Sujet Précédent Sujet Suivant

Pb de fenetre pub intempestives

guigui281268 -  
 guigui281268 -
Bonjour,

En parcourant le forum à la recherche d'une solution pour arreter d'avoir en permanence des fenetre de pub et de soit disant antivirus qui apparraissent je suis tomber sur un message me donnatn un lien me permettant de creer u rapport qui apparement aide pour solutionner ce pb, est-ce que quelqu'un peut m'aider ??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41:21, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GUILLAUME\Mes documents\Mes fichiers reçus\marie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {04578D8D-6130-411B-BEE5-DFF22903F732} - C:\WINDOWS\system32\nnnmjigf.dll
O2 - BHO: (no name) - {04a12f05-b47b-41cc-a3ac-77043900a361} - (no file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21526C73-065C-4DC1-A409-07C6DD87BC2F} - (no file)
O2 - BHO: (no name) - {45BD6287-51B5-495C-9856-9F2CA3976F6D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {8201ce80-8bed-fd99-5014-5bc93404a068} - {860a4043-9cb5-4105-99df-deb808ec1028} - C:\WINDOWS\system32\nbbzti.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)
O2 - BHO: (no name) - {DF5778B0-4BDD-4922-AB5E-F733267245DD} - C:\WINDOWS\system32\geBsrSjI.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM8389b7de] Rundll32.exe "C:\WINDOWS\system32\imcwqvfc.dll",s
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [{2edf7f6e-828a-e517-385a-b25ca7d71a25}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\prjvrmtoojhurpsz.dll" DllStub
O4 - HKLM\..\Run: [80ba8442] rundll32.exe "C:\WINDOWS\system32\nheyljbl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: nbbzti.dll
O20 - Winlogon Notify: nnnmjigf - C:\WINDOWS\SYSTEM32\nnnmjigf.dll
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
A voir également:

50 réponses

Réponse 1 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Salut,

Infection Vundo.

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
0
Réponse 2 / 50
guigui281268
 
merci j'essaye de suite
0
Réponse 3 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Si Tea Timer te demande quelque chose, accepte.
0
Réponse 4 / 50
guigui281268
 
ok, j'ai effectué malwarebytes et je colle le rapport, spybot m'a demandé sur certain point d'accepter ou non les modifs, j'ai cliqué sur accépté, j'espère que j'ai bien fait !!

malwarebytes me signale qu'il y a quelques elements qu'il ne peut supprimer et que pour cela il fat redemarer l'ordi? j'attends tes precieux conseils
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 50
guigui281268
 
pardon j'ai oublié de coller le rapport

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1159
Windows 5.1.2600 Service Pack 2

16/09/2008 08:08:01
mbam-log-2008-09-16 (08-08-01).txt

Type de recherche: Examen rapide
Eléments examinés: 95147
Temps écoulé: 15 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmjigf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0705a77a-c085-4bf2-bab2-a8551324a024} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b523c5e1-7df6-408f-ae8c-e530a6ed92cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwea32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8389b7de (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80ba8442 (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsrsji -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsrsji -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IjSrsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IjSrsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mowiwmyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vlyhgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmNFwT.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQhIYo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlkqfsrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqbddavc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqawof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvbsvjuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBssQjj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjveggav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zfujro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winwea32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8389b7de.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8389b7de.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 6 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
"spybot m'a demandé sur certain point d'accepter ou non les modifs, j'ai cliqué sur accépté, j'espère que j'ai bien fait !!"
---> Je t'avais prévenu dans le message juste au-dessus.

---> Redémarre ton PC
0
Réponse 7 / 50
guigui281268
 
ok je redemare et je reviens
0
Réponse 8 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Ok.
0
Réponse 9 / 50
guigui281268
 
ok je suis revenu et spybot m'a redemandé et j'ai accepté, par contre j'ai eu deux messages d'erreur windows dll ?
0
Réponse 10 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
On va passer à ComboFix.

Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot

Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 11 / 50
guigui281268
 
ok je fais tout ça et je reviens, en tout cas merci pour ta gentillesse
0
Réponse 12 / 50
guigui281268
 
ce fut long mais voila le rapport de combofix

ComboFix 08-09-15.02 - GUILLAUME 2008-09-16 8:28:49.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.665 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\GUILLAUME\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ELODIE\Cookies\elodie@bluestreak[2].txt
C:\Documents and Settings\ELODIE\Cookies\elodie@edt02[2].txt
C:\Documents and Settings\ELODIE\Cookies\elodie@ehg-citenumerique.hitbox[1].txt
C:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\QUENTIN\Cookies\quentin@bluestreak[1].txt
C:\Documents and Settings\QUENTIN\Cookies\quentin@edt02[1].txt
C:\Documents and Settings\QUENTIN\Cookies\quentin@serving-sys[1].txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\components
C:\WINDOWS\system32\i4
C:\WINDOWS\system32\i4\tcX12i49.exe
C:\WINDOWS\system32\lbjlyehn.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nkjvwhdf.ini
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\tuxnmnyi.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.

2008-09-16 08:14 . 2008-09-16 08:14 244 --ah----- C:\sqmnoopt05.sqm
2008-09-16 08:14 . 2008-09-16 08:14 232 --ah----- C:\sqmdata05.sqm
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\Malwarebytes
2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 07:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 07:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 06:05 . 2008-09-16 06:05 244 --ah----- C:\sqmnoopt04.sqm
2008-09-16 06:05 . 2008-09-16 06:05 232 --ah----- C:\sqmdata04.sqm
2008-09-15 19:20 . 2008-09-15 19:20 244 --ah----- C:\sqmnoopt03.sqm
2008-09-15 19:20 . 2008-09-15 19:20 232 --ah----- C:\sqmdata03.sqm
2008-09-15 18:42 . 2008-09-15 18:42 244 --ah----- C:\sqmnoopt02.sqm
2008-09-15 18:42 . 2008-09-15 18:42 232 --ah----- C:\sqmdata02.sqm
2008-09-15 18:37 . 2008-09-16 04:43 <REP> d-------- C:\Program Files\Antipub
2008-09-15 16:43 . 2008-09-15 16:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-15 16:43 . 2008-09-16 08:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 16:29 . 2008-09-15 16:29 244 --ah----- C:\sqmnoopt01.sqm
2008-09-15 16:29 . 2008-09-15 16:29 232 --ah----- C:\sqmdata01.sqm
2008-09-15 08:36 . 2008-09-15 08:36 <REP> d-------- C:\Program Files\Alwil Software
2008-09-14 18:34 . 2008-09-14 18:34 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-09-14 18:33 . 2008-09-14 18:33 <REP> d-------- C:\WINDOWS\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 18:33 . 2008-09-16 06:03 <REP> d-------- C:\Program Files\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 17:48 . 2008-09-14 17:48 <REP> d-------- C:\Westward II Heroes of the Frontier [h33t] [oi812heet]
2008-09-14 17:34 . 2008-09-15 15:29 <REP> d--hs---- C:\WINDOWS\R1VJTExBVU1F
2008-09-14 17:34 . 2008-09-14 17:34 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-09-14 17:32 . 2008-09-14 17:32 <REP> d-------- C:\WINDOWS\system32\esx
2008-09-14 17:32 . 2008-09-15 15:33 <REP> d-------- C:\WINDOWS\system32\101
2008-09-14 17:31 . 2008-09-14 17:31 <REP> d-------- C:\WINDOWS\system32\mC02
2008-09-14 17:31 . 2008-09-14 17:32 <REP> d-------- C:\temp\mtc2
2008-09-14 12:48 . 2008-09-15 08:28 <REP> d-------- C:\Program Files\FrostWire
2008-09-14 12:48 . 2008-09-16 06:07 <REP> d-a------ C:\Program Files\AskSBar
2008-09-14 12:48 . 2008-09-15 08:27 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\FrostWire
2008-09-13 16:47 . 2008-09-13 16:48 <REP> d-------- C:\Documents and Settings\QUENTIN\.gimp-2.2
2008-09-06 10:24 . 2008-09-06 10:24 <REP> d-------- C:\Program Files\Beach Soccer
2008-08-27 17:54 . 2008-08-27 17:54 <REP> d-------- C:\Program Files\ViaMichelin
2008-08-26 10:43 . 2008-08-26 11:37 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-25 12:33 . 2008-08-25 12:33 <REP> d-------- C:\Program Files\scrabbleproB1.0.8
2008-08-25 12:33 . 2004-03-08 23:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-08-22 19:02 . 2008-08-22 19:02 <REP> d-------- C:\Program Files\bfgclient
2008-08-22 19:01 . 2008-08-22 19:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-08-17 10:03 . 2008-08-17 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 06:08 --------- d-----w C:\Program Files\GamesBar
2008-09-16 04:03 --------- d-----w C:\Program Files\Gamenext
2008-09-16 03:59 --------- d-----w C:\Program Files\Azureus
2008-09-15 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-09-15 06:11 --------- d-----w C:\Program Files\LimeWire
2008-09-14 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-14 09:29 --------- d-----w C:\Program Files\Google
2008-09-14 09:16 --------- d-----w C:\Program Files\Java
2008-09-13 15:57 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-09-13 15:57 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-09-13 15:57 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-09-13 13:35 --------- d-----w C:\Documents and Settings\QUENTIN\Application Data\OpenOffice.org2
2008-09-12 18:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 09:02 --------- d-----w C:\Program Files\InstantTouch
2008-09-10 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 06:26 --------- d-----w C:\Program Files\Microsoft Works
2008-09-07 11:03 --------- d-----w C:\Documents and Settings\ELODIE\Application Data\OpenOffice.org2
2008-08-27 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 07:29 --------- d-----w C:\Documents and Settings\GUILLAUME\Application Data\OpenOffice.org2
2008-08-24 11:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-22 17:02 0 ----a-w C:\Program Files\temp01
2008-08-22 15:31 --------- d-----w C:\Program Files\Buka
2008-08-21 07:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-04 10:33 --------- d-----w C:\Program Files\Objectif Tarot
2008-08-04 10:32 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-31 13:39 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-09 20:25 38,416 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\GDIPFONTCACHEV1.DAT
2007-10-17 18:34 146 ----a-w C:\Documents and Settings\QUENTIN\Application Data\wklnhst.dat
2007-09-29 07:18 224 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\wklnhst.dat
2007-02-14 11:09 0 ----a-w C:\Documents and Settings\MAXIME\Application Data\wklnhst.dat
2006-08-12 13:29 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-14 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-13 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

C:\Documents and Settings\QUENTIN\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

C:\Documents and Settings\VALERIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

C:\Documents and Settings\ELODIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

C:\Documents and Settings\GUILLAUME\Menu D‚marrer\Programmes\D‚marrage\
Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe [2003-03-23 674304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nbbzti.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GUILLAUME^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\GUILLAUME\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 15:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reminder.exe]
--------- 2005-01-19 17:10 28672 C:\WINDOWS\reminder\fsc-reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 11:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 11:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-13 19:02 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 19:14 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2004-08-06 16:33 2502656 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 19:06 577536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"NsUpdate"=C:\WINDOWS\NsUpdate.exe UPDATE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\day of defeat\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\condition zero deleted scenes\\hl.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\Mohaa.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\AUTORUN.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{04578D8D-6130-411B-BEE5-DFF22903F732} - (no file)
BHO-{04a12f05-b47b-41cc-a3ac-77043900a361} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{21526C73-065C-4DC1-A409-07C6DD87BC2F} - (no file)
BHO-{45BD6287-51B5-495C-9856-9F2CA3976F6D} - (no file)
BHO-{DF5778B0-4BDD-4922-AB5E-F733267245DD} - (no file)
HKLM-Run-{2edf7f6e-828a-e517-385a-b25ca7d71a25} - C:\WINDOWS\system32\prjvrmtoojhurpsz.dll
Notify-nnnmjigf - (no file)
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-VVSN - C:\Program Files\VVSN\VVSN.exe

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O16 -: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
C:\WINDOWS\Downloaded Program Files\npwwg.inf

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll

O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 09:26:44
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-16 9:53:49
ComboFix-quarantined-files.txt 2008-09-16 07:52:53

Avant-CF: 98,554,834,944 octets libres
AprŠs-CF: 99,202,543,616 octets libres

277 --- E O F --- 2008-09-10 06:29:14
0
Réponse 13 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Télécharge clean.zip de Malekal :
http://www.malekal.com/download/clean.zip

---> Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

---> Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean.cmd

Une fenêtre noire va apparaître pendant un instant, laisse-la ouverte.

---> Choisis l'option 1 puis patiente

---> Poste le rapport obtenu (situé dans C:\rapport_clean.txt)

Ne passe pas à l'option 2 sans notre avis !
0
Réponse 14 / 50
guigui281268
 
ok j'y vais
0
Réponse 15 / 50
guigui281268
 
voici le rapport

16/09/2008 a 10:14:23,35

*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
C:\WINDOWS\SYSTEM\URL.DLL FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GamesBar\" FOUND
0
Réponse 16 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Fais l'option 2 en mode sans échec.
0
Réponse 17 / 50
guigui281268
 
ok j'ai fait l'option 2 en mode sans echec
0
Réponse 18 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Pas de rapport ?
0
Réponse 19 / 50
guigui281268
 
excuse moi je n'avais pas tilter sur le fait qu'il ecrasait l'ancien

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 16/09/2008 a 10:28:50,06

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
tentative de suppression de C:\WINDOWS\SYSTEM\URL.DLL

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\GamesBar\"

*** Suppression des clefs du registre effectuee..
0
Réponse 20 / 50
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
/!\ Seul guigui281268 peut suivre cette procédure /!\

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
C:\WINDOWS\system32\nbbzti.dll
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\NsUpdate.exe

Folder::
C:\Program Files\GamesBar
C:\Documents and Settings\All Users\Application Data\GamesBar
C:\Program Files\VVSN

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
"NsUpdate"=-
"LVCOMSX"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0

Discussions similaires

Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses