Sujet Précédent Sujet Suivant

Virus, WARNING SPYWARE DETECTED

daisyman325 Messages postés 17 Statut Membre -  
ludsfa Messages postés 1287 Statut Membre -
Bonjour,
Et bien voilà pas plus tard que ce matin , j'ai un antivirus ( XP antivirus 2008) qui s'est installé par lui même sur mon ordinateur, celui-ci a commencer a faire des analyse sans que je lui demande enfin, j'ai essayer de m'en débarrasser avec spybot, le dossier et l'antivirus le contenant a été apparemment supprimé, cependant mon fond d'écran est devenu tout bleu et contient ce message "Warning! Spyware detected on your computer!Install an antivirus or spyware remover to clean your computer". Et il m'est maintenant impossible de changer le fond d'écran... Est ce que quelqu'un pourrait m'aider s'il vous plait? Merci d'avance
A voir également:

6 réponses

Réponse 1 / 6
ludsfa Messages postés 1287 Statut Membre 15
 
salut,

Télécharge ComboFix (de sUBs) sur ton Bureau:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
* Double clique sur ComboFix.exe.
* Accepte la licence en cliquant sur Oui.
* Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
0
Réponse 2 / 6
daisyman325 Messages postés 17 Statut Membre
 
Bonjour et merci déjà pour cette première étape :)...
Voilà donc le rapport de Combofix.

ComboFix 08-07-30.01 - Daiisy 2008-07-31 10:09:36.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.380 [GMT 2:00]
Endroit: C:\Documents and Settings\Daiisy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\{9C181~1
C:\WINXP\BM9f2b2901.txt
C:\WINXP\BM9f2b2901.xml
C:\WINXP\cookies.ini
C:\WINXP\Downloaded Program Files\setup.inf
C:\WINXP\pack.epk
C:\WINXP\system32\2.tmp
C:\WINXP\system32\abeeg.ini
C:\WINXP\system32\abeeg.ini2
C:\WINXP\system32\awlnqlsl.ini
C:\WINXP\system32\aylwyplk.ini
C:\WINXP\system32\blphc74dj0eg2e.scr
C:\WINXP\system32\brfqrkon.ini
C:\WINXP\system32\bygqbvwo.ini
C:\WINXP\system32\cccdd.ini
C:\WINXP\system32\cccdd.ini2
C:\WINXP\system32\cehppdvb.ini
C:\WINXP\system32\colhjreq.ini
C:\WINXP\system32\components
C:\WINXP\system32\dgjlm.bak1
C:\WINXP\system32\dgjlm.bak2
C:\WINXP\system32\dgjlm.ini
C:\WINXP\system32\dgjlm.ini2
C:\WINXP\system32\dnioqwfs.ini
C:\WINXP\system32\doggqdlq.ini
C:\WINXP\system32\dqoudirs.ini
C:\WINXP\system32\eemorgre.ini
C:\WINXP\system32\ehgbsbsb.ini
C:\WINXP\system32\fhdnwgyi.ini
C:\WINXP\system32\forsvgxs.ini
C:\WINXP\system32\fpnxswdx.dll
C:\WINXP\system32\fsijqjcv.dat
C:\WINXP\system32\fsijqjcv_nav.dat
C:\WINXP\system32\fsijqjcv_navps.dat
C:\WINXP\system32\hcnwg4u.sys
C:\WINXP\system32\ihhkj.ini
C:\WINXP\system32\ihhkj.ini2
C:\WINXP\system32\jambngnh.ini
C:\WINXP\system32\jjjlm.ini
C:\WINXP\system32\jjjlm.ini2
C:\WINXP\system32\jqnrxfou.ini
C:\WINXP\system32\kvcbxxlq.ini
C:\WINXP\system32\lljuhwcw.ini
C:\WINXP\system32\lphc74dj0eg2e.exe
C:\WINXP\system32\lpufutru.ini
C:\WINXP\system32\mcrh.tmp
C:\WINXP\system32\MSINET.oca
C:\WINXP\system32\neyowu.dll
C:\WINXP\system32\odhlpioh.ini
C:\WINXP\system32\oyxgagwp.ini
C:\WINXP\system32\phc74dj0eg2e.bmp
C:\WINXP\system32\pjfpohyw.ini
C:\WINXP\system32\pqstv.ini
C:\WINXP\system32\pqstv.ini2
C:\WINXP\system32\qggbtgog.ini
C:\WINXP\system32\sstem~1
C:\WINXP\system32\sstem~1\s?stem\
C:\WINXP\system32\sxfnsjqj.dll
C:\WINXP\system32\thyxkqiw.ini
C:\WINXP\system32\tmhtlgul.ini
C:\WINXP\system32\urlmsnlink.dat
C:\WINXP\system32\vdtlfsyq.ini
C:\WINXP\system32\xdwsxnpf.ini
C:\WINXP\system32\XFfNnUtv.ini
C:\WINXP\system32\XFfNnUtv.ini2
C:\WINXP\system32\xglirbxe.ini
C:\WINXP\system32\yyadd.ini
C:\WINXP\system32\yyadd.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_msupdate
-------\Legacy_OULTRAF
-------\Service_hcnwg4u
-------\Service_oUltraf

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 12:55 . 2008-07-30 20:25 160 --a------ C:\WINXP\wininit.ini
2008-07-30 12:00 . 2008-07-30 12:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-30 11:51 . 2008-07-30 15:17 110,080 --a------ C:\qq.bin
2008-07-30 11:41 . 2008-07-30 11:45 94,208 --a------ C:\WINXP\system32\5C.tmp
2008-07-30 11:41 . 2008-07-30 11:45 94,208 --a------ C:\WINXP\system32\5A.tmp
2008-07-30 11:41 . 2008-07-30 11:45 94,208 --a------ C:\WINXP\system32\59.tmp
2008-07-30 11:41 . 2008-07-30 11:45 94,208 --a------ C:\WINXP\system32\58.tmp
2008-07-30 11:41 . 2008-07-30 11:45 94,208 --a------ C:\WINXP\system32\57.tmp
2008-07-29 14:55 . 2008-07-29 14:55 54,156 --ah----- C:\WINXP\QTFont.qfn
2008-07-29 14:55 . 2008-07-29 14:55 1,409 --a------ C:\WINXP\QTFont.for
2008-07-25 12:00 . 2008-07-25 12:04 <REP> d-------- C:\Documents and Settings\Daiisy\Phone Browser
2008-07-23 22:13 . 2008-07-23 22:13 <REP> d-------- C:\Documents and Settings\Daiisy\Application Data\Lavasoft
2008-07-21 18:32 . 2008-07-27 17:41 <REP> d-------- C:\Documents and Settings\Daiisy\Application Data\Winamp
2008-07-21 17:28 . 2008-07-21 17:28 <REP> d-------- C:\Documents and Settings\Daiisy\WINDOWS
2008-07-21 17:27 . 2008-07-22 12:35 <REP> d-------- C:\Documents and Settings\Daiisy\Application Data\DAEMON Tools
2008-07-21 12:53 . 2008-07-26 15:20 <REP> d-------- C:\Documents and Settings\Daiisy\Contacts
2008-07-21 12:45 . 2006-01-06 11:24 <REP> d--h----- C:\Documents and Settings\Daiisy\Voisinage r‚seau
2008-07-21 12:45 . 2006-01-06 11:24 <REP> d--h----- C:\Documents and Settings\Daiisy\Voisinage d'impression
2008-07-21 12:45 . 2006-01-06 10:31 <REP> d--h----- C:\Documents and Settings\Daiisy\ModŠles
2008-07-21 12:45 . 2006-01-06 11:24 <REP> dr------- C:\Documents and Settings\Daiisy\Menu D‚marrer
2008-07-21 12:45 . 2008-07-21 12:45 <REP> dr------- C:\Documents and Settings\Daiisy\Favoris
2008-07-21 12:45 . 2008-07-31 10:13 <REP> d-------- C:\Documents and Settings\Daiisy\Bureau
2008-07-21 12:45 . 2008-07-21 12:45 <REP> d-------- C:\Documents and Settings\Daiisy\Application Data\PC Suite
2008-07-21 12:45 . 2008-07-30 22:54 <REP> d-------- C:\Documents and Settings\Daiisy
2008-07-20 20:19 . 2008-07-20 20:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-20 18:53 . 2008-07-21 17:25 21,840 --a----t- C:\WINXP\system32\SIntfNT.dll
2008-07-20 18:53 . 2008-07-21 17:25 17,212 --a----t- C:\WINXP\system32\SIntf32.dll
2008-07-20 18:53 . 2008-07-21 17:25 12,067 --a----t- C:\WINXP\system32\SIntf16.dll
2008-07-20 18:46 . 2008-07-20 18:46 86,528 --a------ C:\WINXP\bnetunin.exe
2008-07-20 18:46 . 2008-07-20 18:46 61,440 --a------ C:\WINXP\diabunin.exe
2008-07-20 18:41 . 2000-03-29 16:19 766 --a------ C:\WINXP\zeusicon.ico
2008-07-20 17:01 . 1999-10-13 12:12 4,398 --a------ C:\WINXP\caesar3.ico
2008-06-27 17:33 . 2003-11-04 15:11 159,744 --a------ C:\WINXP\system32\lfpng13n.dll
2008-06-25 11:50 . 2008-06-25 11:50 <REP> d-------- C:\Program Files\Winamp Remote
2008-06-25 11:50 . 2008-06-25 11:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-25 11:48 . 2007-03-08 01:51 129,784 --------- C:\WINXP\system32\pxafs.dll
2008-06-25 11:48 . 2007-03-08 01:51 9,464 --------- C:\WINXP\system32\drivers\cdralw2k.sys
2008-06-25 11:48 . 2007-03-08 01:51 9,336 --------- C:\WINXP\system32\drivers\cdr4_xp.sys
2008-06-11 17:17 . 2008-06-14 19:59 272,768 --------- C:\WINXP\system32\drivers\bthport.sys
2008-06-11 17:17 . 2008-06-14 19:59 272,768 -----c--- C:\WINXP\system32\dllcache\bthport.sys
2008-06-11 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINXP\system32\mucltui.dll
2008-06-11 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINXP\system32\muweb.dll
2008-06-11 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINXP\system32\mucltui.dll.mui
2008-06-10 18:22 . 2008-06-10 18:22 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-10 18:22 . 2008-06-10 18:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-08 17:55 . 2008-07-21 17:36 396 --a------ C:\WINXP\SIERRA.INI
2008-06-08 17:50 . 2008-06-08 17:50 717,296 --a------ C:\WINXP\system32\drivers\sptd.sys
2008-06-02 21:44 . 2008-06-02 21:44 2 --a------ C:\-1676142030
2008-06-02 21:29 . 2008-06-02 21:29 126,976 --a------ C:\WINXP\War3Unin.exe
2008-06-02 21:29 . 2008-06-02 21:29 17,773 --a------ C:\WINXP\War3Unin.dat
2008-06-02 21:29 . 2008-06-02 21:29 2,829 --a------ C:\WINXP\War3Unin.pif
2008-06-02 20:58 . 2008-06-02 20:58 56 --ah----- C:\WINXP\system32\ezsidmv.dat
2008-06-02 20:57 . 2008-06-02 20:57 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-06-01 14:35 . 2008-06-01 14:35 <REP> d-------- C:\WINXP\Patch Darluok

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 09:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 13:50 --------- d-----w C:\Program Files\AIDA32 - Enterprise System Information
2008-06-10 16:24 --------- d-----w C:\Program Files\MSN Messenger
2008-06-10 16:22 --------- d-----w C:\Program Files\Windows Live
2008-06-02 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-31 12:50 --------- d-----w C:\WINXP\system32\config\systemprofile\Application Data\PC Suite
2008-05-19 19:40 304,160 ----a-w C:\StiImg.dat
2008-05-07 05:15 1,293,824 ----a-w C:\WINXP\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINXP\system32\wininet.dll
2007-04-21 13:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-07-03 19:53 104 --sh--r C:\WINXP\system32\843F061672.sys
2006-07-03 19:53 2,828 --sha-w C:\WINXP\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"NeroFilterCheck"="C:\WINXP\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"NvCplDaemon"="C:\WINXP\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"NvMediaCenter"="C:\WINXP\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-07 20:37 98304]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINXP\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\WINXP\\system32\\dpnsvr.exe"=
"D:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINXP\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINXP\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINXP\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 PAC207;Trust WB-1400T Webcam;C:\WINXP\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINXP\system32\drivers\sis7012.sys [2004-11-03 15:14]
S1 SpyEmrg;Spy Emergency Driver;C:\WINXP\system32\Drivers\spyemrg.sys []
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-01-04 14:28]
S3 DBKDRVR54;DBKDRVR54;D:\Program Files\Cheat Engine\dbk32.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{299e101f-3573-11dd-a787-000476170bcf}]
\shell\autorun\command - E:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-25 C:\WINXP\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{338DF609-0035-4687-B7D3-2769A781B72B} - (no file)
BHO-{39f2eabc-9494-4fbe-8235-6a99376d21fc} - C:\WINXP\system32\vtUnNfFX.dll
BHO-{8528d184-c5d7-4734-b61a-b6f7d1738f60} - (no file)
BHO-{86676808-F413-44C0-99C0-525D4F1C3F9E} - (no file)
BHO-{995EBFEC-899E-4F6F-BB9F-A75580C416BD} - (no file)
BHO-{B0EEDC94-E177-43D2-B600-84E7AC69969B} - (no file)
BHO-{BB806B69-6F46-4592-96E7-602D55D37A4C} - (no file)
BHO-{BD76DD15-C5A8-4E55-B160-61CC7FE044FC} - (no file)
HKLM-Run-9c181a9d - C:\WINXP\system32\fpnxswdx.dll
HKLM-Run-lphc74dj0eg2e - C:\WINXP\system32\lphc74dj0eg2e.exe
HKLM-Run-SMrhc34dj0eg2e - C:\Program Files\rhc34dj0eg2e\rhc34dj0eg2e.exe
ShellExecuteHooks-{62D6DDA7-8FE9-47F1-B8E9-D1D0D3D9FF3A} - C:\WINXP\system32\urqQjIbc.dll
Notify-ssqpqrp - ssqpqrp.dll
Notify-urqqjibc - urqQjIbc.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Daiisy\Application Data\Mozilla\Firefox\Profiles\2762496x.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npoji610.dll
FF -: plugin - C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npnul32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 10:15:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\PAStiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINXP\SoftwareDistribution\Download\1abbf7c00bc08e0ffcd2d1ef66130fa0\update\update.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 10:23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 08:22:57

Pre-Run: 5,347,979,264 octets libres
Post-Run: 5,242,531,840 octets libres

274 --- E O F --- 2008-07-18 13:09:02

Merci d'avance :)
0
Réponse 3 / 6
ludsfa Messages postés 1287 Statut Membre 15
 
salut,

télécharge MalwareByte's Anti-Malware sur ton bureau.

* Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec:
http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
0
Réponse 4 / 6
daisyman325 Messages postés 17 Statut Membre
 
Voici le rapport

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1014
Windows 5.1.2600 Service Pack 2

15:14:47 1/08/2008
mbam-log-8-1-2008 (15-14-47).txt

Type de recherche: Examen complet (C:\|D:\|S:\|)
Eléments examinés: 114052
Temps écoulé: 1 hour(s), 13 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\battle.net (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc34dj0eg2e (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\vtUmKDtQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINXP\system32\hcnwg4u.sys.vir (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP606\A0246739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP606\A0246781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP606\A0247525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP607\A0247568.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP607\A0247601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP611\A0249751.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP612\A0249836.sys (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP616\A0250149.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINXP\bnetunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINXP\system32\57.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\58.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\59.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\5A.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\5C.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP610\A0248090.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP611\A0249730.exe (Adware.Agent) -> Quarantined and deleted successfully.

Encore merci :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
daisyman325 Messages postés 17 Statut Membre
 
Voici le rapport

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1014
Windows 5.1.2600 Service Pack 2

15:14:47 1/08/2008
mbam-log-8-1-2008 (15-14-47).txt

Type de recherche: Examen complet (C:\|D:\|S:\|)
Eléments examinés: 114052
Temps écoulé: 1 hour(s), 13 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\battle.net (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc34dj0eg2e (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\vtUmKDtQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINXP\system32\hcnwg4u.sys.vir (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP606\A0246739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP606\A0246781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP606\A0247525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP607\A0247568.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP607\A0247601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP611\A0249751.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP612\A0249836.sys (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP616\A0250149.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINXP\bnetunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINXP\system32\57.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\58.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\59.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\5A.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINXP\system32\5C.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP610\A0248090.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{C2DABB54-0B84-4935-9497-44E852BE9536}\RP611\A0249730.exe (Adware.Agent) -> Quarantined and deleted successfully.

Encore merci :)
0
Réponse 6 / 6
ludsfa Messages postés 1287 Statut Membre 15
 
salut,

peux tu repasser combofix encore une fois.
ensuite tu m'envoie le rapport.
0

Discussions similaires

Boot failure detected
Loshxn -
georges97 -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Boot failure detected
Alex38440 -
Edawards_0352 -

8 réponses
Problème BIOS (Boot failure)
MoVdd -
flo88 -

2 réponses
usb device over current
jean-michel -
Robin -

39 réponses