Sujet Précédent Sujet Suivant

Virus Alert, disparition lecteur c et d

frank_villeneuve Messages postés 15 Statut Membre -  
 chris38 -
Bonjour,

Je suis chez de la famille pour quelques jours et, comme ils ont des problemes avec leur ordinateur (sous Windows XP edition familiale), je tente de réparer cela.

Hier, j'ai fait un scan avec AVG Anti-Virus et j'ai pu supprimer une trentaine de malwares/trojan/virus. J'ai aussi fait un scan avec Ad-Aware et j'ai également supprimé pas mal de spywares.

Pourtant, un problème persiste. Dans la barre des tâches, à droite de l'heure, il reste un message VIRUS ALERT!. Aussi, les lecteurs C (disque dur) et D (cd) sont disparus de mon poste de travail. L'accès au registre et au gestionnaire des tâches était bloqué mais je suis parvenu à les débloquer. Finalement, des pages d'anti-virus continuent d'apparaître sous internet explorer et de m'avertir de possibles dangers (pour me pousser à acheter je ne sais trop quoi).

J'ai fait un scan sous hijackthis, comme j'avais lu sur ce forum.

Merci de votre aide et voilà les résultats :

Logfile of HijackThis v1.99.1
Scan saved at 12:17: VIRUS ALERT!, on 2008-07-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jacques\Bureau\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {02104BCF-EB9C-0854-4EC8-2698D0EFF0BF} - (no file)
O2 - BHO: {9ed02633-254e-dbc8-d554-c78703fdab02} - {20badf30-787c-455d-8cbd-e45233620de9} - (no file)
O2 - BHO: (no name) - {267212FE-B77A-4C83-BB75-3F84B52A3BEE} - (no file)
O2 - BHO: (no name) - {5D65A25D-E739-4803-92FC-FF71D41170F3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Olive - {AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A} - C:\WINDOWS\nfavxwdbsxb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: fdkowvbp - {BF53502D-3BEF-4273-9925-89D7526A5F87} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [KERNEL32] KERNEL32.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129w.bay129.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CF69A35-1EF9-4DB2-96BE-5B97B162E572}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O20 - Winlogon Notify: yayAQICs - yayAQICs.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eqvwamkl - {B8FBA542-822E-4193-A1A2-7F358BDC60B7} - C:\WINDOWS\eqvwamkl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
chefpunky Messages postés 676 Statut Membre 31
 
Salut,

desactive les comptes utilisateur:

(tuto)https://www.linternaute.fr/hightech/guide-high-tech/1413500-comment-desactiver-un-compte-utilisateur-sous-windows-xp/

ensuite telecharge smitFraudFix:http://telechargement.zebulon.fr/smitfraudfix.html

1.1 dezip le tout

1.2 double click sur smitfraudfix.cmd

1.3 choisit l' option 1

1.4 poste ton rapport ici.
1
Réponse 2 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
SmitFraudFix v2.332

Rapport fait à 12:32:35,88, 2008-07-29
Executé à partir de C:\Documents and Settings\Jacques\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jacques\Bureau\hjt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jacques\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacques

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jacques\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jacques\Favoris

C:\DOCUME~1\Jacques\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\Jacques\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\Jacques\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 207.164.234.129
DNS Server Search Order: 207.164.234.193

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF69A35-1EF9-4DB2-96BE-5B97B162E572}: NameServer=207.164.234.129 207.164.234.193
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8C96597-9FA1-44E1-B456-F225418B21CA}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CF69A35-1EF9-4DB2-96BE-5B97B162E572}: NameServer=207.164.234.129 207.164.234.193
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8C96597-9FA1-44E1-B456-F225418B21CA}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F8C96597-9FA1-44E1-B456-F225418B21CA}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
1
Réponse 3 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
J'ai fait le nettoyage avec Smitfraud en mode sans échec (mais j'ai oublié de sauvegarder le rapport). Suite au redémarrage, l'ordinateur semble déjà plus rapide, l'alerte près de l'horloge est disparue et les lecteurs sont réapparus. Tout devrait fonctionner normalement maintenant ou il reste des étapes?
1
Réponse 4 / 24
Utilisateur anonyme
 
Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
Voici le rapport de Malwarebytes :

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1007
Windows 5.1.2600 Service Pack 2

14:42:03 2008-07-29
mbam-log-7-29-2008 (14-41-57).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 182712
Temps écoulé: 1 hour(s), 33 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 73

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1d20694-74d9-472d-af03-08c26173a67f} (Adware.EGDAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8fba542-822e-4193-a1a2-7f358bdc60b7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{f0a426bc-cb51-4d2b-b720-f959540b0ab2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{13b563e9-b008-4d3a-bbc0-fbb424634455} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bgow (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> No action taken.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP886\A0188943.vxd (Adware.Winad) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200310.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200311.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200312.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200313.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200314.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0201310.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0201311.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0202310.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0202311.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0202327.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0203332.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203381.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203369.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203370.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203373.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203374.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203375.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203376.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203377.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203378.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203379.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203380.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203382.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203384.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203385.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203386.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203387.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203388.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203389.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203390.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203392.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203393.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203394.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203395.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203396.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\eovp.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\drivers\Winch51.sys (Rootkit.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727102202125.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727102823234.log (Rogue.WinSpywareProtect) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080728221011968.log (Rogue.WinSpywareProtect) -> No action taken.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\dialerexe.ini (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Jacques\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Bureau\NAKED LADIES.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Bureau\TITS AND ASS.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Max\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Frank\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Frank\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Max\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Frank\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
1
Réponse 6 / 24
Utilisateur anonyme
 
No action taken

T AS PAS SUPPRIMER
1
Réponse 7 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
Désolé, c'était le log AVANT la supression. Voici le suivant.

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1007
Windows 5.1.2600 Service Pack 2

14:42:39 2008-07-29
mbam-log-7-29-2008 (14-42-39).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 182712
Temps écoulé: 1 hour(s), 33 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 73

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1d20694-74d9-472d-af03-08c26173a67f} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8fba542-822e-4193-a1a2-7f358bdc60b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0a426bc-cb51-4d2b-b720-f959540b0ab2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13b563e9-b008-4d3a-bbc0-fbb424634455} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bgow (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP886\A0188943.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200310.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200311.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200313.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0200314.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0201310.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0201311.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0202310.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0202311.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0202327.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP890\A0203332.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203381.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203369.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203374.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203375.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203376.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203377.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203378.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203379.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203380.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203382.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203384.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203385.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203386.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203387.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203388.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203389.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203390.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203392.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203393.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203394.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203395.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2119914A-49D1-4CFB-BD32-348F622B6932}\RP891\A0203396.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\eovp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winch51.sys (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727102202125.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080727102823234.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\LOG\20080728221011968.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\dialerexe.ini (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacques\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Bureau\NAKED LADIES.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Bureau\TITS AND ASS.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Max\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
1
Réponse 8 / 24
Utilisateur anonyme
 
réouvre malewarebyte
va sur quarantaine
supprime tout

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
1
Réponse 9 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
ComboFix 08-07-28.6 - Jacques 2008-07-29 15:03:22.1 - NTFSx86
Endroit: C:\Documents and Settings\Jacques\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Max\Application Data\macromedia\Flash Player\#SharedObjects\3CN9FNB3\interclick.com
C:\Documents and Settings\Max\Application Data\macromedia\Flash Player\#SharedObjects\3CN9FNB3\interclick.com\ud.sol
C:\Documents and Settings\Max\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Max\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Max\Application Data\WeatherDPA
C:\Documents and Settings\Max\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Max\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\NoYIknmp.ini
C:\WINDOWS\system32\NoYIknmp.ini2
C:\WINDOWS\system32\oytdawpt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))))))
.

2008-07-29 13:01 . 2008-07-29 13:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 13:01 . 2008-07-29 13:01 <REP> d-------- C:\Documents and Settings\Jacques\Application Data\Malwarebytes
2008-07-29 13:01 . 2008-07-29 13:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 13:01 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 13:01 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 12:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-29 12:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-29 12:32 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-29 12:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-29 12:32 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-29 12:32 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-29 12:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-29 12:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-29 12:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-29 12:32 . 2008-07-29 12:43 1,542 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-29 11:20 . 2008-07-29 11:20 <REP> d-------- C:\Program Files\Vilma
2008-07-28 22:17 . 2008-07-28 22:17 <REP> d-------- C:\Documents and Settings\Frank\Application Data\TmpRecentIcons
2008-07-27 13:55 . 2008-07-27 13:55 <REP> d-------- C:\Documents and Settings\Max\Application Data\TmpRecentIcons
2008-07-13 10:05 . 2008-07-13 10:05 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-13 10:05 . 2008-07-13 10:05 <REP> d-------- C:\WINDOWS\Profiles
2008-07-13 10:05 . 2008-07-13 10:05 <REP> d-------- C:\Documents and Settings\Jacques\Application Data\InterTrust
2008-07-08 18:41 . 2008-07-08 18:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-02 19:08 . 2008-07-02 19:08 <REP> d-------- C:\Documents and Settings\Max\.limewire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 13:58 --------- d-----w C:\Documents and Settings\Jacques\Application Data\AVG7
2008-07-29 13:51 --------- d-----w C:\Program Files\Sim City 3
2008-07-29 13:51 --------- d-----w C:\Documents and Settings\Max\Application Data\LimeWire
2008-07-29 13:50 --------- d-----w C:\Documents and Settings\Max\Application Data\AVG7
2008-07-29 13:43 --------- d-----w C:\Documents and Settings\Frank\Application Data\AVG7
2008-07-29 13:34 --------- d-----w C:\Program Files\Screen Recorder
2008-07-28 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-07-13 14:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-08 22:42 --------- d-----w C:\Program Files\FileZilla
2008-07-08 22:41 --------- d-----w C:\Program Files\Lavasoft
2008-07-08 22:41 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-08 22:35 --------- d-----w C:\Program Files\Microsoft Money
2008-07-08 22:27 13,612 ----a-w C:\Documents and Settings\Max\Application Data\wklnhst.dat
2008-07-02 23:08 --------- d-----w C:\Program Files\LimeWire
2008-07-01 19:47 --------- d-----w C:\Documents and Settings\Jacques\Application Data\AdobeUM
2008-06-27 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-25 18:25 --------- d-----w C:\Program Files\iTunes
2008-06-25 18:20 --------- d-----w C:\Program Files\iPod
2008-06-25 18:18 --------- d-----w C:\Program Files\QuickTime
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-03-07 16:26 53,488 ----a-w C:\Documents and Settings\Frank\Application Data\wklnhst.dat
2006-10-19 01:27 61,768 ----a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
2005-03-25 18:29 0 ----a-w C:\Documents and Settings\Jacques\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 06:08 172032]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-18 08:58 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 19:09 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-08 19:46 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winch51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winns61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty61.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Menu Démarrer^Programmes^Démarrage^InterAct Profile Activator.lnk]
path=C:\Documents and Settings\Frank\Menu Démarrer\Programmes\Démarrage\InterAct Profile Activator.lnk
backup=C:\WINDOWS\pss\InterAct Profile Activator.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2smf35P
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoupd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DirectX64

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcylhjvbarsx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 19:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
--a------ 1998-11-30 19:04 497376 C:\WINDOWS\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-23 10:31 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-01-23 10:36 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
--a------ 2007-01-30 20:36 57344 C:\Program Files\MarkAny\ContentSafer\MaAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 07:32 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2002-05-03 11:40 4341760 C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-11-02 14:43 472632 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-24 16:41 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-12 10:33 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 13:14 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-04-24 17:53 54784 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S0 Winch51;Winch51;C:\WINDOWS\system32\Drivers\Winch51.sys []
S0 Winns61;Winns61;C:\WINDOWS\system32\Drivers\Winns61.sys []
S0 Winty61;Winty61;C:\WINDOWS\system32\Drivers\Winty61.sys []
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-05-03 11:41]
S3 gsplittm;gsplittm;C:\DOCUME~1\Frank\LOCALS~1\Temp\gsplittm.sys []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 00:11]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-06-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-06-27 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-04-19 23:42]

2005-09-29 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{02104BCF-EB9C-0854-4EC8-2698D0EFF0BF} - (no file)
BHO-{20badf30-787c-455d-8cbd-e45233620de9} - (no file)
BHO-{5D65A25D-E739-4803-92FC-FF71D41170F3} - (no file)
HKLM-RunServices-KERNEL32 - KERNEL32.EXE
Notify-yayAQICs - yayAQICs.dll
MSConfigStartUp-Active Desktop Calendar - C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
MSConfigStartUp-ActiveChin - C:\PROGRA~1\WIPEDO~1\proxy soap.exe
MSConfigStartUp-AdaptecDirectCD - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
MSConfigStartUp-Antivirus - C:\Program Files\VAV\vav.exe
MSConfigStartUp-ccdf6998 - C:\WINDOWS\system32\tpwadtyo.dll
MSConfigStartUp-Envoyer à la victime - C:\WINDOWS\Envoyer à la victime.exe
MSConfigStartUp-License Manager - C:\Program Files\License_Manager\license_manager.exe
MSConfigStartUp-MediaPipe P2P Loader - C:\Program Files\p2pnetworks\mpp2pl.exe
MSConfigStartUp-s9201 - C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
MSConfigStartUp-seekmo - c:\program files\seekmo\seekmo.exe
MSConfigStartUp-Sys2 - C:\Windows\Sys2.exe
MSConfigStartUp-Sys3 - C:\Windows\Sys3.exe
MSConfigStartUp-Windows AdControl - C:\Program Files\Windows AdControl\WinAdCtl.exe
MSConfigStartUp-wrna3ls - C:\Program Files\rnamfler\naomf.exe
MSConfigStartUp-KERNEL32 - KERNEL32.EXE

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
O9 -: {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O18 -: Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O18 -: Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL

O16 -: Interface Chat Voila - hxxp://chat7.x-echo.com/version6/Applet/vchatsign.cab
C:\WINDOWS\Downloaded Program Files\Interface Chat Voila.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: TruePass EPF 7,0,100,717 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
C:\WINDOWS\Downloaded Program Files\TruePass EPF 7,0,100,717.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 15:11:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

C:\WINDOWS\explorer.exe [1780] 0x8285F720

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
KERNEL32 = KERNEL32.EXE?

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-29 15:18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-29 19:18:31

Pre-Run: 104,125,530,112 octets libres
Post-Run: 104,903,356,416 octets libres

254 --- E O F --- 2008-07-08 22:35:25
1
Réponse 10 / 24
Utilisateur anonyme
 
ok

refais un scan hijackthis et post le rapport et dis tes soucis stp
1
Réponse 11 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
En fait, tout semble maintenant fonctionner correctement. Tous les signes d<infections visibles sont disparus. Le problème devrait être résolu?

Logfile of HijackThis v1.99.1
Scan saved at 15:24:35, on 2008-07-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jacques\Bureau\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129w.bay129.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CF69A35-1EF9-4DB2-96BE-5B97B162E572}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1
Réponse 12 / 24
Utilisateur anonyme
 
réouvre hijckthis
fais scan only
coches ces lignes :

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129w.bay129.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

tu les coches et tu clic sur fix checked

ensuite :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

1
Réponse 13 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
EUh, avant de passer à l'étape suivante, j'ai vérifié les autres sessions d'utilisateurs sur l'ordinateur et il semblerait que l'infection y soit toujours présente : le VIRUS ALERT est toujours à côté de l'horloge.

Alors, je continue avec ta prochaine démarche, je recommence le tout en désactivant temporairement les utilisateurs? Et merde...
1
Réponse 14 / 24
Utilisateur anonyme
 
tu reste sur cette session pour l instant

quand on aura finit tu passera malewarebyte sur les autres session et virus alerte disparaitra

donc fais ceci pour l instant :

http://www.commentcamarche.net/forum/affich 7646595 virus alert disparition lecteur c et d#14
1
Réponse 15 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
-----------\\ ToolBar S&D 1.0.7 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Jacques ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 2008-07-29 | 16:00:17,00 ] [ PC : UNKNOWN-Z3WYBW6 ]
[ MAJ : 25-07-2008 | 17:35 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\MSN Messenger\msimg32.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

-----------\\ Fin du rapport a 16:01:34,93
1
Réponse 16 / 24
Utilisateur anonyme
 
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite :

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\Drivers\Winns61.sys

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
1
Réponse 17 / 24
frank_villeneuve Messages postés 15 Statut Membre 9
 
Voici le rapport pour la 1ere étape.

-----------\\ ToolBar S&D 1.0.7 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Jacques ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
[ 2008-07-29 | 16:08:07,79 ] [ PC : UNKNOWN-Z3WYBW6 ]
[ MAJ : 25-07-2008 | 17:35 ]

-----------\\ SUPPRESSION

Echec ! - C:\Program Files\MSN Messenger\msimg32.dll

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\MSN Messenger\msimg32.dll

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\MSN Messenger\msimg32.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

-----------\\ Fin du rapport a 16:09:11,39

Pour la seconde étape, le fichier Winns61.sys ne se trouve pas dans ce dossier.
1
Réponse 18 / 24
Utilisateur anonyme
 
Salut

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

0
Réponse 19 / 24
Utilisateur anonyme
 
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
0
chris38
 
Excuse moi chiquitine mais je dois avoir le même problème que la personne à qui tu à répondu c'est à dire que j'ai le message virus alert et que je ne peux pas voir mes lecteur C et D.

Est ce que je peux te poster mon rapport (smitfraudfix) afin que tu me conseils sur les étapes à suivre?

Merci d'avance...

Chris38
0
chris38 > chris38
 
C'est bon en fait j'ai réussi
0
Réponse 20 / 24
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\tmp.reg
C:\DOCUME~1\Frank\LOCALS~1\Temp\gsplittm.sys
C:\WINDOWS\system32\Drivers\Winch51.sys
C:\WINDOWS\system32\Drivers\Winns61.sys

Driver::
Winns61
gsplittm
Winch51

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
HP Battery ALERT
Gershia -
Gershia -

2 réponses
Analyse et réparation du lecteur C
Fusco -
Malekal_morte- -

9 réponses
pas de lecteur CD sur la voiture
coco -
coco -

2 réponses