Sujet Précédent Sujet Suivant

Win32/Adware.Virtumonde et Win32/PrivacyRemov

Fermé
ferdydurke69 Messages postés 6 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 20 août 2008 - 20 août 2008 à 11:08
ferdydurke69 Messages postés 6 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 20 août 2008 - 20 août 2008 à 15:51
Bonjour,

J'ai le même problème que liligui depuis lundi. Un fond d'écran que je ne pouvais enlever me disait : Warning ! Spyware on your computer ! et incrimine deux éléments : Win32/Adware.Virtumonde et Win32/PrivacyRemover.M64
Il m'a été demandé de télécharger un antivirus, ce que je n'ai pas fait. Mon onglet écran de veille avait également disparu. Outlook plantait souvent. Après avoir lancé Spybot plusieurs fois, l'ordinateur coupait systématiquement l'analyse en redémarrant.

J'ai fait une analyse avec malwarebytes : cela a enlevé le fond d'écran ci-dessus et j'ai pu récupérer les fonctionnalités de mon affichage. Oulook semble plus stable. Cependant, Spybote plante toujours au milieu et l'ordinateur redémarre toujours au même moment, c'est-a-dire à l'analyse du fichier Virtuamonde.dll. L'ordinateur a tendance à redémarrer assez fréquemment.
J'en déduis que le nettoyage n'est probablement pas terminé.

Si vous pouvez m'aider, je vous en serais particulièrement reconnaissant.

Ci-joint le dernier rapportmalwarebytes qui a réglé le problème de mon fond d'écran et de mes fonctionnalités d'affichage :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1071
Windows 5.1.2600 Service Pack 2

10:32:23 20/08/2008
mbam-log-08-20-2008 (10-32-23).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 98212
Temps écoulé: 30 minute(s), 6 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 17
Fichier(s) infecté(s): 73

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcnwbj0e3al.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnwbj0e3al (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\wuauclt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcnwbj0e3al.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcnwbj0e3al.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Agathe\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
A voir également:

6 réponses

Réponse 1 / 6
plm69 Messages postés 527 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 8 septembre 2008 17
20 août 2008 à 11:16
Il ta supprimer pas mal de virus

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 2 / 6
ferdydurke69 Messages postés 6 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 20 août 2008
20 août 2008 à 11:47
Merci pour ta réponse rapide et efficace.
Effectivement, mon ordinateur avait besoin d'un bon nettoyage !
j'ai effectué l'analyse de combofix. Dois-je réessayer spybot maintenant ?

Merci pour ton aide précieuse.

Voici le rapport de combofix :

ComboFix 08-08-18.05 - Benjamin 2008-08-20 11:29:42.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.236 [GMT 2:00]
Endroit: C:\Documents and Settings\Benjamin\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Agathe\Cookies\agathe@fnac[2].txt
C:\Documents and Settings\Agathe\Cookies\agathe@itea[2].txt
C:\Documents and Settings\Agathe\Cookies\agathe@tracker.affistats[2].txt
C:\Documents and Settings\Agathe\UserData
C:\Documents and Settings\Agathe\UserData\4VWAD3ZG\iconState[1].xml
C:\Documents and Settings\Agathe\UserData\index.dat
C:\Documents and Settings\Agathe\UserData\VIT9BFPS\showHideState[1].xml
C:\Documents and Settings\Benjamin\UserData
C:\Documents and Settings\Benjamin\UserData\index.dat
C:\Documents and Settings\Benjamin\UserData\O9YB89AV\oWindowsUpdate[1].xml
C:\Program Files\GamesBar\oberontb.dll
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\8.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-20 09:59 . 2008-08-20 09:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 09:59 . 2008-08-20 09:59 <REP> d-------- C:\Documents and Settings\Benjamin\Application Data\Malwarebytes
2008-08-20 09:59 . 2008-08-20 09:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 09:59 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-20 09:59 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-20 09:52 . 2008-08-20 09:52 <REP> d-------- C:\Program Files\Trend Micro
2008-08-20 09:24 . 2008-08-20 09:24 <REP> d-------- C:\_OTMoveIt
2008-08-20 08:39 . 2008-08-20 08:42 194 --a------ C:\WINDOWS\wininit.ini
2008-08-19 12:44 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-19 12:44 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-19 12:44 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-19 12:44 . 2004-08-16 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-19 12:44 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-19 12:44 . 2004-10-14 05:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-19 12:44 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-08-19 12:44 . 2004-10-14 05:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-08-19 12:44 . 2004-10-14 05:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-08-19 12:44 . 2008-08-19 12:44 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-19 12:11 . 2008-08-20 11:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-19 12:11 . 2008-08-20 11:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 19:20 . 2008-08-18 19:30 <REP> d-------- C:\Program Files\Navilog1
2008-08-18 17:21 . 2008-08-18 17:21 <REP> d-------- C:\WINDOWS\AU_Temp
2008-08-18 17:21 . 2006-02-26 21:36 17,073,135 --a------ C:\WINDOWS\LPT$VPN.233
2008-08-18 16:31 . 2008-08-20 08:39 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-13 16:16 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 09:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-20 09:30 --------- d-----w C:\Program Files\GamesBar
2008-08-20 09:24 --------- d-----w C:\Program Files\Wanadoo
2008-08-18 14:54 6,656 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-08-12 16:55 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-12 16:55 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-12 16:55 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-12 16:55 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-12 16:55 --------- d-----w C:\Program Files\Symantec
2008-08-12 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-03 06:27 --------- d-----w C:\Documents and Settings\Benjamin\Application Data\U3
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-22 10:43 --------- d-----w C:\Program Files\Midi2Wav Recorder
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-26 17:36 0 ----a-w C:\Documents and Settings\Benjamin\iphist.dat
2004-12-02 10:46 3,657,992 ----a-w C:\Program Files\eMule0.43b-Installer.exe
2004-11-27 13:03 990,720 ----a-w C:\Program Files\bootvis outils.msi
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 16:55 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-09-15 22:17 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-14 05:19 180269]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-05-13 10:28 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-05-13 10:28 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-05-13 10:28 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-14 05:15 98304]
"FD_SAP"="C:\WINDOWS\System32\Drivers\SAP\FD.exe" [2005-03-17 19:49 202240]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 00:49 718704]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2008-04-07 13:46:39 2117632]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 23:44:08 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-25 19:47]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2000-09-14 14:00]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18:20]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-18 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Benjamin.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]

2008-08-20 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []

2008-08-20 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-POINTER - point32.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\bydj12c2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:fr-FR:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 11:33:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-08-20 11:35:39
ComboFix-quarantined-files.txt 2008-08-20 09:35:36

Pre-Run: 78,237,007,872 octets libres
Post-Run: 78,729,613,312 octets libres

196 --- E O F --- 2008-08-13 17:53:43
0
Réponse 3 / 6
plm69 Messages postés 527 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 8 septembre 2008 17
20 août 2008 à 11:49
Plus de problemes ?
0
Réponse 4 / 6
ferdydurke69 Messages postés 6 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 20 août 2008
20 août 2008 à 14:42
pas de changement notable : l'ordinateur redémarre sans crirer gare en particulier lors de l'utilisation de spybot et de norton.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
plm69 Messages postés 527 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 8 septembre 2008 17
20 août 2008 à 14:46
desinstalle norton http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

apres le redemarre de l'ordi telcharge avira antivir https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

puis fais un scan
0
Réponse 6 / 6
ferdydurke69 Messages postés 6 Date d'inscription mercredi 20 août 2008 Statut Membre Dernière intervention 20 août 2008
20 août 2008 à 15:51
C'est fait : malheureusement le scan n'arrive pas à terme : l'ordinateur coupe l'analyse et redémarre.
J'en profite pour vous remercier une nouvelle fois de votre aide
0

Discussions similaires

Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
win32 bogent [susp]
hidalgo -
papajohn -

36 réponses