Pb de fenetre pub intempestives

guigui281268 -  
 guigui281268 -
Bonjour,

En parcourant le forum à la recherche d'une solution pour arreter d'avoir en permanence des fenetre de pub et de soit disant antivirus qui apparraissent je suis tomber sur un message me donnatn un lien me permettant de creer u rapport qui apparement aide pour solutionner ce pb, est-ce que quelqu'un peut m'aider ??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41:21, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Antipub\antipub.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GUILLAUME\Mes documents\Mes fichiers reçus\marie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {04578D8D-6130-411B-BEE5-DFF22903F732} - C:\WINDOWS\system32\nnnmjigf.dll
O2 - BHO: (no name) - {04a12f05-b47b-41cc-a3ac-77043900a361} - (no file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21526C73-065C-4DC1-A409-07C6DD87BC2F} - (no file)
O2 - BHO: (no name) - {45BD6287-51B5-495C-9856-9F2CA3976F6D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {8201ce80-8bed-fd99-5014-5bc93404a068} - {860a4043-9cb5-4105-99df-deb808ec1028} - C:\WINDOWS\system32\nbbzti.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)
O2 - BHO: (no name) - {DF5778B0-4BDD-4922-AB5E-F733267245DD} - C:\WINDOWS\system32\geBsrSjI.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM8389b7de] Rundll32.exe "C:\WINDOWS\system32\imcwqvfc.dll",s
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [{2edf7f6e-828a-e517-385a-b25ca7d71a25}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\prjvrmtoojhurpsz.dll" DllStub
O4 - HKLM\..\Run: [80ba8442] rundll32.exe "C:\WINDOWS\system32\nheyljbl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: nbbzti.dll
O20 - Winlogon Notify: nnnmjigf - C:\WINDOWS\SYSTEM32\nnnmjigf.dll
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 11935 bytes
Configuration: Windows XP
Internet Explorer 7.0

50 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Problème récurrent d'affichage de fenêtres publicitaires et d'antivirus frauduleux, avec un rapport HijackThis fourni pour diagnostiquer les éléments suspects sur Windows XP SP2 et d'autres artefacts potentiellement liés à l'infection.
Plusieurs éléments du rapport indiquent des barres d'outils et des modules publicitaires, des BHO et des tâches récurrentes dans les clés Run et Winlogon, soulignant une infection multi-composants.
En pratique, la solution suggérée consiste à relancer en mode sans échec des outils de nettoyage et de quarantaine, notamment une seconde analyse MBAM et la suppression des éléments détectés.
D'autres recommandations mentionnent aussi d'examiner les éléments d'auto-démarrage et les services inconnus, puis de désactiver ou supprimer les entrées problématiques tout en restant attentif aux répercussions système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Infection Vundo.

    ---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
    0
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Si Tea Timer te demande quelque chose, accepte.
    0
  3. guigui281268
     
    ok, j'ai effectué malwarebytes et je colle le rapport, spybot m'a demandé sur certain point d'accepter ou non les modifs, j'ai cliqué sur accépté, j'espère que j'ai bien fait !!

    malwarebytes me signale qu'il y a quelques elements qu'il ne peut supprimer et que pour cela il fat redemarer l'ordi? j'attends tes precieux conseils
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. guigui281268
     
    pardon j'ai oublié de coller le rapport

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1159
    Windows 5.1.2600 Service Pack 2

    16/09/2008 08:08:01
    mbam-log-2008-09-16 (08-08-01).txt

    Type de recherche: Examen rapide
    Eléments examinés: 95147
    Temps écoulé: 15 minute(s), 34 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 4
    Clé(s) du Registre infectée(s): 35
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 29

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmjigf (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{860a4043-9cb5-4105-99df-deb808ec1028} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{df5778b0-4bdd-4922-ab5e-f733267245dd} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ec1a2105-5621-440f-987d-27ef428131d9} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0705a77a-c085-4bf2-bab2-a8551324a024} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b523c5e1-7df6-408f-ae8c-e530a6ed92cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwea32 (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8389b7de (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{04578d8d-6130-411b-bee5-dff22903f732} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80ba8442 (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebsrsji -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebsrsji -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\nnnmjigf.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\nbbzti.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\geBsrSjI.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\IjSrsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\IjSrsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\imcwqvfc.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mowiwmyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vlyhgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnmNFwT.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqQhIYo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tlkqfsrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tqbddavc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uqawof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hvbsvjuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geBssQjj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yjveggav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zfujro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winwea32.dll (Dialer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM8389b7de.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM8389b7de.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
    0
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    "spybot m'a demandé sur certain point d'accepter ou non les modifs, j'ai cliqué sur accépté, j'espère que j'ai bien fait !!"
    ---> Je t'avais prévenu dans le message juste au-dessus.

    ---> Redémarre ton PC
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ok.
    0
  8. guigui281268
     
    ok je suis revenu et spybot m'a redemandé et j'ai accepté, par contre j'ai eu deux messages d'erreur windows dll ?
    0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    On va passer à ComboFix.

    Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

    ---> Démarre Spybot, clique sur Mode, coche Mode avancé
    ---> A gauche, clique sur Outils, puis sur Résident
    ---> Décoche la case devant Résident "TeaTimer" :
    http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
    ---> Quitte Spybot

    Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
  10. guigui281268
     
    ok je fais tout ça et je reviens, en tout cas merci pour ta gentillesse
    0
  11. guigui281268
     
    ce fut long mais voila le rapport de combofix

    ComboFix 08-09-15.02 - GUILLAUME 2008-09-16 8:28:49.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.665 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\GUILLAUME\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\ELODIE\Cookies\elodie@bluestreak[2].txt
    C:\Documents and Settings\ELODIE\Cookies\elodie@edt02[2].txt
    C:\Documents and Settings\ELODIE\Cookies\elodie@ehg-citenumerique.hitbox[1].txt
    C:\Documents and Settings\MAXIME\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Documents and Settings\QUENTIN\Cookies\quentin@bluestreak[1].txt
    C:\Documents and Settings\QUENTIN\Cookies\quentin@edt02[1].txt
    C:\Documents and Settings\QUENTIN\Cookies\quentin@serving-sys[1].txt
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\Fonts\a.zip
    C:\WINDOWS\system32\components
    C:\WINDOWS\system32\i4
    C:\WINDOWS\system32\i4\tcX12i49.exe
    C:\WINDOWS\system32\lbjlyehn.ini
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\nkjvwhdf.ini
    C:\WINDOWS\system32\rtl60.bpl
    C:\WINDOWS\system32\tuxnmnyi.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-16 08:14 . 2008-09-16 08:14 244 --ah----- C:\sqmnoopt05.sqm
    2008-09-16 08:14 . 2008-09-16 08:14 232 --ah----- C:\sqmdata05.sqm
    2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\Malwarebytes
    2008-09-16 07:50 . 2008-09-16 07:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-16 07:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-16 07:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-16 06:05 . 2008-09-16 06:05 244 --ah----- C:\sqmnoopt04.sqm
    2008-09-16 06:05 . 2008-09-16 06:05 232 --ah----- C:\sqmdata04.sqm
    2008-09-15 19:20 . 2008-09-15 19:20 244 --ah----- C:\sqmnoopt03.sqm
    2008-09-15 19:20 . 2008-09-15 19:20 232 --ah----- C:\sqmdata03.sqm
    2008-09-15 18:42 . 2008-09-15 18:42 244 --ah----- C:\sqmnoopt02.sqm
    2008-09-15 18:42 . 2008-09-15 18:42 232 --ah----- C:\sqmdata02.sqm
    2008-09-15 18:37 . 2008-09-16 04:43 <REP> d-------- C:\Program Files\Antipub
    2008-09-15 16:43 . 2008-09-15 16:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-09-15 16:43 . 2008-09-16 08:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-15 16:29 . 2008-09-15 16:29 244 --ah----- C:\sqmnoopt01.sqm
    2008-09-15 16:29 . 2008-09-15 16:29 232 --ah----- C:\sqmdata01.sqm
    2008-09-15 08:36 . 2008-09-15 08:36 <REP> d-------- C:\Program Files\Alwil Software
    2008-09-14 18:34 . 2008-09-14 18:34 4,096 --a------ C:\WINDOWS\d3dx.dat
    2008-09-14 18:33 . 2008-09-14 18:33 <REP> d-------- C:\WINDOWS\Westward II Heroes of the Frontier [h33t] [oi812heet]
    2008-09-14 18:33 . 2008-09-16 06:03 <REP> d-------- C:\Program Files\Westward II Heroes of the Frontier [h33t] [oi812heet]
    2008-09-14 17:48 . 2008-09-14 17:48 <REP> d-------- C:\Westward II Heroes of the Frontier [h33t] [oi812heet]
    2008-09-14 17:34 . 2008-09-15 15:29 <REP> d--hs---- C:\WINDOWS\R1VJTExBVU1F
    2008-09-14 17:34 . 2008-09-14 17:34 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2008-09-14 17:32 . 2008-09-14 17:32 <REP> d-------- C:\WINDOWS\system32\esx
    2008-09-14 17:32 . 2008-09-15 15:33 <REP> d-------- C:\WINDOWS\system32\101
    2008-09-14 17:31 . 2008-09-14 17:31 <REP> d-------- C:\WINDOWS\system32\mC02
    2008-09-14 17:31 . 2008-09-14 17:32 <REP> d-------- C:\temp\mtc2
    2008-09-14 12:48 . 2008-09-15 08:28 <REP> d-------- C:\Program Files\FrostWire
    2008-09-14 12:48 . 2008-09-16 06:07 <REP> d-a------ C:\Program Files\AskSBar
    2008-09-14 12:48 . 2008-09-15 08:27 <REP> d-------- C:\Documents and Settings\GUILLAUME\Application Data\FrostWire
    2008-09-13 16:47 . 2008-09-13 16:48 <REP> d-------- C:\Documents and Settings\QUENTIN\.gimp-2.2
    2008-09-06 10:24 . 2008-09-06 10:24 <REP> d-------- C:\Program Files\Beach Soccer
    2008-08-27 17:54 . 2008-08-27 17:54 <REP> d-------- C:\Program Files\ViaMichelin
    2008-08-26 10:43 . 2008-08-26 11:37 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-25 12:33 . 2008-08-25 12:33 <REP> d-------- C:\Program Files\scrabbleproB1.0.8
    2008-08-25 12:33 . 2004-03-08 23:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
    2008-08-22 19:02 . 2008-08-22 19:02 <REP> d-------- C:\Program Files\bfgclient
    2008-08-22 19:01 . 2008-08-22 19:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-08-17 10:03 . 2008-08-17 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-16 06:08 --------- d-----w C:\Program Files\GamesBar
    2008-09-16 04:03 --------- d-----w C:\Program Files\Gamenext
    2008-09-16 03:59 --------- d-----w C:\Program Files\Azureus
    2008-09-15 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
    2008-09-15 06:11 --------- d-----w C:\Program Files\LimeWire
    2008-09-14 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2008-09-14 09:29 --------- d-----w C:\Program Files\Google
    2008-09-14 09:16 --------- d-----w C:\Program Files\Java
    2008-09-13 15:57 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-09-13 15:57 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-09-13 15:57 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-09-13 13:35 --------- d-----w C:\Documents and Settings\QUENTIN\Application Data\OpenOffice.org2
    2008-09-12 18:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-12 09:02 --------- d-----w C:\Program Files\InstantTouch
    2008-09-10 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-10 06:26 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-07 11:03 --------- d-----w C:\Documents and Settings\ELODIE\Application Data\OpenOffice.org2
    2008-08-27 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-26 07:29 --------- d-----w C:\Documents and Settings\GUILLAUME\Application Data\OpenOffice.org2
    2008-08-24 11:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-22 17:02 0 ----a-w C:\Program Files\temp01
    2008-08-22 15:31 --------- d-----w C:\Program Files\Buka
    2008-08-21 07:25 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-04 10:33 --------- d-----w C:\Program Files\Objectif Tarot
    2008-08-04 10:32 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2008-07-31 13:39 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-02-09 20:25 38,416 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-17 18:34 146 ----a-w C:\Documents and Settings\QUENTIN\Application Data\wklnhst.dat
    2007-09-29 07:18 224 ----a-w C:\Documents and Settings\GUILLAUME\Application Data\wklnhst.dat
    2007-02-14 11:09 0 ----a-w C:\Documents and Settings\MAXIME\Application Data\wklnhst.dat
    2006-08-12 13:29 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-14 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-13 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

    C:\Documents and Settings\QUENTIN\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

    C:\Documents and Settings\VALERIE\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

    C:\Documents and Settings\ELODIE\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

    C:\Documents and Settings\GUILLAUME\Menu D‚marrer\Programmes\D‚marrage\
    Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe [2003-03-23 674304]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=nbbzti.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^GUILLAUME^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\GUILLAUME\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2005-08-12 15:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reminder.exe]
    --------- 2005-01-19 17:10 28672 C:\WINDOWS\reminder\fsc-reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    --a------ 2005-12-07 11:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    --a------ 2005-12-07 11:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-13 19:02 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2006-06-21 19:14 35328 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2004-08-06 16:33 2502656 C:\Program Files\Yahoo!\Messenger\YPager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-12-14 19:06 577536 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
    "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
    "NsUpdate"=C:\WINDOWS\NsUpdate.exe UPDATE
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
    "C:\\Program Files\\Messenger\\Msmsgs.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\day of defeat\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\guigui281268\\condition zero deleted scenes\\hl.exe"=
    "C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\EA GAMES\\MOHAA\\Mohaa.exe"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\AUTORUN.EXE

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{04578D8D-6130-411B-BEE5-DFF22903F732} - (no file)
    BHO-{04a12f05-b47b-41cc-a3ac-77043900a361} - (no file)
    BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
    BHO-{21526C73-065C-4DC1-A409-07C6DD87BC2F} - (no file)
    BHO-{45BD6287-51B5-495C-9856-9F2CA3976F6D} - (no file)
    BHO-{DF5778B0-4BDD-4922-AB5E-F733267245DD} - (no file)
    HKLM-Run-{2edf7f6e-828a-e517-385a-b25ca7d71a25} - C:\WINDOWS\system32\prjvrmtoojhurpsz.dll
    Notify-nnnmjigf - (no file)
    MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
    MSConfigStartUp-VVSN - C:\Program Files\VVSN\VVSN.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = about:blank
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O16 -: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - hxxp://data.jeuxclassiques.com/npwwg.cab
    C:\WINDOWS\Downloaded Program Files\npwwg.inf

    O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
    C:\WINDOWS\system32\msvcp60.dll
    C:\WINDOWS\system32\atl.dll
    C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
    C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll

    O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
    C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-16 09:26:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-09-16 9:53:49
    ComboFix-quarantined-files.txt 2008-09-16 07:52:53

    Avant-CF: 98,554,834,944 octets libres
    AprŠs-CF: 99,202,543,616 octets libres

    277 --- E O F --- 2008-09-10 06:29:14
    0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge clean.zip de Malekal :
    http://www.malekal.com/download/clean.zip

    ---> Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

    ---> Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean.cmd

    Une fenêtre noire va apparaître pendant un instant, laisse-la ouverte.

    ---> Choisis l'option 1 puis patiente

    ---> Poste le rapport obtenu (situé dans C:\rapport_clean.txt)

    Ne passe pas à l'option 2 sans notre avis !
    0
  13. guigui281268
     
    voici le rapport

    16/09/2008 a 10:14:23,35

    *** Recherche des fichiers dans C:
    C:\StubInstaller.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\SpoonUninstall.exe FOUND
    C:\WINDOWS\SYSTEM\URL.DLL FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\GamesBar\" FOUND
    0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Fais l'option 2 en mode sans échec.
    0
  15. guigui281268
     
    ok j'ai fait l'option 2 en mode sans echec
    0
  16. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Pas de rapport ?
    0
  17. guigui281268
     
    excuse moi je n'avais pas tilter sur le fait qu'il ecrasait l'ancien

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 16/09/2008 a 10:28:50,06

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:
    tentative de suppression de C:\StubInstaller.exe

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
    tentative de suppression de C:\WINDOWS\SYSTEM\URL.DLL

    *** Suppression des fichiers dans C:\Program Files
    tentative de suppression de "C:\Program Files\GamesBar\"

    *** Suppression des clefs du registre effectuee..
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    /!\ Seul guigui281268 peut suivre cette procédure /!\

    1/

    ---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

    ---> Copie le texte ci-dessous par sélection puis Ctrl+C :

    KillAll::

    File::
    C:\WINDOWS\system32\nbbzti.dll
    C:\sqmnoopt07.sqm
    C:\sqmdata07.sqm
    C:\sqmnoopt06.sqm
    C:\sqmdata06.sqm
    C:\sqmnoopt05.sqm
    C:\sqmdata05.sqm
    C:\sqmdata04.sqm
    C:\sqmdata03.sqm
    C:\sqmdata02.sqm
    C:\sqmdata01.sqm
    C:\sqmdata00.sqm
    C:\sqmnoopt04.sqm
    C:\sqmnoopt03.sqm
    C:\sqmnoopt02.sqm
    C:\sqmnoopt01.sqm
    C:\sqmnoopt00.sqm
    C:\WINDOWS\NsUpdate.exe

    Folder::
    C:\Program Files\GamesBar
    C:\Documents and Settings\All Users\Application Data\GamesBar
    C:\Program Files\VVSN

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    "SunJavaUpdateSched"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"=-
    "NsUpdate"=-
    "LVCOMSX"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

    ---> Colle la sélection dans le bloc-notes

    ---> Enregistre ce fichier sur le bureau (Impératif)

    ---> Nom du fichier : CFScript
    ---> Type du fichier : tous les fichiers
    ---> Clique sur Enregistrer
    ---> Quitte le bloc-notes

    2/

    ---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
    http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

    [*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

    [*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    [*] Une fois le scan achevé, un rapport va s'afficher : poste-le

    [*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
    0
  • 1
  • 2
  • 3