Pop-up/Trojans Besoin d'aide s'il vous plait

Wonsul -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
Dernierement j'ai beaucoup de page de pub apparaissant en plein milieu de mon écran (ce qui est tres déplaisant), j'ai essayé plusieurs anti virus tel que kapersky et nod32 mais rien n'y fait.

Aussi voici le rapport hijackthis, j'espere que cela vous inspirera une démarche a suivre pour suprimer ces virus , merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:26, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O4 - HKLM\..\Run: [BM1b275ac6] Rundll32.exe "C:\WINDOWS\system32\ovjmeivi.dll",s
O4 - HKLM\..\Run: [{8b95654c-d415-cb3a-2ae6-8a037aaf4561}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\aljmhaufwigrngt.dll" DllStub
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 2054 bytes
Configuration: Windows XP
Internet Explorer 6.0

9 réponses

  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    - A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    - Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme

    Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec". Choisis ta session habituelle

    Lance Malwarebyte's Anti-Malware
    - Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
    - Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    - A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
    - Suppression des éléments détectés --> clique sur Supprimer la sélection
    - S'il t'es demandé de redémarrer, clique sur Yes

    Poste le rapport de scan après la suppression ici

    0
  2. Wonsul
     
    Merci pour la réponse rapide !
    Voici donc le rapport

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1142
    Windows 5.1.2600 Service Pack 2

    12/09/2008 16:07:58
    mbam-log-2008-09-12 (16-07-53).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 87794
    Temps écoulé: 43 minute(s), 19 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 32
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 34

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifefetn (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> No action taken.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1b275ac6 (Trojan.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> No action taken.

    Dossier(s) infecté(s):
    C:\Program Files\webHancer (Adware.Webhancer) -> No action taken.
    C:\Program Files\webHancer\Programs (Adware.Webhancer) -> No action taken.
    C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
    C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\wDeddccf.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\wDeddccf.ini2 (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\mheaap.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\dgsxtmvx.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\xvmtxsgd.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\lpcaps.dll (Trojan.BHO.H) -> No action taken.
    C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> No action taken.
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4TYVGPIB\nd82m0[1] (Trojan.Vundo.H) -> No action taken.
    C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010445.dll (Trojan.Vundo.H) -> No action taken.
    C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010450.exe (Trojan.DNSChanger) -> No action taken.
    C:\WINDOWS\system32\buodbldr.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\fccAQkIx.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\jvchseom.dll (Trojan.Vundo.H) -> No action taken.
    C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> No action taken.
    C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> No action taken.
    C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> No action taken.
    C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> No action taken.
    C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> No action taken.
    C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
    C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\ovjmeivi.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> No action taken.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BM1b275ac6.xml (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BM1b275ac6.txt (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
    0
  3. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Le rapport indique "No action taken"

    Peux-tu poster le rapport qui a suivi la suppression ? Tu peux le retrouver en relançant MalwareBytes', dans l'onglet rapports/logs
    0
  4. Wonsul
     
    Oui dsl voila :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1142
    Windows 5.1.2600 Service Pack 2

    12/09/2008 16:08:28
    mbam-log-2008-09-12 (16-08-28).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 87794
    Temps écoulé: 43 minute(s), 19 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 32
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 34

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{38d66a89-902b-4bc3-9a4d-69aa50f300a2} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifefetn (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f6798eaf-a17e-4037-a6b9-056edc6295bd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4b5f4a87-01a0-42be-9d16-47607d729641} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ffe90fb-0431-4ed5-af76-8bf8ae7e0b35} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1b275ac6 (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccddedw -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\fccddeDw.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\wDeddccf.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\wDeddccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifefETN.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\mheaap.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dgsxtmvx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xvmtxsgd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lpcaps.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4TYVGPIB\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010445.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E4BA6A58-8171-4559-983D-FFB034758B43}\RP13\A0010450.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\buodbldr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fccAQkIx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jvchseom.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ovjmeivi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM1b275ac6.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM1b275ac6.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu as bien fait ce scan en mode sans échec ?

    1) Télécharge ToolsCleaner</gras> sur ton bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé :
    ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
    Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
    Tu peux aussi supprimer les fichiers temporaires.
    Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).

    Redémarre ton ordinateur

    Puis télécharge à nouveau hijackthis sur ton bureau : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/

    Installe le, puis fais ceci avant de le lancer (c'est important !) :
    Va dans le menu démarrer --> Poste de travail --> disque local C --> Program Files --> Trend Micro --> Hijackthis --> cherche hijackthis.exe et fais un clic droit dessus --> renomme le en Jack.exe

    Ensuite lance le et clique sur "Do a system scan and save a logfile".
    Fais un copier-coller du rapport entier sur le forum

    2) Ensuite, on va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

    Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
    Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    !! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
    Dans ton cas, il s'agit de NOD 32

    ---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :
    double-clique sur C-Fix.exe (= combofix.exe ) .

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    0
  7. Wonsul
     
    oui il a etait fait en mode sans echec, merci je vai suivre cette procédure.
    0
  8. Wonsul
     
    Voici le rapport jack, je continu sur la procédur 2) ,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:34:04, on 12/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\Jack.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: bambanner browser enhancer - {5a747444-391d-0b1d-e286-e275041f3d04} - C:\WINDOWS\system32\aljmhaufwigrngt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
    O4 - HKLM\..\Run: [{8b95654c-d415-cb3a-2ae6-8a037aaf4561}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\aljmhaufwigrngt.dll" DllStub
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    0
  9. Wonsul
     
    Et voici le rapport de combo fix :

    ComboFix 08-09-10.04 - Administrateur 2008-09-12 16:38:21.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.287 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\C-Fix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[2].txt
    C:\install\install.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\pybmdnms.ini
    C:\WINDOWS\system32\rtl60.bpl

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-12 15:17 . 2008-09-12 15:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-12 15:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-12 15:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-12 14:06 . 2008-09-12 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-12 14:01 . 2008-09-12 14:01 <REP> d-------- C:\Program Files\Yahoo!
    2008-09-12 14:00 . 2008-09-12 16:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-12 13:03 . 2008-09-12 13:03 <REP> d-------- C:\Program Files\ESET
    2008-09-12 13:03 . 2008-09-12 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-09-12 12:55 . 2008-09-12 12:55 <REP> d-------- C:\Program Files\POPUPKILLER
    2008-09-12 12:49 . 2008-09-12 12:49 <REP> d-------- C:\Program Files\crocpopup+
    2008-09-12 12:49 . 1998-06-24 00:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
    2008-09-12 11:40 . 2008-09-12 11:40 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-09-12 11:37 . 2008-09-12 11:53 <REP> d--hs---- C:\WINDOWS\Qm9vbXNjdWQ
    2008-09-12 11:36 . 2008-09-12 12:49 <REP> d-------- C:\WINDOWS\system32\res
    2008-09-12 11:36 . 2008-09-12 13:37 <REP> d-------- C:\WINDOWS\system32\mC19
    2008-09-12 11:36 . 2008-09-12 11:36 <REP> d-------- C:\WINDOWS\system32\gui
    2008-09-12 11:36 . 2008-09-12 12:32 <REP> d-------- C:\WINDOWS\system32\101
    2008-09-12 11:36 . 2008-09-12 11:36 <REP> d-------- C:\Temp\mtc2
    2008-09-12 11:36 . 2008-09-12 16:38 <REP> d-------- C:\Temp
    2008-09-12 11:36 . 2008-09-12 11:36 71,711 --a------ C:\WINDOWS\system32\gtskdpplyz.exe
    2008-09-10 18:35 . 2008-09-10 18:35 <REP> d-------- C:\Program Files\Common Files
    2008-09-10 18:35 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-09-10 18:35 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-09-09 18:30 . 2008-09-09 18:30 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-09-09 18:30 . 2008-09-09 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-09 00:18 . 2008-09-09 13:57 <REP> d-------- C:\Program Files\Silkroad
    2008-09-08 22:47 . 2008-09-09 18:32 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
    2008-09-08 22:46 . 2008-09-08 22:46 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-09-08 22:44 . 2008-09-08 22:46 <REP> d-------- C:\Program Files\Windows Live
    2008-09-08 22:44 . 2008-09-08 22:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-08 22:43 . 2008-09-08 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-08 22:10 . 2008-09-08 22:34 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-08 22:09 . 2008-09-08 22:09 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-09-08 22:09 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-09-08 22:06 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2008-09-08 22:06 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-09-08 22:06 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-09-08 22:06 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-09-08 22:06 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-09-08 21:57 . 2008-09-08 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-09-08 21:57 . 2008-09-12 11:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Azureus
    2008-09-08 21:45 . 2008-09-08 21:45 <REP> d-------- C:\Program Files\Vuze
    2008-09-08 19:39 . 2008-09-08 19:39 <REP> d-------- C:\Program Files\Games-Masters.com
    2008-09-08 19:22 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
    2008-09-08 19:21 . 2008-09-08 19:22 <REP> d-------- C:\Program Files\VIA
    2008-09-08 19:21 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
    2008-09-08 19:18 . 2008-09-08 19:18 <REP> d-------- C:\Program Files\ma-config.com
    2008-09-08 19:18 . 2008-09-08 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-09-08 19:15 . 2008-09-08 19:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-08 19:15 . 2008-09-12 11:36 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-09-08 19:14 . 2008-09-08 19:14 <REP> d-------- C:\Program Files\Webteh
    2008-09-08 19:14 . 2008-09-08 19:15 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
    2008-09-08 19:14 . 2008-09-08 19:15 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
    2008-09-08 19:12 . 2008-09-08 19:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
    2008-09-08 19:06 . 2008-09-08 19:06 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-09-08 19:05 . 2008-09-08 19:05 <REP> d--h----- C:\Program Files\InstallShield Installation Information
    2008-09-08 19:05 . 2008-09-08 19:08 <REP> d-------- C:\Program Files\ATI Technologies
    2008-09-08 19:05 . 2005-05-03 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-09-08 19:05 . 2005-05-04 07:04 299,008 -ra------ C:\WINDOWS\system32\atiiiexx.dll
    2008-09-08 19:05 . 2005-04-08 22:42 87,540 -ra------ C:\WINDOWS\system32\atiicdxx.dat
    2008-09-08 19:05 . 2005-05-02 14:07 5,396 -ra------ C:\WINDOWS\system32\atifglpf.xml
    2008-09-08 19:04 . 2008-09-08 19:08 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
    2008-09-08 19:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-09-08 19:03 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
    2008-09-08 19:00 . 2008-09-08 19:00 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-09-08 19:00 . 2008-09-08 19:00 <REP> d-------- C:\Program Files\Ahead
    2008-09-08 19:00 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-09-08 19:00 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-09-08 19:00 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-09-08 19:00 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-09-08 19:00 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-09-08 19:00 . 2001-07-09 11:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
    2008-09-08 19:00 . 2004-03-03 21:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-09-08 19:00 . 2000-06-26 11:45 106,496 -ra------ C:\WINDOWS\system32\TwnLib20.dll
    2008-09-08 19:00 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-09-08 19:00 . 2004-03-03 21:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\WINDOWS\system32\aljmhaufwigrngt.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-12 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-09-08 18:45 --------- d-----w C:\Program Files\Google
    2008-09-08 16:54 --------- d-----w C:\Program Files\microsoft frontpage
    2008-09-08 16:52 --------- d-----w C:\Program Files\Services en ligne
    2005-07-29 14:24 472 --sha-r C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs
    .

    ------- Sigcheck -------

    2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
    2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a747444-391d-0b1d-e286-e275041f3d04}]
    2008-08-29 14:11 166400 --a------ C:\WINDOWS\system32\aljmhaufwigrngt.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 39408]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "{8b95654c-d415-cb3a-2ae6-8a037aaf4561}"="C:\WINDOWS\system32\aljmhaufwigrngt.dll" [2008-08-29 166400]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://google.fr/
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-12 16:40:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-12 16:41:36
    ComboFix-quarantined-files.txt 2008-09-12 14:41:30

    Pre-Run: 88,730,087,424 octets libres
    Post-Run: 89,702,232,064 octets libres

    160
    0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Désolé pour le délai de réponse :(

    Tu n'avais pas désactivé ton antivirus lors du scan avec Combofix ! Je vais te demander de le relancer, cette fois, désactive le correctement...

    Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    C:\WINDOWS\Qm9vbXNjdWQ\kA6Svrh3xqk.vbs
    C:\WINDOWS\system32\aljmhaufwigrngt.dll
    C:\WINDOWS\system32\gtskdpplyz.exe

    Folder::
    C:\WINDOWS\Qm9vbXNjdWQ
    C:\Temp\mtc2
    C:\WINDOWS\system32\mC19

    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a747444-391d-0b1d-e286-e275041f3d04}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "{8b95654c-d415-cb3a-2ae6-8a037aaf4561}"=-

    ------------------------------------------------------------------

    - Enregistre ce fichier sur ton bureau (et pas ailleurs !) sous le nom CFScript.txt
    - Quitte le Bloc Notes

    · Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    0