwau.ini
    C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll
    C:\WINDOWS\system32\yonria.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-29 18:20 . 2008-07-29 18:20 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-28 19:59 . 2008-07-28 19:59 <REP> d-------- C:\VundoFix Backups
    2008-07-28 19:45 . 2008-07-28 19:45 <REP> d-------- C:\WINDOWS\system32\fr
    2008-07-28 19:45 . 2008-07-28 19:45 <REP> d-------- C:\WINDOWS\system32\bits
    2008-07-28 19:45 . 2008-07-28 19:45 <REP> d-------- C:\WINDOWS\l2schemas
    2008-07-28 19:42 . 2008-07-28 19:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-07-28 19:35 . 2008-07-28 19:36 <REP> d-------- C:\WINDOWS\EHome
    2008-07-28 19:04 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-07-28 19:04 . 2004-08-03 22:29 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
    2008-07-28 19:04 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
    2008-07-28 19:04 . 2004-08-03 22:29 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
    2008-07-28 19:04 . 2004-08-03 22:29 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
    2008-07-28 19:04 . 2004-08-03 22:29 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
    2008-07-28 19:04 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
    2008-07-28 19:04 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
    2008-07-28 18:45 . 2008-07-28 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-07-28 18:07 . 2008-07-28 18:07 <REP> d-------- C:\Program Files\Yahoo!
    2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-28 15:00 . 2008-07-28 15:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-07-28 15:00 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-28 13:20 . 2008-07-28 13:20 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2008-07-28 13:20 . 2008-07-28 13:20 298,104 --a------ C:\WINDOWS\system32\imon.dll
    2008-07-28 13:20 . 2008-07-28 13:20 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
    2008-07-28 13:19 . 2008-07-28 13:19 <REP> d-------- C:\Program Files\Eset
    2008-07-25 20:30 . 2008-07-25 20:30 <REP> d-------- C:\Program Files\w-w-w-dot-com
    2008-07-20 20:40 . 2008-07-20 20:40 294 --ahs---- C:\WINDOWS\system32\hcsfoewl.ini
    2008-07-20 15:42 . 2008-07-20 15:42 1,715,108 ---hs---- C:\WINDOWS\system32\hcsfoewl.tmp
    2008-07-17 20:48 . 2008-07-17 20:48 268 --ah----- C:\sqmdata09.sqm
    2008-07-15 23:28 . 2008-07-15 23:28 268 --ah----- C:\sqmdata07.sqm
    2008-07-13 21:45 . 2008-07-13 21:45 268 --ah----- C:\sqmdata02.sqm
    2008-07-13 21:45 . 2008-07-13 21:45 244 --ah----- C:\sqmnoopt03.sqm
    2008-07-11 23:23 . 2008-07-11 23:23 64,317 --a------ C:\WINDOWS\system32\ekphwdkffvs.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-28 11:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-09 08:30 --------- d-----w C:\Program Files\Lavasoft
    2008-06-09 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-09 08:06 3,032 ----a-w C:\WINDOWS\system32\lbspvcxc.dll
    2008-06-09 07:29 3,032 ----a-w C:\WINDOWS\system32\vyghayjn.dll
    2008-06-09 07:28 3,032 ----a-w C:\WINDOWS\system32\ywxkyvtf.dll
    2008-06-06 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-06 08:47 --------- d-----w C:\Documents and Settings\hamga\Application Data\Talkback
    2008-06-01 20:20 --------- d-----w C:\Documents and Settings\hamga\Application Data\ItsLabel
    2008-06-01 20:11 63,909 ----a-w C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe
    2008-06-01 15:11 --------- d-----w C:\Documents and Settings\hamga\Application Data\vlc
    2008-06-01 15:10 --------- d-----w C:\Program Files\VideoLAN
    2008-06-01 15:10 --------- d-----w C:\Documents and Settings\hamga\Application Data\EoRezo
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-01-29 17:10 0 ----a-w C:\Documents and Settings\hamga\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "epm-dm"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-28 13:20 949376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
    "C:\\Program Files\\Hercules\\Hercules DualPix HD Webcam\\Station2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-12-08 14:02]
    S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-11-16 16:01]
    S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
    S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
    S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{D293AADB-5A01-4D05-AD41-CC1DF0D421A7} - C:\WINDOWS\system32\urqQifFv.dll
    HKCU-Run-WOOKIT - C:\PROGRA~1\WANADOO\GestMaj.exe
    HKLM-Run-{0080a652-b4e6-2613-4ca6-68f84d335e97} - C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll
    HKLM-Run-320d18a1 - C:\WINDOWS\system32\wwjtveoi.dll
    HKLM-Run-BM313e2b3d - C:\WINDOWS\system32\pambwvlq.dll
    MSConfigStartUp-Antivirus - C:\Program Files\VAV\vav.exe
    MSConfigStartUp-{0080a652-b4e6-2613-4ca6-68f84d335e97} - C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://whynotsearchhere.com/start.php
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-29 20:25:01
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
    C:\ACER\EMANAGER\ANBMSERV.EXE
    C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
    C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
    C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
    C:\PROGRAM FILES\ESET\NOD32KRN.EXE
    C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
    C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
    C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-29 20:26:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-29 18:26:14

    Pre-Run: 14,855,864,320 octets libres
    Post-Run: 14,804,975,616 octets libres

    248 --- E O F --- 2008-07-28 18:14:20

    par contre au redemarage de window , j'ai un son d'alerte puis plusieurs fenetres qui me disent qu il manque des fichiers dll.... puis j'ai toukours des fenetres qui s'ouvrent ?
    merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. clapasol Messages postés 15 Statut Membre
     
    du coup j'ai refait un nettoyage et voici le rapport:

    ComboFix 08-07-28.6 - hamga 2008-07-29 20:32:22.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.649 [GMT 2:00]
    Endroit: C:\Documents and Settings\hamga\Bureau\ComboFix.exe
    * Resident AV is active

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM313e2b3d.xml

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-29 18:20 . 2008-07-29 18:20 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-28 19:59 . 2008-07-28 19:59 <REP> d-------- C:\VundoFix Backups
    2008-07-28 19:45 . 2008-07-28 19:45 <REP> d-------- C:\WINDOWS\system32\fr
    2008-07-28 19:45 . 2008-07-28 19:45 <REP> d-------- C:\WINDOWS\system32\bits
    2008-07-28 19:45 . 2008-07-28 19:45 <REP> d-------- C:\WINDOWS\l2schemas
    2008-07-28 19:42 . 2008-07-28 19:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-07-28 19:35 . 2008-07-28 19:36 <REP> d-------- C:\WINDOWS\EHome
    2008-07-28 19:04 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-07-28 19:04 . 2004-08-03 22:29 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
    2008-07-28 19:04 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
    2008-07-28 19:04 . 2004-08-03 22:29 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
    2008-07-28 19:04 . 2004-08-03 22:29 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
    2008-07-28 19:04 . 2004-08-03 22:29 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
    2008-07-28 19:04 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
    2008-07-28 19:04 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
    2008-07-28 18:45 . 2008-07-28 18:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-07-28 18:07 . 2008-07-28 18:07 <REP> d-------- C:\Program Files\Yahoo!
    2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-28 15:00 . 2008-07-28 15:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-07-28 15:00 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-28 13:20 . 2008-07-28 13:20 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2008-07-28 13:20 . 2008-07-28 13:20 298,104 --a------ C:\WINDOWS\system32\imon.dll
    2008-07-28 13:20 . 2008-07-28 13:20 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
    2008-07-28 13:19 . 2008-07-28 13:19 <REP> d-------- C:\Program Files\Eset
    2008-07-25 20:30 . 2008-07-25 20:30 <REP> d-------- C:\Program Files\w-w-w-dot-com
    2008-07-20 20:40 . 2008-07-20 20:40 294 --ahs---- C:\WINDOWS\system32\hcsfoewl.ini
    2008-07-20 15:42 . 2008-07-20 15:42 1,715,108 ---hs---- C:\WINDOWS\system32\hcsfoewl.tmp
    2008-07-17 20:48 . 2008-07-17 20:48 268 --ah----- C:\sqmdata09.sqm
    2008-07-15 23:28 . 2008-07-15 23:28 268 --ah----- C:\sqmdata07.sqm
    2008-07-13 21:45 . 2008-07-13 21:45 268 --ah----- C:\sqmdata02.sqm
    2008-07-13 21:45 . 2008-07-13 21:45 244 --ah----- C:\sqmnoopt03.sqm
    2008-07-11 23:23 . 2008-07-11 23:23 64,317 --a------ C:\WINDOWS\system32\ekphwdkffvs.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-28 11:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-09 08:30 --------- d-----w C:\Program Files\Lavasoft
    2008-06-09 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-09 08:06 3,032 ----a-w C:\WINDOWS\system32\lbspvcxc.dll
    2008-06-09 07:29 3,032 ----a-w C:\WINDOWS\system32\vyghayjn.dll
    2008-06-09 07:28 3,032 ----a-w C:\WINDOWS\system32\ywxkyvtf.dll
    2008-06-06 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-06 08:47 --------- d-----w C:\Documents and Settings\hamga\Application Data\Talkback
    2008-06-01 20:20 --------- d-----w C:\Documents and Settings\hamga\Application Data\ItsLabel
    2008-06-01 20:11 63,909 ----a-w C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe
    2008-06-01 15:11 --------- d-----w C:\Documents and Settings\hamga\Application Data\vlc
    2008-06-01 15:10 --------- d-----w C:\Program Files\VideoLAN
    2008-06-01 15:10 --------- d-----w C:\Documents and Settings\hamga\Application Data\EoRezo
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-01-29 17:10 0 ----a-w C:\Documents and Settings\hamga\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "epm-dm"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-28 13:20 949376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
    "C:\\Program Files\\Hercules\\Hercules DualPix HD Webcam\\Station2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-12-08 14:02]
    S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-11-16 16:01]
    S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
    S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
    S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://free.fr/
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-29 20:33:27
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Temps d'accomplissement: 2008-07-29 20:33:49
    ComboFix-quarantined-files.txt 2008-07-29 18:33:48
    ComboFix2.txt 2008-07-29 18:26:22

    Pre-Run: 14,816,313,344 octets libres
    Post-Run: 14,799,994,880 octets libres

    143 --- E O F --- 2008-07-28 18:14:20
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  8. clapasol Messages postés 15 Statut Membre
     
    hello
    voici le rapport , j'ai toujours une fenetre sur le bureau avec "ring tone"

    Malwarebytes' Anti-Malware 1.23
    Version de la base de données: 1008
    Windows 5.1.2600 Service Pack 3

    18:05:32 30/07/2008
    mbam-log-7-30-2008 (18-05-32).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 84120
    Temps écoulé: 1 hour(s), 24 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 32

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\XOBE\fetchdll33.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089903.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089904.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089922.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0091281.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP228\A0093794.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP233\A0098126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098441.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098929.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098931.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103797.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103801.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103823.dll (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103825.dll (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\htufcrhi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\suealgxt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wwjtveoi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\packet.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    merci
    0
  9. clapasol Messages postés 15 Statut Membre
     
    hello
    j'ai toujours sur le bureau "ring tone" comme fond de bureau

    Malwarebytes' Anti-Malware 1.23
    Version de la base de données: 1008
    Windows 5.1.2600 Service Pack 3

    18:05:32 30/07/2008
    mbam-log-7-30-2008 (18-05-32).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 84120
    Temps écoulé: 1 hour(s), 24 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 32

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\XOBE\fetchdll33.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089903.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089904.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089922.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0091281.exe (Malware.Tool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP228\A0093794.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP233\A0098126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098441.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098929.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098931.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103797.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103801.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103823.dll (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103825.dll (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\htufcrhi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\suealgxt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wwjtveoi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\packet.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
    0
  11. clapasol Messages postés 15 Statut Membre
     
    COMME PROMIS VOICI LE RAPPORT DE SMITFRAUDFIX :

    SmitFraudFix v2.332

    Rapport fait à 22:13:56,82, 30/07/2008
    Executé à partir de C:\Documents and Settings\hamga\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\hamga\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\hamga

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\hamga\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\hamga\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

    - Réponds O(oui) à ces deux questions si elles te sont posées

    Voulez-vous nettoyer le registre ?
    Corriger le fichier infecté ?

    - Un rapport sera généré, sauvegarde-le sur le bureau

    - Poste le rapport SmitfraudFix et un nouveau rapport HijackThis
    0
  13. clapasol Messages postés 15 Statut Membre
     
    bonjour
    voici le rapport smitfraud :

    SmitFraudFix v2.332

    Rapport fait à 13:28:52,46, 31/07/2008
    Executé à partir de C:\Documents and Settings\hamga\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. clapasol Messages postés 15 Statut Membre
     
    puis voici le rapport de HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:06, on 31/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ça s'améliore ?
    0
  16. clapasol Messages postés 15 Statut Membre
     
    bonjour
    je pense que mon probleme est resolu , je te remercie de ton aide precieuse , et merci au forum de "commentcamarche" .
    cordialement
    pascal
    0