Sujet Précédent Sujet Suivant

Attaque de trojan! Mon ordi va exploser??

Catherine -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour tout le monde,

Voici mon problème: mardi soir, grosse attaque de trojan. Je jouais tranquillement a un jeu quand soudain Avira mon anti-virus ce mets a lancer des *bip* à répétition. J'ai eu beau faire 'Access Deny' 'Delete' 'Move to quarantine' 'Ignore'... ca revenais tout le temps.
Je me suis informer sur les pages de commentcamarche pour les logiciels anti-virus, firewall, antispyware etc.
J'ai downloader Spybot. J'ai réussit de peine et de misère a l'installer, mais pour le scan, on oublie ca!
J'ai du désinstaller Avira, parce qu'Avec les alertes a répétitions, Spybot arrêtais le scan a chaque fois...
Ensuite, Spybot m'a sortir un paquet de spyware et de virus dans mon ordi que j'ai ''fait réparé''.
Après ca, tout allais bien.
J'ai décider de m'équiper avec d'autre programme pour ne pas a subir encore la meme expérience!
J'ai donc downloader Zonealarm...et c'est la que tout a foiré.
Je suis incapable d'aller sur une page de recherche avec (Google, Yahoo.. etc...)
Je me suis dit que j'ai fait une erreur de configuration avec zonealarm pour que mon internet flanche...
Apres plusieurs recherche de moi meme (e ne pouvais pas comparer mon probleme sur le net malheureusement!) j'ai rien trouver, j'ai donc refait une restauration de système, lundi, date d'avant guerre.
Mais le meme probleme persiste!
Incapable d'aller chercher mes mails ou quoi que ce soit!!!
Je peux simplement taper une adresse et m'y rendre (j'ai toujours eu des réponses a mes probleme ici, je m'en rappelle tres bien du nom! :) )
Ah et en plus, mozilla firefox s'ouvre souvent pour rien avec un ''scan microwindows'' ou un ''scan quelquonque'' (aucun programme installé de ces noms sur mon ordi apres recherche) et des popups s'ouvre toute les deux minutes.
Qui controle mon ordi et comment je fais pour m'en débarasser!!!!????

La dernière solution est de le lancer par la fenetre.... du moins, je n'espère pas!!!!

Merci de me répondre !! :)
A voir également:

43 réponses

Précédent
Réponse 21 / 43
amd64 Messages postés 5459 Statut Membre 550
 
oui c'est vrai mais comment l'aider si elle fait sa en mode sans echecs et sans connection sur ce site ?
0
Réponse 22 / 43
totobetourne Messages postés 5677 Statut Membre 65
 
elle scan en mode sans echec et apres elle repasse en mode normal et la elle revient sur le site, c est pas complique a comprendre.

cela ne dure que le temps du scan.elle ne va pas rester tout le temps en mode sans echec.

mon gars faut se reveiller malgre l heure tardive
0
Réponse 23 / 43
Catherine
 
hihihi
Vous batttez pas pour moi tout de meme!!

Si ca peux aller plus vite, je peux me mettre en mode sans échec et revenir apres
Suffit de me dire comment faire!
0
Réponse 24 / 43
Catherine
 
et si je ferme mon modem??
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
amd64 Messages postés 5459 Statut Membre 550
 
non te met pas maintenent en mode sans echecs.laisse le scan finir et colle le raport.

au fait ? IL EN AI OU LE SCAN ?
0
Catherine
 
38964 éléments examinées
34 éléments infectés
48min 1sec


si je me fit au scan de spybot, je dois avoir environ 296000 éléments a vérifié... a ce rythme, ca va prendre la semaine!
0
Réponse 26 / 43
Catherine
 
qu'est-ce que ca a dit pour le scan d'avant?
Je suis dans le trouble pas vrai?
0
Réponse 27 / 43
totobetourne Messages postés 5677 Statut Membre 65
 
continue le mode normal vu que ton pc doit etre un peu ancien le scan va durer, une fois le scan a dure je crois 9 h mais le pc devait dater de l age de pierre.c etait juste pour que tu saches que malwarebyte peut aussi etre utiliser de cette manniere.
0
Catherine
 
et si je ferme mon modem?
Ca pourrait aller plus vite?

Pourtant mon ordi a 3 ans....
C'est pas un 486 quand meme!!! :)
0
Réponse 28 / 43
Catherine
 
FINALEMENT
le scan est fini
Qu'est-ce que je vous copie ici?
0
Réponse 29 / 43
Catherine
 
voici le rapport malwarebytes :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1178
Windows 5.1.2600 Service Pack 2

2008-09-19 18:17:39
mbam-log-2008-09-19 (18-17-39).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 103305
Temps écoulé: 1 hour(s), 21 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 34

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pouepecx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqPhhGa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qmkrvgyc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qoMgfGwX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gubbgkrj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xdjjyk.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{309311f1-8f50-452e-a98d-69afd7a34aa8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomgfgwx (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{309311f1-8f50-452e-a98d-69afd7a34aa8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a57cb7c-9776-4fb4-9a01-3626e6806bc9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5a57cb7c-9776-4fb4-9a01-3626e6806bc9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{740ad8f9-b270-4c9b-be1e-a5bcbfc7b2c0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{740ad8f9-b270-4c9b-be1e-a5bcbfc7b2c0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c086b752 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc3b584ce (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{309311f1-8f50-452e-a98d-69afd7a34aa8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqphhga -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqphhga -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\qoMgfGwX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqPhhGa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aGhhPqru.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aGhhPqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdjjyk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pouepecx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xcepeuop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmkrvgyc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gubbgkrj.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usager\Local Settings\Temporary Internet Files\Content.IE5\K1ARS9YV\kb678031[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usager\Local Settings\Temporary Internet Files\Content.IE5\Y5KT0F0D\nd82m0[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Usager\Local Settings\Temporary Internet Files\Content.IE5\Y5KT0F0D\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP308\A0031322.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP308\A0031328.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP308\A0031331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP309\A0031654.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP320\A0033252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033448.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033499.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033500.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033501.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033515.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sndsoa.VIR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxaumsbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJbayX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnizoa(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc3b584ce.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc3b584ce.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 30 / 43
Catherine
 
up
0
Réponse 31 / 43
totobetourne Messages postés 5677 Statut Membre 65
 
un vrai nid a vermine ton ordi, c est surtout vundo.

refais un rapport hijack et colle le merci.
0
Réponse 32 / 43
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

_______________________

recolle ensuite un rapport hijakchtis

et mets nous un rapport d'un scan avec antivir que tu as
0
Réponse 33 / 43
Catherine
 
voici le deuxieme rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:04, on 2008-09-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A57CB7C-9776-4FB4-9A01-3626E6806BC9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O2 - BHO: (no name) - {f34b5eab-0fc1-4ef0-b565-f57f6cf208b2} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BMc3b584ce] Rundll32.exe "C:\WINDOWS\system32\msiqpcnu.dll",s
O4 - HKLM\..\Run: [c086b752] rundll32.exe "C:\WINDOWS\system32\pnfcmowh.dll",b
O4 - HKLM\..\Run: [msoffice] C:\DOCUME~1\Usager\LOCALS~1\Temp\scvhost.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [msoffice] C:\DOCUME~1\Usager\LOCALS~1\Temp\scvhost.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Burger Shop\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Poker Superstars 3\Images\armhelper.ocx
O20 - AppInit_DLLs: xdjjyk.dll
O20 - Winlogon Notify: qoMgfGwX - C:\WINDOWS\
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
0
Réponse 34 / 43
Catherine
 
ya stopzilla qui me colle aux fesses depuis belle lurette; un virus quelconque, mais je incapable de m'en débarasser!
0
Réponse 35 / 43
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt fais le message 41 svp
0
Catherine
 
je le fais a l'instant, ca risque de prendre un bout de temps
0
Catherine
 
voilà:
ComboFix 08-09-20.05 - Usager 2008-09-21 22:19:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.701 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Usager\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Usager\Bureau\WinXP_FR_PRO_BF.EXE
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\actskn43.ocx

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
.

2008-09-19 16:47 . 2008-09-19 16:47 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 16:47 . 2008-09-19 16:47 <REP> d-------- C:\Documents and Settings\Usager\Application Data\Malwarebytes
2008-09-19 16:47 . 2008-09-19 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 16:47 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-19 16:47 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 16:39 . 2008-09-19 16:39 <REP> d-------- C:\Program Files\Trend Micro
2008-09-19 00:35 . 2008-09-19 00:36 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-19 00:35 . 2008-09-19 00:35 <REP> d-------- C:\Documents and Settings\Usager\Application Data\PC Tools
2008-09-16 14:30 . 2008-09-16 14:33 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-09-16 14:26 . 2008-09-19 00:35 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-15 20:20 . 2008-09-15 20:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-15 20:20 . 2008-09-19 00:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 20:15 . 2008-09-15 20:15 <REP> d-------- C:\Program Files\CCleaner
2008-09-15 19:47 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-15 19:47 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-15 19:47 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-15 19:47 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-15 19:25 . 2008-09-15 19:25 1,086,764 ---hs---- C:\WINDOWS\system32\hwomcfnp.ini
2008-09-15 13:22 . 2008-09-15 13:22 1,086,692 ---hs---- C:\WINDOWS\system32\kunrtrgh.ini
2008-09-15 00:00 . 2008-09-15 00:00 <REP> d-------- C:\Program Files\MSXML 6.0
2008-09-13 16:27 . 2008-09-21 14:51 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-09-13 16:27 . 2008-09-21 14:51 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\E7A588EEE1.sys
2008-09-13 11:42 . 2008-09-13 12:22 <REP> d-------- C:\Documents and Settings\Usager\Application Data\Righteous Kill
2008-09-13 11:40 . 2008-09-13 11:40 <REP> d-------- C:\Program Files\Righteous Kill
2008-09-08 20:11 . 2008-09-08 20:14 <REP> d-------- C:\charlie
2008-09-01 10:42 . 2008-09-01 10:42 <REP> d--h----- C:\WINDOWS\PIF
2008-08-28 20:01 . 2005-04-30 17:02 86,016 --------- C:\WINDOWS\system32\bgsvcgen.exe
2008-08-28 20:01 . 2005-04-30 17:09 57,344 --------- C:\WINDOWS\system32\GenSvcInst.exe
2008-08-28 20:01 . 2005-05-01 14:41 49,152 --------- C:\WINDOWS\system32\setupsvc.dll
2008-08-28 20:01 . 2005-05-11 00:33 32,256 --------- C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2008-08-28 19:59 . 2008-09-15 21:59 <REP> d-------- C:\Documents and Settings\Usager\Application Data\FUJIFILM
2008-08-28 19:58 . 2003-09-03 16:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-08-28 19:58 . 2006-07-12 14:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-08-28 19:58 . 2004-07-24 21:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-08-28 19:57 . 2008-08-28 19:57 <REP> d-------- C:\Program Files\REGSHAVE
2008-08-28 19:57 . 2001-11-25 07:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-08-28 19:57 . 2002-02-05 12:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-08-28 19:57 . 2002-02-27 07:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-08-28 19:57 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-08-28 19:57 . 2002-02-13 06:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-16 02:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 02:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 02:08 --------- d-----w C:\Program Files\CyberLink
2008-09-13 20:27 --------- d-----w C:\Documents and Settings\Usager\Application Data\Corel
2008-09-13 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-09-13 19:12 --------- d-----w C:\Program Files\Corel
2008-09-13 16:35 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-13 15:28 --------- d-----w C:\Documents and Settings\Usager\Application Data\Azureus
2008-08-28 22:32 20,280 -c--a-w C:\Documents and Settings\Usager\Application Data\GDIPFONTCACHEV1.DAT
2008-08-20 22:13 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-20 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-20 22:11 --------- d-----w C:\Program Files\Fichiers communs\Protexis
2008-08-20 22:10 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-08-18 23:07 --------- d-----w C:\Program Files\Youdagames
2008-08-18 23:06 --------- d-----w C:\Documents and Settings\Usager\Application Data\Youdagames
2008-08-17 00:24 --------- d-----w C:\Documents and Settings\Usager\Application Data\CyberLink
2008-08-16 03:06 --------- d-----w C:\Program Files\Windows Live
2008-08-16 03:04 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-16 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-13 23:26 --------- d-----w C:\Program Files\Cooking Dash
2008-08-13 23:25 --------- d-----w C:\Program Files\Azureus
2008-08-11 01:44 --------- d-----w C:\Documents and Settings\Usager\Application Data\PlayFirst
2008-08-11 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-06 00:49 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-02 22:07 --------- d-----w C:\Documents and Settings\Usager\Application Data\Gaijin Ent
2008-08-02 22:06 --------- d-----w C:\Program Files\PlayFirst
2008-07-21 16:02 0 ----a-w C:\Program Files\temp01
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-24 02:45 5,837,392 ----a-w C:\Program Files\Firefox Setup 2.0.0.9.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 286720]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Usager\Menu D‚marrer\Programmes\D‚marrage\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-30 101888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xdjjyk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Usager^Menu Démarrer^Programmes^Démarrage^BoontyBox Maximiles Jeux.lnk]
path=C:\Documents and Settings\Usager\Menu Démarrer\Programmes\Démarrage\BoontyBox Maximiles Jeux.lnk
backup=C:\WINDOWS\pss\BoontyBox Maximiles Jeux.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Usager^Menu Démarrer^Programmes^Démarrage^iWin Desktop Alerts.lnk]
path=C:\Documents and Settings\Usager\Menu Démarrer\Programmes\Démarrage\iWin Desktop Alerts.lnk
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-12-23 19:05 143360 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 06:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 23:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--------- 2006-07-13 14:25 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
--a--c--- 2007-12-17 16:47 62176 C:\Program Files\MarkAny\ContentSafer\MaAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 16:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 16:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a--c--- 2007-09-20 08:23 132624 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"Boonty Games"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-03-03 33920]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-19 576680]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 820133]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [ ]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
BHO-{5A57CB7C-9776-4FB4-9A01-3626E6806BC9} - (no file)
BHO-{f34b5eab-0fc1-4ef0-b565-f57f6cf208b2} - (no file)
HKLM-Run-SpyHunter Security Suite - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
HKLM-Run-avgnt - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
HKLM-Run-BMc3b584ce - C:\WINDOWS\system32\msiqpcnu.dll
HKLM-Run-c086b752 - C:\WINDOWS\system32\pnfcmowh.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Explorer_Run-msoffice - C:\DOCUME~1\Usager\LOCALS~1\Temp\scvhost.exe
Notify-qoMgfGwX - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://qc.yahoo.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 22:22:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-21 22:26:08
ComboFix-quarantined-files.txt 2008-09-22 02:26:05

Avant-CF: 8ÿ465ÿ141ÿ760 octets libres
Après-CF: 8,412,418,048 octets libres

WinXP_FR_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

226 --- E O F --- 2008-09-15 04:00:48
0
Réponse 36 / 43
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
recolle ensuite un rapport hijakchtis

et mets nous un rapport d'un scan avec antivir que tu as
0
Catherine
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:30, on 2008-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A57CB7C-9776-4FB4-9A01-3626E6806BC9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O2 - BHO: (no name) - {f34b5eab-0fc1-4ef0-b565-f57f6cf208b2} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BMc3b584ce] Rundll32.exe "C:\WINDOWS\system32\msiqpcnu.dll",s
O4 - HKLM\..\Run: [c086b752] rundll32.exe "C:\WINDOWS\system32\pnfcmowh.dll",b
O4 - HKLM\..\Run: [msoffice] C:\DOCUME~1\Usager\LOCALS~1\Temp\scvhost.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Burger Shop\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Poker Superstars 3\Images\armhelper.ocx
O20 - AppInit_DLLs: xdjjyk.dll
O20 - Winlogon Notify: qoMgfGwX - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
0
Catherine
 
Voila le scan antivir::



AntiVir PersonalEdition Classic
Report file date: 22 septembre 2008 11:31

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: USAGER-4FE47D18

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 18:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 17:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 20:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 17:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 19:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 2007-09-13 19:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 2007-09-13 19:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 2007-09-17 22:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 15:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 12:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 18:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 13:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 12:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 17:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 12:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 16:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 17:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 17:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 14:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 22 septembre 2008 11:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'lxczbmon.exe' - '1' Module(s) have been scanned
Scan process 'lxczbmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned
Scan process 'PSIService.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033497.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '4907c56f.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033547.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c577.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033548.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c57e.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033549.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c580.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033550.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c583.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033559.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c588.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033560.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c58a.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033561.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c58c.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033563.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c58e.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033564.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c590.qua'!
C:\System Volume Information\_restore{46A634C1-A7A2-4D7E-9F18-8FAF9AC58293}\RP321\A0033565.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4907c592.qua'!


End of the scan: 22 septembre 2008 12:30
Used time: 58:53 min

The scan has been done completely.

8650 Scanning directories
244550 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
244539 Files not concerned
2008 Archives were scanned
2 Warnings
1 Notes
0
Réponse 37 / 43
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
O2 - BHO: (no name) - {5A57CB7C-9776-4FB4-9A01-3626E6806BC9} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O2 - BHO: (no name) - {f34b5eab-0fc1-4ef0-b565-f57f6cf208b2} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BMc3b584ce] Rundll32.exe "C:\WINDOWS\system32\msiqpcnu.dll",s
O4 - HKLM\..\Run: [c086b752] rundll32.exe "C:\WINDOWS\system32\pnfcmowh.dll",b
O4 - HKLM\..\Run: [msoffice] C:\DOCUME~1\Usager\LOCALS~1\Temp\scvhost.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Burger Shop\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Poker Superstars 3\Images\armhelper.ocx
O20 - AppInit_DLLs: xdjjyk.dll
O20 - Winlogon Notify: qoMgfGwX - C:\WINDOWS\

______________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\WINDOWS\system32\msiqpcnu.dll
C:\WINDOWS\system32\pnfcmowh.dll
C:\DOCUME~1\Usager\LOCALS~1\Temp\scvhost.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options désactive la case: effacer les fichiers de plus de 48 heures)
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_____________________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Catherine
 
voice le résultat selon panda (analyse rapide)
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-22 14:59:44
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 7.0.0.2
Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.247realmedia.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.xiti.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Usager\Application Data\Mozilla\Firefox\Profiles\ki6nl600.default\cookies.txt[.smartadserver.com/]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 38 / 43
Catherine
 
Voici le rapport otmoveit, j'espere que c'est le bon:
File/Folder C:\WINDOWS\system32\msiqpcnu.dll not found.
File/Folder C:\WINDOWS\system32\pnfcmowh.dll not found.
File/Folder C:\DOCUME~1\Usager\LOCALS~1\Temp\scvhost.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09222008_124503

Je fais un nettoyage ccleaner et ensuite un scan, je reviens
0
Réponse 39 / 43
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok rien

encore des soucis???
0
Catherine
 
Non, plus pour l'instant!!!!

Dois-je garder les logiciels malwarebytes, combixfix hijackthis et otmove it??
Ou c'est mieux pour moi de les garder en mémoire??

Mis a part ces question, tout beigne!!
Franchement, merci beaucoup! Je sais pas ce que vous avez fais (ben oui, on est blonde ou pas han!) mais j'ai plus d'alertes!
Merci encore, vous êtes des pros!!
0
Réponse 40 / 43
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
fais le message 55 puis

si tout c'est bien passé désactive la restauration système pour purger les virus qui sont dedans puis redemarre ton ordi
réactive là : https://www.informatruc.com

____________________

voilà c'est finit!

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Catherine
 
Au secours!!!!

J'ai annuler la restauration système et j'ai redémarrer mon ordi.
Voici ce que ca me dit :

C:/Windows /system32/msiqpnu.dll
Le module spécifié est introuvable

C:/Windows/system32/pnfcmowth.dll
Le module spécifié est introuvable.

Et j'ai spybot qui panique:
Modification du registre refusée:
Résident a refusé la odification de Transaction Task (catégorie System Startup global entry) selon votre liste noire.

Ca prends la moitié de mon écran et les 'alerte' sont en continue!!

Qu'est-ce que j'ai fait????
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses