Vista antivirus

sarah1311 Messages postés 12 Statut Membre -  
sarah1311 Messages postés 12 Statut Membre -
Bonjour,

Vista antivirus s'ouvre sans arrêt.. impossible d'accéder la suppression des programmes

Merci de votre aide
Configuration: Windows XP
Firefox 3.0

22 réponses

  • 1
  • 2
  1. sarah1311 Messages postés 12 Statut Membre
     
    merci pour ta réponse...

    voila le rapport...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:05: VIRUS ALERT!, on 03/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {95247e39-4a41-47e5-8651-3056bf0a3034} - (no file)
    O2 - BHO: {69e755cf-498b-6feb-35c4-f5c6d9004d61} - {16d4009d-6c5f-4c53-bef6-b894fc557e96} - C:\WINDOWS\system32\zjrfwx.dll
    O2 - BHO: QXK Olive - {182FB7A7-5BB2-4C34-A943-AB24145E78F5} - C:\WINDOWS\nfavxwdbvft.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - C:\WINDOWS\SYSTEM32\cbXrsSJA.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\WINDOWS\system32\opnnmMGW.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {B59B5092-3B4A-47AA-9D7B-64F37CEF2312} - C:\WINDOWS\system32\tuvWqOEv.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C2700D3B-E9DC-418D-84F8-2214679EBD2A} - C:\WINDOWS\system32\khfETKCR.dll (file missing)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {95247e39-4a41-47e5-8651-3056bf0a3034} - (no file)
    O3 - Toolbar: fdkowvbp - {063F86B1-1C09-4640-A4E7-4F8E074124AF} - C:\WINDOWS\fdkowvbp.dll
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdatgms.exe
    O4 - HKLM\..\Run: [\Win28.exe] C:\Windows\system32\Win28.exe
    O4 - HKLM\..\Run: [\Win29.exe] C:\Windows\system32\Win29.exe
    O4 - HKLM\..\Run: [\Win2A.exe] C:\Windows\system32\Win2A.exe
    O4 - HKLM\..\Run: [\Win2B.exe] C:\Windows\system32\Win2B.exe
    O4 - HKLM\..\Run: [\Win2C.exe] C:\Windows\system32\Win2C.exe
    O4 - HKLM\..\Run: [cc39ce75] rundll32.exe "C:\WINDOWS\system32\kfcnqwjh.dll",b
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [udcpwdksyg] c:\documents and settings\administrateur\local settings\application data\udcpwdksyg.exe udcpwdksyg
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ewehoepiy] c:\documents and settings\administrateur\local settings\application data\ewehoepiy.exe ewehoepiy
    O4 - HKCU\..\Run: [Tplo] "C:\WINDOWS\system32\MBOLS~1\spoolsv.exe" -vt yazb
    O4 - HKCU\..\Run: [\Win28.exe] C:\Windows\system32\Win28.exe
    O4 - HKCU\..\Run: [\Win29.exe] C:\Windows\system32\Win29.exe
    O4 - HKCU\..\Run: [\Win2A.exe] C:\Windows\system32\Win2A.exe
    O4 - HKCU\..\Run: [\Win2B.exe] C:\Windows\system32\Win2B.exe
    O4 - HKCU\..\Run: [\Win2C.exe] C:\Windows\system32\Win2C.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c1696de9b38b4583803aa8d469fefeeb
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c1696de9b38b4583803aa8d469fefeeb
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrateur\Mes documents\My Games\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrateur\Mes documents\My Games\PartyPoker\RunApp.exe (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: zjrfwx.dll,avgrsstx.dll
    O20 - Winlogon Notify: cbXrsSJA - C:\WINDOWS\
    O20 - Winlogon Notify: opnnmMGW - C:\WINDOWS\SYSTEM32\opnnmMGW.dll
    O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
    O21 - SSODL: eqvwamkl - {69D3C1E9-A5F4-4867-81C1-49B8993A80C5} - C:\WINDOWS\eqvwamkl.dll
    O21 - SSODL: wnslvxtf - {BC0D1AFE-AD6D-4A67-9DBA-BCE059BBA516} - C:\WINDOWS\wnslvxtf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\pronyk.html
    O24 - Desktop Component 1: (no name) - http://www.wbphotos.com/albums/userpics/10001/Alger-1089-0.jpg
    O24 - Desktop Component 2: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Oula... Ton ordinateur a plusieurs infections, il va falloir utiliser plusieurs outils différents pour nettoyer, merci de suivre les procédures de désinfection jusqu'au bout

    Ton ordinateur est notamment infecté par MagicControl/navipromo, qui s'installe via des programmes dits "gratuits", dont ceux-ci :
    * go-astro
    * GoRecord
    * HotTVPlayer / HotTVPlayer & Paris Hilton
    * Live-Player
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * Officiale Emule (Version d'Emule modifiée)
    * Sudoplanet
    * Webmediaplayer

    Pour désinfecter, merci de suivre exactement cette procédure :

    Télécharge maintenant Navilog1 depuis-ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, lance Navilog

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le bloc note va s'ouvrir.
    Copie-colle l'intégralité du rapport ici.

    0
  3. sarah1311 Messages postés 12 Statut Membre
     
    merci, voila le rapport..

    Search Navipromo version 3.6.1 commencé le 03/08/2008 à 14:41:25,75

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Administrateur"

    Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    WebMediaPlayer

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    ...\WebMediaPlayer trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    ...\WebMediaPlayer trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier Navipromo trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

    *** Recherche fichiers ***

    C:\WINDOWS\system32\nvs2.inf trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :

    ewehoepiy.dat trouvé !
    ewehoepiy_nav.dat trouvé !
    ewehoepiy_navps.dat trouvé !
    udcpwdksyg.dat trouvé !
    udcpwdksyg_nav.dat trouvé !
    udcpwdksyg_navps.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\RCKTEfhk.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\vEOqWvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

    *** Analyse terminée le 03/08/2008 à 14:44:09,84 ***
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    WebMediaPlayer va être supprimé par navilog, ne réinstalle pas ce programme piégé stp :

    Relance Navilog à l'aide du raccourci navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis 2 et valide.

    Le fix va t'informer qu'il va alors redémarrer ton PC
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé.
    (si ton Pc ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***

    Le bloc note va s'ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.

    0
  6. sarah1311 Messages postés 12 Statut Membre
     
    c'est fait..je poste le rapport:

    Clean Navipromo version 3.6.1 commencé le 03/08/2008 à 14:52:08,89

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Administrateur"

    Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS

    Nettoyage exécuté au redémarrage de l'ordinateur

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *

    * Suppression dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

    *** Suppression dossiers dans "C:\WINDOWS" ***

    *** Suppression dossiers dans "C:\Program Files" ***

    ...\WebMediaPlayer ...suppression...
    ...\WebMediaPlayer supprimé !

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    ...\WebMediaPlayer ...suppression...
    ...\WebMediaPlayer supprimé !

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***

    *** Suppression fichiers ***

    C:\WINDOWS\system32\nvs2.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Administrateur\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :

    * Dans "C:\WINDOWS\system32" *

    * Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

    ewehoepiy.dat trouvé !
    Copie ewehoepiy.dat réalisée avec succès !
    ewehoepiy.dat supprimé !

    ewehoepiy_nav.dat trouvé !
    Copie ewehoepiy_nav.dat réalisée avec succès !
    ewehoepiy_nav.dat supprimé !

    ewehoepiy_navps.dat trouvé !
    Copie ewehoepiy_navps.dat réalisée avec succès !
    ewehoepiy_navps.dat supprimé !

    udcpwdksyg.dat trouvé !
    Copie udcpwdksyg.dat réalisée avec succès !
    udcpwdksyg.dat supprimé !

    udcpwdksyg_nav.dat trouvé !
    Copie udcpwdksyg_nav.dat réalisée avec succès !
    udcpwdksyg_nav.dat supprimé !

    udcpwdksyg_navps.dat trouvé !
    Copie udcpwdksyg_navps.dat réalisée avec succès !
    udcpwdksyg_navps.dat supprimé !

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 03/08/2008 à 14:55:45,56 ***
    0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Une infection de moins ;) Ensuite, ce programme devrait supprimer l'alerte sur ton fond d'écran

    Télécharge SmitfraudFix :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse stp.

    Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php

    0
  8. sarah1311 Messages postés 12 Statut Membre
     
    voila le rapport...
    SmitFraudFix v2.333

    Rapport fait à 15:03:56,85, 03/08/2008
    Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\privacy_danger PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

    C:\DOCUME~1\ADMINI~1\Favoris\Error Cleaner.url PRESENT !
    C:\DOCUME~1\ADMINI~1\Favoris\Privacy Protector.url PRESENT !
    C:\DOCUME~1\ADMINI~1\Favoris\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\ADMINI~1\Bureau\Error Cleaner.url PRESENT !
    C:\DOCUME~1\ADMINI~1\Bureau\Privacy Protector.url PRESENT !
    C:\DOCUME~1\ADMINI~1\Bureau\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="C:\\Program Files\\Internet Explorer\\pronyk.html"
    "SubscribedURL"=""
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="http://www.wbphotos.com/albums/userpics/10001/Alger-1089-0.jpg"
    "SubscribedURL"="http://www.wbphotos.com/albums/userpics/10001/Alger-1089-0.jpg"
    "FriendlyName"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
    "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
    "SubscribedURL"=""
    "FriendlyName"="Privacy Protection"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    +--------------------------------------------------+
    [!] Suspicious: nfavxwdbvft.dll
    BHO: QXK Olive - {182FB7A7-5BB2-4C34-A943-AB24145E78F5}
    TypeLib: {F17AC61F-D856-4096-A059-606998166442}
    Interface: {DCFED1CD-73AB-4E6B-BB51-097A483C1C99}
    Interface: {FBD77A58-B1BF-41CA-94BA-A5F521C42842}

    [!] Suspicious: fdkowvbp.dll
    Toolbar: fdkowvbp - {063F86B1-1C09-4640-A4E7-4F8E074124AF}
    TypeLib: {91D07571-FFF1-424F-A1AA-5AB1A756AAA2}
    Interface: {AF270088-5F0A-48DC-8583-82FEBF0C8D77}
    Classe: fdkowvbp.bmtk
    Classe: fdkowvbp.ToolBar.1

    [!] Suspicious: eqvwamkl.dll
    SSODL: eqvwamkl - {69D3C1E9-A5F4-4867-81C1-49B8993A80C5}

    [!] Suspicious: wnslvxtf.dll
    SSODL: wnslvxtf - {BC0D1AFE-AD6D-4A67-9DBA-BCE059BBA516}

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="zjrfwx.dll,avgrsstx.dll"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{53F01E6F-6635-4FD0-9C4E-B32AEA253676}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{53F01E6F-6635-4FD0-9C4E-B32AEA253676}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{53F01E6F-6635-4FD0-9C4E-B32AEA253676}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  9. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, maintenant, démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter (avant le logo windows)
    Un menu va apparaitre, déplace-toi avec les flèches du clavier sur Démarrer en mode sans échec puis tape Entrée.
    Une fois sur le bureau, s’il n’y a pas toutes les couleurs et autres, c’est normal !

    Relance le programme SmitfraudFix.
    Cette fois, choisis l’option 2, répond oui à tous;
    A la fin, sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.

    0
  10. sarah1311 Messages postés 12 Statut Membre
     
    c'est fait,

    voila le rapport :

    SmitFraudFix v2.333

    Rapport fait à 15:12:09,26, 03/08/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    C:\WINDOWS\nfavxwdbvft.dll deleted.
    C:\WINDOWS\fdkowvbp.dll deleted.
    C:\WINDOWS\eqvwamkl.dll deleted.
    C:\WINDOWS\wnslvxtf.dll deleted.

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\privacy_danger\ supprimé
    C:\DOCUME~1\ADMINI~1\Bureau\Error Cleaner.url supprimé
    C:\DOCUME~1\ADMINI~1\Bureau\Privacy Protector.url supprimé
    C:\DOCUME~1\ADMINI~1\Bureau\Spyware?Malware Protection.url supprimé
    C:\DOCUME~1\ADMINI~1\Favoris\Error Cleaner.url supprimé
    C:\DOCUME~1\ADMINI~1\Favoris\Privacy Protector.url supprimé
    C:\DOCUME~1\ADMINI~1\Favoris\Spyware?Malware Protection.url supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{53F01E6F-6635-4FD0-9C4E-B32AEA253676}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{53F01E6F-6635-4FD0-9C4E-B32AEA253676}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{53F01E6F-6635-4FD0-9C4E-B32AEA253676}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  11. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, on passe à MalwareByte's

    Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    - A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    - Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme

    Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
    Choisis ta session habituelle

    Lance Malwarebyte's Anti-Malware
    - Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
    - Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    - A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
    - Suppression des éléments détectés --> clique sur Supprimer la sélection
    - S'il t'es demandé de redémarrer, clique sur Yes

    Poste le rapport de scan après la suppression ici

    0
  12. sarah1311 Messages postés 12 Statut Membre
     
    c'est fait..

    voila le rapport après suppression:

    alwarebytes' Anti-Malware 1.24
    Version de la base de données: 1018
    Windows 5.1.2600 Service Pack 2

    15:52:48 03/08/2008
    mbam-log-8-3-2008 (15-52-48).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 65576
    Temps écoulé: 20 minute(s), 45 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 69
    Valeur(s) du Registre infectée(s): 25
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 27
    Fichier(s) infecté(s): 56

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\opnnmMGW.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\zjrfwx.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16d4009d-6c5f-4c53-bef6-b894fc557e96} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{16d4009d-6c5f-4c53-bef6-b894fc557e96} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a596175d-bbc7-476a-a152-fba652b64505} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a596175d-bbc7-476a-a152-fba652b64505} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnmmgw (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcjd8j0ej47 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcjd8j0ej47 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc39ce75 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a596175d-bbc7-476a-a152-fba652b64505} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win2a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win2b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win2a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win2b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\rhcjd8j0ej47\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\zjrfwx.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\kfcnqwjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hjwqncfk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnnmMGW.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\HR0XPYV5\CAOL81O7 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\VAV\vav.exe (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\etfl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcdDvVM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfFXQjJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lapvfacr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnoonKc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\rhcjd8j0ej47.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\rhcjd8j0ej47.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcjd8j0ej47\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtSMdBS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUmkkiJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMcf0afde9.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMcf0afde9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcnd8j0ej47.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    0
  13. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ce n'est pas encore fini (même si ça doit déja aller mieux ?)

    Peux-tu poster un nouveau rapport hijackthis stp ?

    Ensuite, fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
    Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    !! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation :
    en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
    ---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre ...

    Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :
    double-clique sur C-Fix.exe ( = combofix.exe ) .

    Appuie sur la touche Y (Yes) pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi.
    ---> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  14. sarah1311 Messages postés 12 Statut Membre
     
    merci ca va deja beaucoup mieux pour commencer le rapport hijackthis..je continue et j'envoie le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:06:17, on 03/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {95247e39-4a41-47e5-8651-3056bf0a3034} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - C:\WINDOWS\SYSTEM32\cbXrsSJA.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {A596175D-BBC7-476A-A152-FBA652B64505} - C:\WINDOWS\SYSTEM32\opnnmMGW.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {B59B5092-3B4A-47AA-9D7B-64F37CEF2312} - C:\WINDOWS\system32\tuvWqOEv.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C2700D3B-E9DC-418D-84F8-2214679EBD2A} - C:\WINDOWS\system32\khfETKCR.dll (file missing)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {95247e39-4a41-47e5-8651-3056bf0a3034} - (no file)
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Tplo] "C:\WINDOWS\system32\MBOLS~1\spoolsv.exe" -vt yazb
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c1696de9b38b4583803aa8d469fefeeb
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c1696de9b38b4583803aa8d469fefeeb
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrateur\Mes documents\My Games\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrateur\Mes documents\My Games\PartyPoker\RunApp.exe (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: zjrfwx.dll,avgrsstx.dll,
    O20 - Winlogon Notify: cbXrsSJA - C:\WINDOWS\
    O20 - Winlogon Notify: opnnmMGW - C:\WINDOWS\SYSTEM32\opnnmMGW.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 2: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  15. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, il reste encore des fichiers infectés
    J'attends le rapport combofix, on va nettoyer avec ce programme ;)

    P.S : je vais être un peu occupé, mais ne t'inquiète pas, je te répondrai un peu plus tard

    0
  16. sarah1311 Messages postés 12 Statut Membre
     
    voila le rapport :

    ComboFix 08-08-02.01 - Administrateur 2008-08-03 16:19:14.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.495 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\C-Fix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Application Data\FunWebProducts
    C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\#SharedObjects\N6J9YUFN\interclick.com
    C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\#SharedObjects\N6J9YUFN\interclick.com\ud.sol
    C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\CPV.stt
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outerinfo
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\WINDOWS\fnts~1
    C:\WINDOWS\system32\anmtddhx.ini
    C:\WINDOWS\system32\aunsoxrr.ini
    C:\WINDOWS\system32\bditgieq.ini
    C:\WINDOWS\system32\bsbsfase.ini
    C:\WINDOWS\system32\bvpwtmlj.ini
    C:\WINDOWS\system32\bwfubnag.ini
    C:\WINDOWS\system32\cdvoagxc.ini
    C:\WINDOWS\system32\clfdewdp.ini
    C:\WINDOWS\system32\ddprcytp.ini
    C:\WINDOWS\system32\dluuggvl.ini
    c:\windows\system32\Drivers\Winiw80.sys
    C:\WINDOWS\system32\ensxkmli.ini
    C:\WINDOWS\system32\fkofnypj.ini
    C:\WINDOWS\system32\gagotbgw.ini
    C:\WINDOWS\system32\gtxkuhcv.ini
    C:\WINDOWS\system32\hguplxju.ini
    C:\WINDOWS\system32\hnjfvmae.ini
    C:\WINDOWS\system32\hogmyrhn.ini
    C:\WINDOWS\system32\ilaansdw.ini
    C:\WINDOWS\system32\jrwbqorg.ini
    C:\WINDOWS\system32\kvhlvxyq.ini
    C:\WINDOWS\system32\lgfabkdu.ini
    C:\WINDOWS\system32\lgfbyqkg.ini
    C:\WINDOWS\system32\mavsfwgi.ini
    C:\WINDOWS\system32\mbols~1
    C:\WINDOWS\system32\mbols~1\??mbols\
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mhvbpthx.ini
    C:\WINDOWS\system32\muoodlto.ini
    C:\WINDOWS\system32\muqbwekq.ini
    C:\WINDOWS\system32\myxtdkjk.ini
    C:\WINDOWS\system32\nfuicjwq.ini
    C:\WINDOWS\system32\odblivnh.ini
    C:\WINDOWS\system32\opangaeh.ini
    C:\WINDOWS\system32\opnnmMGW.dll
    C:\WINDOWS\system32\pmecismr.ini
    C:\WINDOWS\system32\qaisdlls.ini
    C:\WINDOWS\system32\qvabnoqu.ini
    C:\WINDOWS\system32\qwmuofnw.ini
    C:\WINDOWS\system32\RCKTEfhk.ini
    C:\WINDOWS\system32\RCKTEfhk.ini2
    C:\WINDOWS\system32\rhwjipuv.ini
    C:\WINDOWS\system32\rolwmsqu.ini
    C:\WINDOWS\system32\runfdtbn.ini
    C:\WINDOWS\system32\uhjxclyn.ini
    C:\WINDOWS\system32\ukpappmn.ini
    C:\WINDOWS\system32\uksvopav.ini
    C:\WINDOWS\system32\vEOqWvut.ini
    C:\WINDOWS\system32\vEOqWvut.ini2
    C:\WINDOWS\system32\xdqscemd.ini
    C:\WINDOWS\system32\yivqhtat.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_WINIW80
    -------\Service_Winiw80

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\system32\restore
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\system32\oobe
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\srchasst
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-08-03 15:24 . 2008-08-03 15:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-03 15:24 . 2008-08-03 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-03 15:24 . 2008-08-03 15:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-08-03 15:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-03 15:24 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-03 15:04 . 2008-08-03 15:12 1,228 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-03 14:39 . 2008-08-03 14:55 <REP> d-------- C:\Program Files\Navilog1
    2008-08-03 13:08 . 2008-08-03 14:07 <REP> d--h----- C:\$AVG8.VAULT$
    2008-08-03 12:58 . 2008-08-03 12:58 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-03 12:58 . 2008-08-03 12:58 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-08-03 12:58 . 2008-08-03 12:58 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-08-03 12:58 . 2008-08-03 12:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-08-03 12:57 . 2008-08-03 13:06 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-08-03 12:57 . 2008-08-03 13:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVGTOOLBAR
    2008-08-03 12:46 . 2008-08-03 12:46 <REP> d-------- C:\Program Files\AVG
    2008-08-03 12:46 . 2008-08-03 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-03 12:46 . 2008-08-03 12:46 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
    2008-08-03 12:46 . 2008-08-03 12:46 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
    2008-08-02 19:34 . 2008-08-02 19:34 130,432 --------- C:\WINDOWS\system32\zjrfwx.dll
    2008-07-26 08:26 . 2008-07-26 08:26 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-07-20 13:28 . 2008-07-20 14:21 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
    2008-07-20 13:20 . 2008-07-20 13:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Backup
    2008-07-20 13:19 . 2008-07-20 13:19 <REP> d-------- C:\Program Files\Panda Software
    2008-07-20 13:19 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
    2008-07-20 13:18 . 2008-07-20 15:11 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-07-20 13:11 . 2008-07-20 13:11 <REP> d-------- C:\Program Files\Sports Interactive
    2008-07-16 20:02 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-07-16 20:02 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-07-16 20:02 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-07-12 16:31 . 2008-07-12 23:16 4,204 --a------ C:\Documents and Settings\Administrateur\Application Data\mdb.bin
    2008-07-10 13:17 . 2008-07-10 13:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-02 13:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-07-20 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-20 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-06-15 23:39 --------- d-----w C:\Program Files\EA SPORTS
    2008-06-14 21:46 --------- d-----w C:\Program Files\eMule
    2008-06-14 18:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sports Interactive
    2008-06-14 18:30 --------- d-----w C:\Program Files\Kaspersky Lab
    2008-06-14 18:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-14 17:07 4,362 ---ha-w C:\aaw7boot.cmd
    2008-06-06 19:29 --------- d-----w C:\Program Files\TerraGame
    2008-06-06 19:11 --------- d-----w C:\Program Files\Fichiers communs\TerraGame Shared
    2008-05-31 16:33 2,920,242 --sh--w C:\WINDOWS\system32\gtxkuhcv.tmp
    2008-05-20 17:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2008-05-05 15:37 1,482,655 -csh--w C:\WINDOWS\system32\qmjkskdv.tmp
    2007-10-09 20:35 81,920 -c--a-w C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    2007-10-09 20:35 47,360 -c--a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
    2005-12-04 22:12 20,640 -c--a-w C:\WINDOWS\inf\pxhelp20.sys
    2002-07-01 14:13 243 -csha-w C:\Documents and Settings\All Users\Application Data\system16driver.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "Lyad"="C:\Program Files\Lyad Messenger\lyad_messenger.exe" [2007-02-06 16:07 774144]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:00 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 00:35 7634944]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-03 12:57 1177368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.imc"= imc32.acm
    "msacm.l3codecp"= l3codecp.acm
    "VIDC.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-03 12:58]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-03 12:58]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-03 12:57]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-03 12:57]
    R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-03 12:57]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-03 12:58]
    R2 ScFBPNT;CanoScan FBP Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT.SYS [2000-02-08 11:33]
    R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-03 12:46]
    S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-03 12:46]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
    S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-01-05 14:45]
    S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
    S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

    *Newly Created Service* - HELPSVC
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{95247e39-4a41-47e5-8651-3056bf0a3034} - (no file)
    BHO-{B59B5092-3B4A-47AA-9D7B-64F37CEF2312} - C:\WINDOWS\system32\tuvWqOEv.dll
    BHO-{C2700D3B-E9DC-418D-84F8-2214679EBD2A} - C:\WINDOWS\system32\khfETKCR.dll
    Toolbar-{95247e39-4a41-47e5-8651-3056bf0a3034} - (no file)
    WebBrowser-{95247E39-4A41-47E5-8651-3056BF0A3034} - (no file)
    HKCU-Run-Tplo - C:\WINDOWS\system32\MBOLS~1\spoolsv.exe
    Notify-cbXrsSJA - (no file)

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\gh7z1xmb.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npoji610.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
    FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-03 16:24:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-03 16:28:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-03 14:27:57

    Pre-Run: 87,025,291,264 octets libres
    Post-Run: 86,972,166,144 octets libres

    259 --- E O F --- 2008-04-15 13:22:12
    0
  17. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Toujours avec toutes les protections désactivées, fais ceci :

    Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    C:\WINDOWS\system32\zjrfwx.dll
    C:\WINDOWS\system32\gtxkuhcv.tmp
    C:\WINDOWS\system32\qmjkskdv.tmp
    C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    C:\WINDOWS\privacy_danger\index.htm

    Folder::
    C:\Program Files\Fichiers communs\BOONTY Shared

    Driver::
    Boonty Games

    ------------------------------------------------------------------

    - Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
    - Quitte le Bloc Notes

    · Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    0
  18. sarah1311 Messages postés 12 Statut Membre
     
    Désolée j'avais pas vu ton message

    j'ai suivi la demarche cependant je n'ai pas eu à choisir sur la fenetre entre 1 ou 2...le scan a quand meme eu lieu et l'ordi a redemarré. je t'envoie le rapport :

    ComboFix 08-08-02.01 - Administrateur 2008-08-03 19:14:01.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.524 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\C-Fix.exe
    Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\system32\gtxkuhcv.tmp
    C:\WINDOWS\system32\qmjkskdv.tmp
    C:\WINDOWS\system32\zjrfwx.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\WINDOWS\system32\gtxkuhcv.tmp
    C:\WINDOWS\system32\qmjkskdv.tmp
    C:\WINDOWS\system32\zjrfwx.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\system32\restore
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\system32\oobe
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\WINDOWS\srchasst
    2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-08-03 15:24 . 2008-08-03 15:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-03 15:24 . 2008-08-03 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-03 15:24 . 2008-08-03 15:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-08-03 15:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-03 15:24 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-03 15:04 . 2008-08-03 15:12 1,228 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-03 14:39 . 2008-08-03 14:55 <REP> d-------- C:\Program Files\Navilog1
    2008-08-03 13:08 . 2008-08-03 14:07 <REP> d--h----- C:\$AVG8.VAULT$
    2008-08-03 12:58 . 2008-08-03 12:58 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-03 12:58 . 2008-08-03 12:58 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-08-03 12:58 . 2008-08-03 12:58 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-08-03 12:58 . 2008-08-03 12:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-08-03 12:57 . 2008-08-03 13:06 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-08-03 12:57 . 2008-08-03 13:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVGTOOLBAR
    2008-08-03 12:46 . 2008-08-03 12:46 <REP> d-------- C:\Program Files\AVG
    2008-08-03 12:46 . 2008-08-03 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-03 12:46 . 2008-08-03 12:46 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
    2008-08-03 12:46 . 2008-08-03 12:46 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
    2008-07-26 08:26 . 2008-07-26 08:26 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-07-20 13:28 . 2008-07-20 14:21 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
    2008-07-20 13:20 . 2008-07-20 13:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Backup
    2008-07-20 13:19 . 2008-07-20 13:19 <REP> d-------- C:\Program Files\Panda Software
    2008-07-20 13:19 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
    2008-07-20 13:18 . 2008-07-20 15:11 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-07-20 13:11 . 2008-07-20 13:11 <REP> d-------- C:\Program Files\Sports Interactive
    2008-07-16 20:02 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-07-16 20:02 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-07-16 20:02 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-07-16 20:02 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-07-12 16:31 . 2008-07-12 23:16 4,204 --a------ C:\Documents and Settings\Administrateur\Application Data\mdb.bin
    2008-07-10 13:17 . 2008-07-10 13:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-02 13:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-07-20 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-20 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-06-15 23:39 --------- d-----w C:\Program Files\EA SPORTS
    2008-06-14 21:46 --------- d-----w C:\Program Files\eMule
    2008-06-14 18:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sports Interactive
    2008-06-14 18:30 --------- d-----w C:\Program Files\Kaspersky Lab
    2008-06-14 18:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-14 17:07 4,362 ---ha-w C:\aaw7boot.cmd
    2008-06-06 19:29 --------- d-----w C:\Program Files\TerraGame
    2008-06-06 19:11 --------- d-----w C:\Program Files\Fichiers communs\TerraGame Shared
    2008-05-20 17:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-10-09 20:35 47,360 -c--a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
    2002-07-01 14:13 243 -csha-w C:\Documents and Settings\All Users\Application Data\system16driver.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-03_16.27.43.37 )))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "Lyad"="C:\Program Files\Lyad Messenger\lyad_messenger.exe" [2007-02-06 16:07 774144]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:00 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 00:35 7634944]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-03 12:57 1177368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.imc"= imc32.acm
    "msacm.l3codecp"= l3codecp.acm
    "VIDC.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-03 12:58]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-03 12:58]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-03 12:57]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-03 12:57]
    R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-03 12:57]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-03 12:58]
    R2 ScFBPNT;CanoScan FBP Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT.SYS [2000-02-08 11:33]
    R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-03 12:46]
    S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-03 12:46]
    S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-01-05 14:45]
    S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
    S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-03 19:17:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-03 19:19:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-03 17:19:55
    ComboFix2.txt 2008-08-03 14:28:03

    Pre-Run: 86,855,917,568 octets libres
    Post-Run: 86,850,670,592 octets libres

    182 --- E O F --- 2008-04-15 13:22:12
    0
  19. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Très bien, peux-tu poster un nouveau rapport hijackthis stp ?
    0
  20. sarah1311 Messages postés 12 Statut Membre
     
    bonjour,

    je poste le dernier rapport hijackthis...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:16:05, on 04/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c1696de9b38b4583803aa8d469fefeeb
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c1696de9b38b4583803aa8d469fefeeb
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrateur\Mes documents\My Games\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrateur\Mes documents\My Games\PartyPoker\RunApp.exe (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  • 1
  • 2