Sujet Précédent Sujet Suivant

Probleme virus alert a cote de l'horloge

Fermé
bclaude61 Messages postés 16 Date d'inscription jeudi 14 août 2008 Statut Membre Dernière intervention 16 août 2008 - 14 août 2008 à 20:29
 Utilisateur anonyme - 16 août 2008 à 17:30
Bonjour, j'ai un probleme de virus alert a cote de l'horloge qui bloque pratiquement tout mon pc que puis je faire resoudre ce prob

D'avance merci
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
Utilisateur anonyme
14 août 2008 à 20:30
Salut,

Télécharge HijackThis ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
Réponse 2 / 31
bclaude61
14 août 2008 à 20:42
Voila j'ai fait comme tu me l'a demandé voir rapport cidessous


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39: VIRUS ALERT!, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4EE21926-F035-4C18-AC90-20DECA53301C} - C:\WINDOWS\system32\sstqo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\system32\qomkhec.dll (file missing)
O2 - BHO: (no name) - {C3F48C1C-17A8-6D22-D25F-3AE607F00896} - C:\WINDOWS\system32\cih.dll (file missing)
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O2 - BHO: {15802ec0-fd65-7ef8-3c84-b6a8769ff5fc} - {cf5ff967-8a6b-48c3-8fe7-56df0ce20851} - C:\WINDOWS\system32\syadpo.dll (file missing)
O2 - BHO: QXK Olive - {D0372539-562E-4CC9-88E6-D524FA1203EE} - C:\WINDOWS\nfavxwdbqrp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F5673599-8749-4A3A-993A-02BF2289A19F} - C:\WINDOWS\system32\khfFWmjJ.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: emotigt - {B2F479AD-17DE-4F73-B844-7CF69003B916} - C:\WINDOWS\emotigt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: fdkowvbp - {65952D7F-B04B-4D60-99FF-77662FE2D2EF} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\w-w-w-dot-com\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\w-w-w-dot-com\wupda.exe" /background
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A332875-E8A8-4B90-922B-696304D7B1A1}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: icydlg.dll
O20 - Winlogon Notify: qomkhec - qomkhec.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xenkmhvw.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\xuwuelize.html
O24 - Desktop Component 1: (no name) - http://www.leroymerlin.fr/images/common/spacer.gif
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Compaq_Propri%C3%A9taire/Local%20Settings/Application%20Data/IM/Runtime/Message/%7BC809E8A3-EA5A-4B33-855B-2430783A5467%7D/Forward/STA501681.JPG
0
Réponse 3 / 31
Utilisateur anonyme
14 août 2008 à 20:45
ok on attaque :


# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

0
Réponse 4 / 31
bclaude61
14 août 2008 à 20:51
Ci joint le rapport tu me sauve la vie si ca marche

SmitFraudFix v2.336

Rapport fait à 20:48:02,92, 14/08/2008
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\bonsws.dll PRESENT !
C:\WINDOWS\ddkret.dll PRESENT !
C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

C:\DOCUME~1\COMPAQ~1\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\COMPAQ~1\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\COMPAQ~1\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Online Add-on\ PRESENT !
C:\Program Files\RichVideoCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Windows NT\\xuwuelize.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.leroymerlin.fr/images/common/spacer.gif"
"SubscribedURL"="http://www.leroymerlin.fr/images/common/spacer.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="file:///C:/Documents%20and%20Settings/Compaq_Propri%C3%A9taire/Local%20Settings/Application%20Data/IM/Runtime/Message/%7BC809E8A3-EA5A-4B33-855B-2430783A5467%7D/Forward/STA501681.JPG"
"SubscribedURL"="file:///C:/Documents%20and%20Settings/Compaq_Propri%C3%A9taire/Local%20Settings/Application%20Data/IM/Runtime/Message/%7BC809E8A3-EA5A-4B33-855B-2430783A5467%7D/Forward/STA501681.JPG"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: nfavxwdbqrp.dll
BHO: QXK Olive - {D0372539-562E-4CC9-88E6-D524FA1203EE}
TypeLib: {8FCD2827-6798-4C8B-8FA8-96069AC330C0}
Interface: {0C6E8BB3-E68F-4662-B9E1-DFDEF4350C5C}
Interface: {7E5C527E-2F15-45F1-9311-16830DA072B7}

[!] Suspicious: fdkowvbp.dll
Toolbar: fdkowvbp - {65952D7F-B04B-4D60-99FF-77662FE2D2EF}
TypeLib: {0E3A4B49-ED0E-4A12-8A7A-12B8709F857C}
Interface: {94EC2066-689A-4DA7-A3D4-3C8FC07BAC0A}
Classe: fdkowvbp.blrx
Classe: fdkowvbp.ToolBar.1


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="icydlg.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 205.188.146.145

Description: Thomson ST Remote NDIS Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{067E6AF2-1B4A-41E5-B2D2-008DA9E345C1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A332875-E8A8-4B90-922B-696304D7B1A1}: NameServer=205.188.146.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{067E6AF2-1B4A-41E5-B2D2-008DA9E345C1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A332875-E8A8-4B90-922B-696304D7B1A1}: NameServer=205.188.146.145
HKLM\SYSTEM\CS3\Services\Tcpip\..\{067E6AF2-1B4A-41E5-B2D2-008DA9E345C1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
Utilisateur anonyme
14 août 2008 à 20:53
tu me sauve la vie si ca marche

oui ça va marcher mais on va devoir utiliser plusieures outils

# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
0
Réponse 6 / 31
bclaude61
14 août 2008 à 21:16
ci joint le rapport en mode sans echec ca a duré longtemps desole


SmitFraudFix v2.336

Rapport fait à 21:03:51,25, 14/08/2008
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\nfavxwdbqrp.dll deleted.
C:\WINDOWS\fdkowvbp.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\bonsws.dll supprimé
C:\WINDOWS\ddkret.dll supprimé
ddkret not found.
Problème suppression C:\WINDOWS\privacy_danger
C:\DOCUME~1\COMPAQ~1\Favoris\Error Cleaner.url supprimé
C:\DOCUME~1\COMPAQ~1\Favoris\Privacy Protector.url supprimé
C:\DOCUME~1\COMPAQ~1\Favoris\Spyware?Malware Protection.url supprimé
C:\Program Files\Online Add-on\ supprimé
C:\Program Files\RichVideoCodec\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{067E6AF2-1B4A-41E5-B2D2-008DA9E345C1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{067E6AF2-1B4A-41E5-B2D2-008DA9E345C1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{067E6AF2-1B4A-41E5-B2D2-008DA9E345C1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 7 / 31
Utilisateur anonyme
14 août 2008 à 21:18
Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 8 / 31
bclaude61 Messages postés 16 Date d'inscription jeudi 14 août 2008 Statut Membre Dernière intervention 16 août 2008
14 août 2008 à 21:45
desole mais ca dure longtemps j'espere que tu ne va pas partir lol
0
Réponse 9 / 31
Utilisateur anonyme
14 août 2008 à 21:48
non t inkietes pas

oublie pas de "supprimer la selection" a la fin du scan ...
0
Réponse 10 / 31
bclaude61 Messages postés 16 Date d'inscription jeudi 14 août 2008 Statut Membre Dernière intervention 16 août 2008
14 août 2008 à 22:18
51 elements infectes mais pas encore finit
0
Réponse 11 / 31
Utilisateur anonyme
14 août 2008 à 22:20
Une fois j ai vu 2000 et des poussieres ... imagine lol
0
Réponse 12 / 31
bclaude61
14 août 2008 à 23:14
Voila enfin finit ci dessous le rapport



Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1053
Windows 5.1.2600 Service Pack 2

23:04:55 14/08/2008
mbam-log-8-14-2008 (23-04-48).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 143498
Temps écoulé: 1 hour(s), 37 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 61
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 17
Fichier(s) infecté(s): 96

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf5ff967-8a6b-48c3-8fe7-56df0ce20851} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cf5ff967-8a6b-48c3-8fe7-56df0ce20851} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6651b20f-474e-4bad-86a2-a533274df356} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{46be135c-8a32-46c9-9420-3018df1bc3cb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{143487c6-a7c9-43a8-b1c8-8371498da9eb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9aac56c8-e011-4880-b232-d2025e7fdf6b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\emotigt.bwsd (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\emotigt.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b2f479ad-17de-4f73-b844-7cf69003b916} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1 (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1.1 (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wintouch (Adware.WinPop) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DBReg (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ugcw (Rogue.WinSecureAv) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Insider (Adware.DnsInsider) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAble (Trojan.Adloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Words (Adware.Rond) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WinTouch (Adware.WinPop) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\websupdater (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b2f479ad-17de-4f73-b844-7cf69003b916} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdater (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Words (Adware.Rond) -> No action taken.
C:\Program Files\dbar (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> No action taken.
C:\Program Files\Router (Trojan.Downloader) -> No action taken.
C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch (Adware.WinPop) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0} (Adware.SoftMate) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\Cache (Adware.SoftMate) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\syadpo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eddfqprv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vrpqfdde.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gwvqurcf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fcruqvwg.ini (Trojan.Vundo) -> No action taken.
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> No action taken.
C:\Program Files\w-w-w-dot-com\wupda.exe (Adware.SoftMate) -> No action taken.
C:\WINDOWS\system32\WinNB58.dll (Adware.Mirar) -> No action taken.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Local Settings\Temporary Internet Files\Content.IE5\ED0DGTMZ\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\nsa1B.tmp\Dialer.dll (Adware.SoftMate) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\nsa1B.tmp\InetLoad.dll (Adware.SoftMate) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\05ORHGKE\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\05ORHGKE\kb456456[2] (Trojan.Vundo) -> No action taken.
C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> No action taken.
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP219\A0044658.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP219\A0044661.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP220\A0044662.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP220\A0044663.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044666.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044667.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044669.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044671.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044672.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044673.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044675.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044677.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044678.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044680.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044752.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044681.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\b122.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\b151.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\jcxloamx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\deocpc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\drivers\Windi05.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Words\list.txt (Adware.Rond) -> No action taken.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> No action taken.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> No action taken.
C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch\WinTouch.exe (Adware.WinPop) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch\WTUninstaller.exe (Adware.WinPop) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\local.xml (Adware.SoftMate) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\log.txt (Adware.SoftMate) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\version.ini (Adware.SoftMate) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> No action taken.
C:\Program Files\w-w-w-dot-com\update.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\rs.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM1faf491a.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\oqtss.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\b149.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Angele\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
0
Réponse 13 / 31
Utilisateur anonyme
14 août 2008 à 23:20
No action taken. t as supprimé ??
0
Réponse 14 / 31
bclaude61
14 août 2008 à 23:26
oui j'ai supprimer comme tu me la marquer et il m'a demander de redemarer ce que j'ai aussi fait pourkoi ??
0
Réponse 15 / 31
Utilisateur anonyme
14 août 2008 à 23:29
car là c est le rapport avant suppression

réouvre malewarebyte
va sur quarantaine
supprime tout


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 16 / 31
bclaude61
14 août 2008 à 23:29
Desole j'avais copier le rapport avant la supprerssion voila le nouveau


Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1053
Windows 5.1.2600 Service Pack 2

23:06:02 14/08/2008
mbam-log-8-14-2008 (23-06-02).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 143498
Temps écoulé: 1 hour(s), 37 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 61
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 17
Fichier(s) infecté(s): 96

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> Delete on reboot.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf5ff967-8a6b-48c3-8fe7-56df0ce20851} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cf5ff967-8a6b-48c3-8fe7-56df0ce20851} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6651b20f-474e-4bad-86a2-a533274df356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{46be135c-8a32-46c9-9420-3018df1bc3cb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{143487c6-a7c9-43a8-b1c8-8371498da9eb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9aac56c8-e011-4880-b232-d2025e7fdf6b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotigt.bwsd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\emotigt.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2f479ad-17de-4f73-b844-7cf69003b916} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wintouch (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugcw (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Words (Adware.Rond) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\websupdater (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b2f479ad-17de-4f73-b844-7cf69003b916} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdater (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Words (Adware.Rond) -> Quarantined and deleted successfully.
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\Router (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0} (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\syadpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eddfqprv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrpqfdde.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gwvqurcf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcruqvwg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\w-w-w-dot-com\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinNB58.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Local Settings\Temporary Internet Files\Content.IE5\ED0DGTMZ\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\nsa1B.tmp\Dialer.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\nsa1B.tmp\InetLoad.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\05ORHGKE\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\05ORHGKE\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP219\A0044658.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP219\A0044661.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP220\A0044662.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP220\A0044663.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044666.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044672.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044675.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044677.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044678.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044680.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044752.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP221\A0044681.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\b122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b151.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jcxloamx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deocpc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Windi05.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Words\list.txt (Adware.Rond) -> Quarantined and deleted successfully.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch\WinTouch.exe (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinTouch\WTUninstaller.exe (Adware.WinPop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Deskbar_{BC608263-FDE7-418b-AC7E-DE18523124E0}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\w-w-w-dot-com\update.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1faf491a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqtss.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\b149.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angele\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
0
Réponse 17 / 31
Utilisateur anonyme
14 août 2008 à 23:31
LA SUITE :

http://www.commentcamarche.net/forum/affich 7901708 probleme virus alert a cote de l horloge#15
0
Réponse 18 / 31
bclaude61 Messages postés 16 Date d'inscription jeudi 14 août 2008 Statut Membre Dernière intervention 16 août 2008
14 août 2008 à 23:55
voila le rapport de combofix


ComboFix 08-08-14.01 - Compaq_Propriétaire 2008-08-14 23:35:43.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.451 [GMT 2:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\3MNM8E7Z\interclick.com
C:\Documents and Settings\Compaq_Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\3MNM8E7Z\interclick.com\ud.sol
C:\Documents and Settings\Compaq_Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Compaq_Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Compaq_Propriétaire\Cookies.\compaq_propriétaire@ad.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Propriétaire\Cookies.\compaq_propriétaire@winanonymous[2].txt
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Antivirus 2008 PRO
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\STEM32~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\dat.txt
C:\WINDOWS\IA
C:\WINDOWS\oprevtdp.dll
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\agiqqdit.ini
C:\WINDOWS\system32\aluyxjtd.ini
C:\WINDOWS\system32\dhswwhdp.ini
C:\WINDOWS\system32\eecvtwyb.ini
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\gdtvkoju.ini
C:\WINDOWS\system32\hkcsfmlc.ini
C:\WINDOWS\system32\ibxiboyk.ini
C:\WINDOWS\system32\icydlg.dll
C:\WINDOWS\system32\ivstjdvq.ini
C:\WINDOWS\system32\jemgrouf.ini
C:\WINDOWS\system32\JjmWFfhk.ini
C:\WINDOWS\system32\JjmWFfhk.ini2
C:\WINDOWS\system32\ktmgenks.ini
C:\WINDOWS\system32\kuhwwcpc.ini
C:\WINDOWS\system32\mqcxcpxc.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ohjkcylw.ini
C:\WINDOWS\system32\olbcengn.ini
C:\WINDOWS\system32\oqtss.ini2
C:\WINDOWS\system32\pxeaksph.ini
C:\WINDOWS\system32\rekdceln.ini
C:\WINDOWS\system32\rinceaxc.ini
C:\WINDOWS\system32\rohurvwo.ini
C:\WINDOWS\system32\sehyshtx.ini
C:\WINDOWS\system32\sirohqut.dll
C:\WINDOWS\system32\tiiobqta.ini
C:\WINDOWS\system32\vrqxadte.ini
C:\WINDOWS\system32\wcpsvtr32.exe
C:\WINDOWS\system32\wgdjcwas.ini
C:\WINDOWS\system32\wxcyakdg.ini
C:\WINDOWS\system32\xkrucqjw.ini
C:\WINDOWS\system32\yqhbkunh.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
.

2008-08-14 23:42 . 2008-08-14 23:42 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2008-08-14 21:25 . 2008-08-14 21:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 21:25 . 2008-08-14 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 21:25 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 21:25 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 20:48 . 2008-08-14 21:04 3,820 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-14 20:38 . 2008-08-14 20:38 <REP> d-------- C:\Program Files\Trend Micro
2008-07-27 15:56 . 2008-07-27 15:56 <REP> d-------- C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Application Data\TmpRecentIcons
2008-07-25 21:53 . 2008-08-14 23:05 <REP> d-------- C:\Program Files\w-w-w-dot-com
2008-07-22 21:49 . 2008-07-22 21:49 43,521 ---hs---- C:\WINDOWS\system32\iwwrabcd.ini
2008-07-21 19:51 . 2008-07-21 19:51 43,521 ---hs---- C:\WINDOWS\system32\klllbkki.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 21:41 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-27 14:00 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-07-27 14:00 --------- d-----w C:\Program Files\AOL 9.0
2008-07-10 18:09 --------- d-----w C:\Documents and Settings\Angele.NOM-D3A4C94E6FD\Application Data\AOL
2008-07-06 13:28 --------- d-----w C:\Program Files\AOL Compagnon
2008-07-06 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-06 13:26 --------- d-----w C:\Program Files\Viewpoint
2008-07-06 13:26 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-07-06 13:26 --------- d-----w C:\Program Files\AOL Toolbar
2008-07-06 13:25 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
1995-09-20 15:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2008-01-22 20:21 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-18 21:16 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 14:03 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 14:03 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-08 21:31 286720]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 21:23 4603904]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-02 01:31 98304]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-12-25 15:52 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-06 23:49 368640]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-04-26 17:40 75776]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 05:25 496752]
"nwiz"="nwiz.exe" [2004-09-29 21:23 921600 C:\WINDOWS\system32\nwiz.exe]
"SiSPower"="SiSPower.dll" [2004-09-24 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=icydlg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingl84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuj73.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=

R3 GT680xNT;USB Scanner Driver;C:\WINDOWS\system32\drivers\gt680x.sys [2002-10-04 01:32]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S0 Windi05;Windi05;C:\WINDOWS\system32\Drivers\Windi05.sys []
S0 Wingl84;Wingl84;C:\WINDOWS\system32\Drivers\Wingl84.sys []
S0 Winrx05;Winrx05;C:\WINDOWS\system32\Drivers\Winrx05.sys []
S0 Winuj73;Winuj73;C:\WINDOWS\system32\Drivers\Winuj73.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-14 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{4EE21926-F035-4C18-AC90-20DECA53301C} - C:\WINDOWS\system32\sstqo.dll
BHO-{C3F48C1C-17A8-6D22-D25F-3AE607F00896} - C:\WINDOWS\system32\cih.dll
BHO-{F5673599-8749-4A3A-993A-02BF2289A19F} - C:\WINDOWS\system32\khfFWmjJ.dll
HKCU-Run-Magentic - C:\PROGRA~1\Magentic\bin\Magentic.exe
HKLM-Run-Salestart(1) - C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe dm=http://erreurchasseur.com ad=http://erreurchasseur.com
Notify-qomkhec - qomkhec.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 23:43:03
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\TechCity Solutions\AOLSAV\AOLAgent.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-14 23:51:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 21:51:29

Pre-Run: 137,587,007,488 octets libres
Post-Run: 137,954,856,960 octets libres

215 --- E O F --- 2008-08-14 16:59:05
0
Réponse 19 / 31
Utilisateur anonyme
15 août 2008 à 00:07
Copie le texte ci-dessous :


File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\iwwrabcd.ini
C:\WINDOWS\system32\klllbkki.ini
C:\WINDOWS\system32\Drivers\Windi05.sys
C:\WINDOWS\system32\Drivers\Wingl84.sys
C:\WINDOWS\system32\Drivers\Winrx05.sys
C:\WINDOWS\system32\Drivers\Winuj73.sys

Folder::
C:\Program Files\w-w-w-dot-com
C:\Program Files\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Driver::
Windi05
Wingl84
Winrx05
Winuj73




Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.


0
bclaude61 Messages postés 16 Date d'inscription jeudi 14 août 2008 Statut Membre Dernière intervention 16 août 2008
15 août 2008 à 15:51
Desole j'ai ete deconecte hier soir mon modem a coupe il n'avait plus envi comme qu'on pourrait faire pour continuer

par contre je suis pas chez moi je voulait juste t'informer de ce qu'il m'est arriver entierement desole
0
Réponse 20 / 31
Utilisateur anonyme
15 août 2008 à 15:55
t as fait l opération avec combofix ?
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
horloge radiopilotée
papypounet -
Raspou -

13 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
HP Battery ALERT
Gershia -
Gershia -

2 réponses